DATABASE RESOURCES PRICING ABOUT US

{"id": "CVE-2021-28971", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-28971", "description": "In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6.", "published": "2021-03-22T17:15:00", "modified": "2023-11-07T03:32:00", "epss": [{"cve": "CVE-2021-28971", "epss": 0.00045, "percentile": 0.12178, "modified": "2023-12-03"}], "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9}, "severity": "MEDIUM", "exploitabilityScore": 3.9, "impactScore": 6.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28971", "reporter": "cve@mitre.org", "references": ["https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d88d05a9e0b6d9356e97129d4ff9942d765f46ea", "https://security.netapp.com/advisory/ntap-20210430-0003/", "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html", "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTRNPQTZ4GVS46SZ4OBXY5YDOGVPSTGQ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VCKIOXCOZGXBEZMO5LGGV5MWCHO6FT3/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T2S3I4SLRNRUQDOFYUS6IUAZMQNMPNLG/"], "cvelist": ["CVE-2021-28971"], "immutableFields": [], "lastseen": "2023-12-03T15:05:43", "viewCount": 201, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:4356"]}, {"type": "amazon", "idList": ["ALAS-2021-1503"]}, {"type": "cbl_mariner", "idList": ["CBLMARINER:4010", "CBLMARINER:6542"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:226DA7BC3BC1C7C67D533B698A4FBB23"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2689-1:31A23", "DEBIAN:DLA-2690-1:EA198"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-28971"]}, {"type": "fedora", "idList": ["FEDORA:C1626307261A", "FEDORA:C50DA304C5D2", "FEDORA:E6C7530A2BFD"]}, {"type": "ibm", "idList": ["B315A585CDBD4D516E60AAEBBA49CDD9274D016108F5F855F13CF2FE3AA0F562"]}, {"type": "mageia", "idList": ["MGASA-2021-0174", "MGASA-2021-0175"]}, {"type": "nessus", "idList": ["AL2_ALASKERNEL-5_4-2022-002.NASL", "ALA_ALAS-2021-1503.NASL", "ALMA_LINUX_ALSA-2021-4356.NASL", "CENTOS8_RHSA-2021-4140.NASL", "CENTOS8_RHSA-2021-4356.NASL", "DEBIAN_DLA-2689.NASL", "DEBIAN_DLA-2690.NASL", "EULEROS_SA-2021-1971.NASL", "EULEROS_SA-2021-2051.NASL", "FEDORA_2021-68B0DD2373.NASL", "FEDORA_2021-9503FFFAD9.NASL", "OPENSUSE-2021-1975.NASL", "OPENSUSE-2021-1977.NASL", "OPENSUSE-2021-532.NASL", "OPENSUSE-2021-758.NASL", "ORACLELINUX_ELSA-2021-4356.NASL", "ORACLELINUX_ELSA-2021-9220.NASL", "ORACLELINUX_ELSA-2021-9221.NASL", "ORACLELINUX_ELSA-2021-9222.NASL", "ORACLELINUX_ELSA-2021-9223.NASL", "REDHAT-RHSA-2021-4140.NASL", "REDHAT-RHSA-2021-4356.NASL", "SUSE_SU-2021-1175-1.NASL", "SUSE_SU-2021-1210-1.NASL", "SUSE_SU-2021-1211-1.NASL", "SUSE_SU-2021-1238-1.NASL", "SUSE_SU-2021-1573-1.NASL", "SUSE_SU-2021-1596-1.NASL", "SUSE_SU-2021-1624-1.NASL", "SUSE_SU-2021-1975-1.NASL", "SUSE_SU-2021-1977-1.NASL", "UBUNTU_USN-4948-1.NASL", "UBUNTU_USN-4979-1.NASL", "UBUNTU_USN-4982-1.NASL", "UBUNTU_USN-4984-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-4356", "ELSA-2021-9220", "ELSA-2021-9221", "ELSA-2021-9222", "ELSA-2021-9223"]}, {"type": "osv", "idList": ["OSV:DLA-2689-1", "OSV:DLA-2690-1"]}, {"type": "photon", "idList": ["PHSA-2021-0031", "PHSA-2021-0221", "PHSA-2021-0332", "PHSA-2021-3.0-0221", "PHSA-2021-4.0-0031"]}, {"type": "prion", "idList": ["PRION:CVE-2021-28971"]}, {"type": "redhat", "idList": ["RHSA-2021:4140", "RHSA-2021:4356", "RHSA-2021:4627", "RHSA-2021:5137"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-28971"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0532-1", "OPENSUSE-SU-2021:0758-1", "OPENSUSE-SU-2021:1975-1", "OPENSUSE-SU-2021:1977-1"]}, {"type": "ubuntu", "idList": ["USN-4948-1", "USN-4979-1", "USN-4982-1", "USN-4984-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-28971"]}, {"type": "veracode", "idList": ["VERACODE:30844"]}]}, "score": {"value": 5.8, "uncertanity": 0.4, "vector": "NONE"}, "twitter": {"counter": 6, "tweets": [{"link": "https://twitter.com/threatintelctr/status/1407526510131662853", "text": " NEW: CVE-2021-28971 In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash becau... (click for more) Severity: MEDIUM https://t.co/e6TktykaZ8?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1388048117531033601", "text": " NEW: CVE-2021-28971 In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash becau... (click for more) Severity: MEDIUM https://t.co/e6TktykaZ8?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1376376164936212487", "text": " NEW: CVE-2021-28971 In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash becau... (click for more) Severity: MEDIUM https://t.co/e6TktykaZ8?amp=1"}, {"link": "https://twitter.com/threatintelctr/status/1532938519248875523", "text": " NEW: CVE-2021-28971 In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash becau... (click for more) Severity: MEDIUM https://t.co/e6TktykaZ8", "author": "threatintelctr", "author_photo": "https://pbs.twimg.com/profile_images/904224973987840000/dMy1x9Ho_400x400.jpg"}, {"link": "https://twitter.com/RemotelyAlerts/status/1532957409643155456", "text": "Severity: | In intel_pmu_drain_pebs_nhm in arch/x86/... | CVE-2021-28971 | Link for more: https://t.co/cilQi9BVJf", "author": "RemotelyAlerts", "author_photo": "https://pbs.twimg.com/profile_images/1504104638949306370/YyoQGBiq_400x400.png"}]}, "backreferences": {"references": [{"type": "almalinux", "idList": ["ALSA-2021:4356"]}, {"type": "amazon", "idList": ["ALAS-2021-1503"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:226DA7BC3BC1C7C67D533B698A4FBB23"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2689-1:31A23", "DEBIAN:DLA-2690-1:EA198"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-28971"]}, {"type": "fedora", "idList": ["FEDORA:C1626307261A", "FEDORA:C50DA304C5D2", "FEDORA:E6C7530A2BFD"]}, {"type": "nessus", "idList": ["ALA_ALAS-2021-1503.NASL", "DEBIAN_DLA-2689.NASL", "DEBIAN_DLA-2690.NASL", "FEDORA_2021-68B0DD2373.NASL", "FEDORA_2021-9503FFFAD9.NASL", "OPENSUSE-2021-1977.NASL", "OPENSUSE-2021-532.NASL", "OPENSUSE-2021-758.NASL", "ORACLELINUX_ELSA-2021-9220.NASL", "ORACLELINUX_ELSA-2021-9221.NASL", "ORACLELINUX_ELSA-2021-9222.NASL", "ORACLELINUX_ELSA-2021-9223.NASL", "SUSE_SU-2021-1175-1.NASL", "SUSE_SU-2021-1210-1.NASL", "SUSE_SU-2021-1211-1.NASL", "SUSE_SU-2021-1238-1.NASL", "SUSE_SU-2021-1573-1.NASL", "SUSE_SU-2021-1596-1.NASL", "SUSE_SU-2021-1624-1.NASL", "SUSE_SU-2021-1975-1.NASL", "SUSE_SU-2021-1977-1.NASL", "UBUNTU_USN-4948-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-9220", "ELSA-2021-9221", "ELSA-2021-9222", "ELSA-2021-9223"]}, {"type": "photon", "idList": ["PHSA-2021-3.0-0221"]}, {"type": "redhat", "idList": ["RHSA-2021:4140"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-28971"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0532-1", "OPENSUSE-SU-2021:0758-1", "OPENSUSE-SU-2021:1975-1", "OPENSUSE-SU-2021:1977-1"]}, {"type": "ubuntu", "idList": ["USN-4948-1", "USN-4979-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-28971"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2021-28971", "epss": 0.00045, "percentile": 0.121, "modified": "2023-05-07"}], "short_description": "{Intel PMU PEBS mishandling in Linux kernel, CVE-2021-28971", "tags": ["intel pmu", "pebs", "linux kernel", "cve-2021-28971", "nvd", "haswell cpus", "system crash", "security advisory"], "vulnersScore": 5.8}, "_state": {"dependencies": 1701618697, "score": 1701616085, "twitter": 0, "affected_software_major_version": 0, "epss": 0, "chatgpt": 0}, "_internal": {"score_hash": "c6387fc8106d3db63cc4c442f7d538d1", "chatgpt": "bcd8b0c2eb1fce714eab6cef0d771acc"}, "cna_cvss": {"cna": "mitre", "cvss": {}}, "cpe": ["cpe:/o:fedoraproject:fedora:34", "cpe:/a:netapp:cloud_backup:-", "cpe:/o:linux:linux_kernel:5.11.8", "cpe:/o:debian:debian_linux:9.0", "cpe:/o:netapp:aff_500f_firmware:-", "cpe:/o:netapp:aff_a250_firmware:-", "cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:32", "cpe:/o:netapp:solidfire_baseboard_management_controller_firmware:-"], "cpe23": ["cpe:2.3:o:linux:linux_kernel:5.11.8:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:aff_500f_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:netapp:aff_a250_firmware:-:*:*:*:*:*:*:*"], "cwe": ["CWE-755"], "affectedSoftware": [{"cpeName": "linux:linux_kernel", "version": "5.11.8", "operator": "le", "name": "linux linux kernel"}, {"cpeName": "fedoraproject:fedora", "version": "32", "operator": "eq", "name": "fedoraproject fedora"}, {"cpeName": "fedoraproject:fedora", "version": "33", "operator": "eq", "name": "fedoraproject fedora"}, {"cpeName": "fedoraproject:fedora", "version": "34", "operator": "eq", "name": "fedoraproject fedora"}, {"cpeName": "debian:debian_linux", "version": "9.0", "operator": "eq", "name": "debian debian linux"}, {"cpeName": "netapp:cloud_backup", "version": "-", "operator": "eq", "name": "netapp cloud backup"}, {"cpeName": "netapp:solidfire_baseboard_management_controller_firmware", "version": "-", "operator": "eq", "name": "netapp solidfire baseboard management controller firmware"}, {"cpeName": "netapp:aff_a250_firmware", "version": "-", "operator": "eq", "name": "netapp aff a250 firmware"}, {"cpeName": "netapp:aff_500f_firmware", "version": "-", "operator": "eq", "name": "netapp aff 500f firmware"}], "affectedConfiguration": [{"name": "netapp aff a250", "cpeName": "netapp:aff_a250", "version": "-", "operator": "eq"}, {"name": "netapp aff 500f", "cpeName": "netapp:aff_500f", "version": "-", "operator": "eq"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.11.8:*:*:*:*:*:*:*", "versionEndIncluding": "5.11.8", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:netapp:aff_a250_firmware:-:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:netapp:aff_a250:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}, {"operator": "AND", "children": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:netapp:aff_500f_firmware:-:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": false, "cpe23Uri": "cpe:2.3:h:netapp:aff_500f:-:*:*:*:*:*:*:*", "cpe_name": []}]}], "cpe_match": []}]}, "extraReferences": [{"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d88d05a9e0b6d9356e97129d4ff9942d765f46ea", "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d88d05a9e0b6d9356e97129d4ff9942d765f46ea", "refsource": "MISC", "tags": ["Mailing List", "Patch", "Vendor Advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20210430-0003/", "name": "https://security.netapp.com/advisory/ntap-20210430-0003/", "refsource": "CONFIRM", "tags": ["Third Party Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html", "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update", "refsource": "MLIST", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html", "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update", "refsource": "MLIST", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTRNPQTZ4GVS46SZ4OBXY5YDOGVPSTGQ/", "name": "FEDORA-2021-e636ce53df", "refsource": "", "tags": []}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4VCKIOXCOZGXBEZMO5LGGV5MWCHO6FT3/", "name": "FEDORA-2021-68b0dd2373", "refsource": "", "tags": []}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T2S3I4SLRNRUQDOFYUS6IUAZMQNMPNLG/", "name": "FEDORA-2021-9503fffad9", "refsource": "", "tags": []}], "product_info": [{"vendor": "Debian", "product": "Debian_linux"}, {"vendor": "Linux", "product": "Linux_kernel"}, {"vendor": "Netapp", "product": "Aff_a250_firmware"}, {"vendor": "Netapp", "product": "Aff_500f_firmware"}, {"vendor": "Netapp", "product": "Solidfire_baseboard_management_controller_firmware"}, {"vendor": "Fedoraproject", "product": "Fedora"}, {"vendor": "Netapp", "product": "Cloud_backup"}], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "exploits": [], "assigned": "2021-03-22T00:00:00"}

{"prion": [{"lastseen": "2023-11-22T00:46:05", "description": "In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6.", "cvss3": {"cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-03-22T17:15:00", "type": "prion", "title": "Code injection", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28971"], "modified": "2022-07-12T17:42:00", "id": "PRION:CVE-2021-28971", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2021-28971", "cvss": {"score": 1.7, "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P"}}], "veracode": [{"lastseen": "2022-07-26T16:35:41", "description": "linux is vulnerable to denial of service. In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-06-06T10:35:44", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28971"], "modified": "2022-07-13T12:54:30", "id": "VERACODE:30844", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-30844/summary", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "debiancve": [{"lastseen": "2023-12-03T15:22:41", "description": "In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-22T17:15:00", "type": "debiancve", "title": "CVE-2021-28971", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28971"], "modified": "2021-03-22T17:15:00", "id": "DEBIANCVE:CVE-2021-28971", "href": "https://security-tracker.debian.org/tracker/CVE-2021-28971", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "cbl_mariner": [{"lastseen": "2023-12-03T15:17:27", "description": "CVE-2021-28971 affecting package kernel 5.10.189.1-1. A patched version of the package is available.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-09-09T15:03:26", "type": "cbl_mariner", "title": "CVE-2021-28971 affecting package kernel 5.10.189.1-1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28971"], "modified": "2021-09-09T15:03:26", "id": "CBLMARINER:4010", "href": "", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-12-03T15:17:33", "description": "CVE-2021-28971 affecting package kernel 5.10.78.1-1. A patched version of the package is available.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-09T06:52:47", "type": "cbl_mariner", "title": "CVE-2021-28971 affecting package kernel 5.10.78.1-1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28971"], "modified": "2022-04-09T06:52:47", "id": "CBLMARINER:6542", "href": "", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "redhatcve": [{"lastseen": "2023-12-04T00:28:31", "description": "A flaw was found in the Linux kernel. On some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled.\n#### Mitigation\n\nMitigation for this issue is either not available or the currently available options does not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. \n\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-22T19:54:02", "type": "redhatcve", "title": "CVE-2021-28971", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28971"], "modified": "2023-04-06T07:54:03", "id": "RH:CVE-2021-28971", "href": "https://access.redhat.com/security/cve/cve-2021-28971", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntucve": [{"lastseen": "2023-12-05T14:02:16", "description": "In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux\nkernel through 5.11.8 on some Haswell CPUs, userspace applications (such as\nperf-fuzzer) can cause a system crash because the PEBS status in a PEBS\nrecord is mishandled, aka CID-d88d05a9e0b6.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-03-22T00:00:00", "type": "ubuntucve", "title": "CVE-2021-28971", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28971"], "modified": "2021-03-22T00:00:00", "id": "UB:CVE-2021-28971", "href": "https://ubuntu.com/security/CVE-2021-28971", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "fedora": [{"lastseen": "2023-12-03T19:08:32", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-26T17:55:34", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: kernel-5.11.9-200.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28951", "CVE-2021-28952", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972"], "modified": "2021-03-26T17:55:34", "id": "FEDORA:E6C7530A2BFD", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4VCKIOXCOZGXBEZMO5LGGV5MWCHO6FT3/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T19:08:32", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-26T00:18:33", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: kernel-5.11.9-300.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-28951", "CVE-2021-28952", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972"], "modified": "2021-03-26T00:18:33", "id": "FEDORA:C50DA304C5D2", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PTRNPQTZ4GVS46SZ4OBXY5YDOGVPSTGQ/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T19:08:33", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-03-29T01:12:40", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: kernel-5.11.10-100.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27170", "CVE-2020-27171", "CVE-2021-28951", "CVE-2021-28952", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972"], "modified": "2021-03-29T01:12:40", "id": "FEDORA:C1626307261A", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/T2S3I4SLRNRUQDOFYUS6IUAZMQNMPNLG/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-05-18T15:26:37", "description": "The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-68b0dd2373 advisory.\n\n - An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25. (CVE-2021-28951)\n\n - An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This has been fixed in 5.12-rc4.) (CVE-2021-28952)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8. (CVE-2021-28972)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-26T00:00:00", "type": "nessus", "title": "Fedora 33 : kernel (2021-68b0dd2373)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28951", "CVE-2021-28952", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "p-cpe:/a:fedoraproject:fedora:kernel"], "id": "FEDORA_2021-68B0DD2373.NASL", "href": "https://www.tenable.com/plugins/nessus/148156", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2021-68b0dd2373\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148156);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2021-28951\",\n \"CVE-2021-28952\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-28972\"\n );\n script_xref(name:\"FEDORA\", value:\"2021-68b0dd2373\");\n\n script_name(english:\"Fedora 33 : kernel (2021-68b0dd2373)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2021-68b0dd2373 advisory.\n\n - An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause\n a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that\n SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25. (CVE-2021-28951)\n\n - An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device\n driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This\n has been fixed in 5.12-rc4.) (CVE-2021-28952)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It\n allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer\n before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some\n Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS\n status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has\n a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing\n userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and\n remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8. (CVE-2021-28972)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2021-68b0dd2373\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28972\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-28952\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:33\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Fedora' >!< release) audit(AUDIT_OS_NOT, 'Fedora');\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^33([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 33', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2021-28951', 'CVE-2021-28952', 'CVE-2021-28964', 'CVE-2021-28971', 'CVE-2021-28972');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for FEDORA-2021-68b0dd2373');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'reference':'kernel-5.11.9-200.fc33', 'release':'FC33', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-23T14:44:25", "description": "The version of kernel installed on the remote host is prior to 5.4.110-54.182. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-002 advisory.\n\n - User application could potentially make RPC call to the fastrpc driver and the driver will allow the message to go through to the remote subsystem in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 (CVE-2019-2308)\n\n - An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka CID-20c40794eb85. This is a related issue to CVE-2019-2308. (CVE-2021-28375)\n\n - rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base. (CVE-2021-28660)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-02T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-002)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-2308", "CVE-2021-28375", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-29650"], "modified": "2023-09-05T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:bpftool", "p-cpe:/a:amazon:linux:bpftool-debuginfo", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALASKERNEL-5_4-2022-002.NASL", "href": "https://www.tenable.com/plugins/nessus/160445", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASKERNEL-5.4-2022-002.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160445);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/05\");\n\n script_cve_id(\n \"CVE-2019-2308\",\n \"CVE-2021-28375\",\n \"CVE-2021-28660\",\n \"CVE-2021-28688\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-29650\"\n );\n\n script_name(english:\"Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-002)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 5.4.110-54.182. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-002 advisory.\n\n - User application could potentially make RPC call to the fastrpc driver and the driver will allow the\n message to go through to the remote subsystem in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon\n Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9607,\n MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 427, SD 430, SD 435, SD 439 / SD\n 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD\n 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 (CVE-2019-2308)\n\n - An issue was discovered in the Linux kernel through 5.11.6. fastrpc_internal_invoke in\n drivers/misc/fastrpc.c does not prevent user applications from sending kernel RPC messages, aka\n CID-20c40794eb85. This is a related issue to CVE-2019-2308. (CVE-2021-28375)\n\n - rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6\n allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases,\n CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may\n have situations in which a drivers/staging issue is relevant to their own customer base. (CVE-2021-28660)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use\n uninitialized or stale values. This initialization went too far and may under certain conditions also\n overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking\n persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died,\n leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It\n allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer\n before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some\n Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS\n status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to\n cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h\n lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2022-002.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-28375.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-28660.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-28688.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-28964.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-28971.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-29650.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28660\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/07/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"kpatch.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2019-2308\", \"CVE-2021-28375\", \"CVE-2021-28660\", \"CVE-2021-28688\", \"CVE-2021-28964\", \"CVE-2021-28971\", \"CVE-2021-29650\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALASKERNEL-5.4-2022-002\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-5.4.110-54.182.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-5.4.110-54.182.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-debuginfo-5.4.110-54.182.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-debuginfo-5.4.110-54.182.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-5.4.110-54.182.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-5.4.110-54.182.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-5.4.110-54.182.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-5.4.110-54.182.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-common-aarch64-5.4.110-54.182.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-common-x86_64-5.4.110-54.182.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-devel-5.4.110-54.182.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-devel-5.4.110-54.182.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.110-54.182.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.110-54.182.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.110-54.182.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-5.4.110-54.182.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-5.4.110-54.182.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-debuginfo-5.4.110-54.182.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-debuginfo-5.4.110-54.182.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-devel-5.4.110-54.182.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-devel-5.4.110-54.182.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-5.4.110-54.182.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-5.4.110-54.182.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-debuginfo-5.4.110-54.182.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-debuginfo-5.4.110-54.182.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-5.4.110-54.182.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-5.4.110-54.182.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-debuginfo-5.4.110-54.182.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-debuginfo-5.4.110-54.182.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:37", "description": "The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-9503fffad9 advisory.\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out- of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit. (CVE-2020-27170)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d. (CVE-2020-27171)\n\n - An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25. (CVE-2021-28951)\n\n - An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This has been fixed in 5.12-rc4.) (CVE-2021-28952)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8. (CVE-2021-28972)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-03-29T00:00:00", "type": "nessus", "title": "Fedora 32 : kernel (2021-9503fffad9)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27170", "CVE-2020-27171", "CVE-2021-28951", "CVE-2021-28952", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972"], "modified": "2022-05-10T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:32", "p-cpe:/a:fedoraproject:fedora:kernel"], "id": "FEDORA_2021-9503FFFAD9.NASL", "href": "https://www.tenable.com/plugins/nessus/148205", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2021-9503fffad9\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148205);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-27170\",\n \"CVE-2020-27171\",\n \"CVE-2021-28951\",\n \"CVE-2021-28952\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-28972\"\n );\n script_xref(name:\"FEDORA\", value:\"2021-9503fffad9\");\n\n script_name(english:\"Fedora 32 : kernel (2021-9503fffad9)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2021-9503fffad9 advisory.\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-\n of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects\n pointer types that do not define a ptr_limit. (CVE-2020-27170)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error\n (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to\n side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory,\n aka CID-10d2bb2e6b1d. (CVE-2020-27171)\n\n - An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause\n a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that\n SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25. (CVE-2021-28951)\n\n - An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device\n driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This\n has been fixed in 5.12-rc4.) (CVE-2021-28952)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It\n allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer\n before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some\n Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS\n status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has\n a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing\n userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and\n remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8. (CVE-2021-28972)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2021-9503fffad9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28972\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-28952\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Fedora' >!< release) audit(AUDIT_OS_NOT, 'Fedora');\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 32', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2020-27170', 'CVE-2020-27171', 'CVE-2021-28951', 'CVE-2021-28952', 'CVE-2021-28964', 'CVE-2021-28971', 'CVE-2021-28972');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for FEDORA-2021-9503fffad9');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'reference':'kernel-5.11.10-100.fc32', 'release':'FC32', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:29:10", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9222 advisory.\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out- of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit. (CVE-2020-27170)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d. (CVE-2020-27171)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-12T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9222)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27170", "CVE-2020-27171", "CVE-2021-28688", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-29154", "CVE-2021-29650", "CVE-2021-3428"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2021-9222.NASL", "href": "https://www.tenable.com/plugins/nessus/149421", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9222.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149421);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2020-27170\",\n \"CVE-2020-27171\",\n \"CVE-2021-3428\",\n \"CVE-2021-28688\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-29154\",\n \"CVE-2021-29650\"\n );\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9222)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-9222 advisory.\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-\n of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects\n pointer types that do not define a ptr_limit. (CVE-2020-27170)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error\n (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to\n side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory,\n aka CID-10d2bb2e6b1d. (CVE-2020-27171)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use\n uninitialized or stale values. This initialization went too far and may under certain conditions also\n overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking\n persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died,\n leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It\n allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer\n before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to\n cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h\n lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some\n Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS\n status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements,\n allowing them to execute arbitrary code within the kernel context. This affects\n arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9222.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-29154\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.14.35-2047.503.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-9222');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.14.35-2047.503.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-4.14.35-2047.503.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2047.503.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2047.503.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2047.503.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2047.503.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2047.503.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2047.503.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-doc-4.14.35-2047.503.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.14.35'},\n {'reference':'kernel-uek-headers-4.14.35-2047.503.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2047.503.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2047.503.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-libs-4.14.35-2047.503.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-4.14.35'},\n {'reference':'kernel-uek-tools-libs-devel-4.14.35-2047.503.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-devel-4.14.35'},\n {'reference':'perf-4.14.35-2047.503.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.35-2047.503.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:28:21", "description": "The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-9223 advisory.\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out- of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit. (CVE-2020-27170)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d. (CVE-2020-27171)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-12T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9223)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27170", "CVE-2020-27171", "CVE-2021-28688", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-29154", "CVE-2021-29650", "CVE-2021-3428"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-container"], "id": "ORACLELINUX_ELSA-2021-9223.NASL", "href": "https://www.tenable.com/plugins/nessus/149420", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9223.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149420);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2020-27170\",\n \"CVE-2020-27171\",\n \"CVE-2021-3428\",\n \"CVE-2021-28688\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-29154\",\n \"CVE-2021-29650\"\n );\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9223)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2021-9223 advisory.\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-\n of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects\n pointer types that do not define a ptr_limit. (CVE-2020-27170)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error\n (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to\n side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory,\n aka CID-10d2bb2e6b1d. (CVE-2020-27171)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use\n uninitialized or stale values. This initialization went too far and may under certain conditions also\n overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking\n persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died,\n leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It\n allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer\n before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to\n cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h\n lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some\n Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS\n status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements,\n allowing them to execute arbitrary code within the kernel context. This affects\n arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9223.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-29154\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-4.14.35-2047.503.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-4.14.35'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:28:24", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9220 advisory.\n\n - An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.\n (CVE-2021-28038)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)\n\n - A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3411)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free because v->config_ctx has an invalid value upon re-opening a character device, aka CID-f6bbf0010ba0.\n (CVE-2021-29266)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-10T00:00:00", "type": "nessus", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9220)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26931", "CVE-2021-28038", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-29266", "CVE-2021-29650", "CVE-2021-3411"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2021-9220.NASL", "href": "https://www.tenable.com/plugins/nessus/149357", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9220.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149357);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2021-3411\",\n \"CVE-2021-28038\",\n \"CVE-2021-28688\",\n \"CVE-2021-28950\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-29266\",\n \"CVE-2021-29650\"\n );\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9220)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2021-9220 advisory.\n\n - An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the\n netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of\n changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior\n of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.\n (CVE-2021-28038)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use\n uninitialized or stale values. This initialization went too far and may under certain conditions also\n overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking\n persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died,\n leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It\n allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer\n before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to\n cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h\n lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur\n because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)\n\n - A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found\n while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to\n data confidentiality and integrity as well as system availability. (CVE-2021-3411)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some\n Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS\n status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free\n because v->config_ctx has an invalid value upon re-opening a character device, aka CID-f6bbf0010ba0.\n (CVE-2021-29266)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9220.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-29266\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.4.17-2102.201.3.el7uek', '5.4.17-2102.201.3.el8uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-9220');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-5.4.17-2102.201.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2102.201.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2102.201.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2102.201.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2102.201.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2102.201.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2102.201.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2102.201.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2102.201.3.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2102.201.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2102.201.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-libs-5.4.17-2102.201.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-5.4.17'},\n {'reference':'perf-5.4.17-2102.201.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-5.4.17-2102.201.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-5.4.17-2102.201.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2102.201.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2102.201.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2102.201.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2102.201.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2102.201.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2102.201.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2102.201.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2102.201.3.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:28:53", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9221 advisory.\n\n - An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.\n (CVE-2021-28038)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)\n\n - A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-3411)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free because v->config_ctx has an invalid value upon re-opening a character device, aka CID-f6bbf0010ba0.\n (CVE-2021-29266)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-10T00:00:00", "type": "nessus", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9221)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26931", "CVE-2021-28038", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-29266", "CVE-2021-29650", "CVE-2021-3411"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek-container", "p-cpe:/a:oracle:linux:kernel-uek-container-debug"], "id": "ORACLELINUX_ELSA-2021-9221.NASL", "href": "https://www.tenable.com/plugins/nessus/149356", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9221.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149356);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2021-3411\",\n \"CVE-2021-28038\",\n \"CVE-2021-28688\",\n \"CVE-2021-28950\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-29266\",\n \"CVE-2021-29650\"\n );\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9221)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2021-9221 advisory.\n\n - An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the\n netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of\n changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior\n of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.\n (CVE-2021-28038)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use\n uninitialized or stale values. This initialization went too far and may under certain conditions also\n overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking\n persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died,\n leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It\n allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer\n before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to\n cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h\n lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur\n because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)\n\n - A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found\n while detecting a padding of int3 in the linking state. The highest threat from this vulnerability is to\n data confidentiality and integrity as well as system availability. (CVE-2021-3411)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some\n Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS\n status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free\n because v->config_ctx has an invalid value upon re-opening a character device, aka CID-f6bbf0010ba0.\n (CVE-2021-29266)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9221.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container and / or kernel-uek-container-debug packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-29266\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container-debug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-5.4.17-2102.201.3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2102.201.3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.4.17'},\n {'reference':'kernel-uek-container-5.4.17-2102.201.3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2102.201.3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.4.17'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container / kernel-uek-container-debug');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T16:22:39", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4982-1 advisory.\n\n - A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. (CVE-2020-25670)\n\n - A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after- free which might lead to privilege escalations. (CVE-2020-25671)\n\n - A memory leak vulnerability was found in Linux kernel in llcp_sock_connect (CVE-2020-25672)\n\n - A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system. (CVE-2020-25673)\n\n - A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions before kernel 5.12-rc6 are affected (CVE-2021-3483)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8. (CVE-2021-28972)\n\n - An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6. (CVE-2021-29264)\n\n - An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624. (CVE-2021-29647)\n\n - An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi- device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. (CVE-2021-31916)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-03T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4982-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-25673", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972", "CVE-2021-29264", "CVE-2021-29647", "CVE-2021-31916", "CVE-2021-3483"], "modified": "2023-10-20T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1016-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1036-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1040-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1044-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1046-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1048-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1049-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-74-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-74-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-74-lowlatency"], "id": "UBUNTU_USN-4982-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150233", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4982-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150233);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2020-25670\",\n \"CVE-2020-25671\",\n \"CVE-2020-25672\",\n \"CVE-2020-25673\",\n \"CVE-2021-3483\",\n \"CVE-2021-28688\",\n \"CVE-2021-28950\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-28972\",\n \"CVE-2021-29264\",\n \"CVE-2021-29647\",\n \"CVE-2021-31916\"\n );\n script_xref(name:\"USN\", value:\"4982-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-4982-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-4982-1 advisory.\n\n - A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free\n which might lead to privilege escalations. (CVE-2020-25670)\n\n - A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-\n free which might lead to privilege escalations. (CVE-2020-25671)\n\n - A memory leak vulnerability was found in Linux kernel in llcp_sock_connect (CVE-2020-25672)\n\n - A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak\n and eventually hanging-up the system. (CVE-2020-25673)\n\n - A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice\n into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest\n threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions\n before kernel 5.12-rc6 are affected (CVE-2021-3483)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use\n uninitialized or stale values. This initialization went too far and may under certain conditions also\n overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking\n persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died,\n leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur\n because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It\n allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer\n before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some\n Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS\n status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has\n a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing\n userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and\n remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8. (CVE-2021-28972)\n\n - An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in\n the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment\n size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is\n enabled, aka CID-d8861bab48b6. (CVE-2021-29264)\n\n - An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows\n attackers to obtain sensitive information from kernel memory because of a partially uninitialized data\n structure, aka CID-50535249f624. (CVE-2021-29647)\n\n - An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-\n device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with\n special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or\n a leak of internal kernel information. The highest threat from this vulnerability is to system\n availability. (CVE-2021-31916)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4982-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28972\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3483\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1016-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1036-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1040-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1044-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1046-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1048-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1049-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-74-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-74-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-74-lowlatency\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '18.04': {\n '5.4.0': {\n 'generic': '5.4.0-74',\n 'generic-lpae': '5.4.0-74',\n 'lowlatency': '5.4.0-74',\n 'gkeop': '5.4.0-1016',\n 'raspi': '5.4.0-1036',\n 'gcp': '5.4.0-1044',\n 'oracle': '5.4.0-1046',\n 'azure': '5.4.0-1048',\n 'aws': '5.4.0-1049'\n }\n },\n '20.04': {\n '5.4.0': {\n 'generic': '5.4.0-74',\n 'generic-lpae': '5.4.0-74',\n 'lowlatency': '5.4.0-74',\n 'gkeop': '5.4.0-1016',\n 'raspi': '5.4.0-1036',\n 'kvm': '5.4.0-1040',\n 'gcp': '5.4.0-1044',\n 'oracle': '5.4.0-1046',\n 'azure': '5.4.0-1048',\n 'aws': '5.4.0-1049'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-4982-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2020-25670', 'CVE-2020-25671', 'CVE-2020-25672', 'CVE-2020-25673', 'CVE-2021-3483', 'CVE-2021-28688', 'CVE-2021-28950', 'CVE-2021-28964', 'CVE-2021-28971', 'CVE-2021-28972', 'CVE-2021-29264', 'CVE-2021-29647', 'CVE-2021-31916');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4982-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-23T15:28:18", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4979-1 advisory.\n\n - A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. (CVE-2020-25670)\n\n - A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after- free which might lead to privilege escalations. (CVE-2020-25671)\n\n - A memory leak vulnerability was found in Linux kernel in llcp_sock_connect (CVE-2020-25672)\n\n - A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system. (CVE-2020-25673)\n\n - A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions before kernel 5.12-rc6 are affected (CVE-2021-3483)\n\n - rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base. (CVE-2021-28660)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8. (CVE-2021-28972)\n\n - An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624. (CVE-2021-29647)\n\n - An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi- device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. (CVE-2021-31916)\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. (CVE-2021-33033)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-03T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 ESM / 18.04 LTS : Linux kernel vulnerabilities (USN-4979-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-25673", "CVE-2021-28660", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972", "CVE-2021-29647", "CVE-2021-31916", "CVE-2021-33033", "CVE-2021-3428", "CVE-2021-3483"], "modified": "2023-10-16T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:esm", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1072-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1086-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1092-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1100-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1103-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1103-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1115-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-144-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-144-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-144-lowlatency"], "id": "UBUNTU_USN-4979-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150155", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4979-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150155);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/16\");\n\n script_cve_id(\n \"CVE-2020-25670\",\n \"CVE-2020-25671\",\n \"CVE-2020-25672\",\n \"CVE-2020-25673\",\n \"CVE-2021-3428\",\n \"CVE-2021-3483\",\n \"CVE-2021-28660\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-28972\",\n \"CVE-2021-29647\",\n \"CVE-2021-31916\",\n \"CVE-2021-33033\"\n );\n script_xref(name:\"USN\", value:\"4979-1\");\n\n script_name(english:\"Ubuntu 16.04 ESM / 18.04 LTS : Linux kernel vulnerabilities (USN-4979-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-4979-1 advisory.\n\n - A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free\n which might lead to privilege escalations. (CVE-2020-25670)\n\n - A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-\n free which might lead to privilege escalations. (CVE-2020-25671)\n\n - A memory leak vulnerability was found in Linux kernel in llcp_sock_connect (CVE-2020-25672)\n\n - A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak\n and eventually hanging-up the system. (CVE-2020-25673)\n\n - A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice\n into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest\n threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions\n before kernel 5.12-rc6 are affected (CVE-2021-3483)\n\n - rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6\n allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases,\n CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may\n have situations in which a drivers/staging issue is relevant to their own customer base. (CVE-2021-28660)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It\n allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer\n before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some\n Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS\n status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has\n a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing\n userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and\n remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8. (CVE-2021-28972)\n\n - An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows\n attackers to obtain sensitive information from kernel memory because of a partially uninitialized data\n structure, aka CID-50535249f624. (CVE-2021-29647)\n\n - An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-\n device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with\n special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or\n a leak of internal kernel information. The highest threat from this vulnerability is to system\n availability. (CVE-2021-31916)\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because\n the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads\n to writing an arbitrary value. (CVE-2021-33033)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4979-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28660\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:esm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1072-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1086-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1092-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1100-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1103-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1103-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-1115-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-144-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-144-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15.0-144-lowlatency\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release || '18.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '16.04': {\n '4.15.0': {\n 'generic': '4.15.0-144',\n 'lowlatency': '4.15.0-144',\n 'oracle': '4.15.0-1072',\n 'gcp': '4.15.0-1100',\n 'aws': '4.15.0-1103',\n 'azure': '4.15.0-1115'\n }\n },\n '18.04': {\n '4.15.0': {\n 'generic': '4.15.0-144',\n 'generic-lpae': '4.15.0-144',\n 'lowlatency': '4.15.0-144',\n 'oracle': '4.15.0-1072',\n 'raspi2': '4.15.0-1086',\n 'kvm': '4.15.0-1092',\n 'gcp': '4.15.0-1100',\n 'snapdragon': '4.15.0-1103',\n 'azure': '4.15.0-1115'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-4979-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2020-25670', 'CVE-2020-25671', 'CVE-2020-25672', 'CVE-2020-25673', 'CVE-2021-3428', 'CVE-2021-3483', 'CVE-2021-28660', 'CVE-2021-28964', 'CVE-2021-28971', 'CVE-2021-28972', 'CVE-2021-29647', 'CVE-2021-31916', 'CVE-2021-33033');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4979-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-15T15:18:05", "description": "The version of kernel installed on the remote host is prior to 4.14.232-123.381. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1503 advisory.\n\n - An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.\n (CVE-2020-29374)\n\n - A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket. (CVE-2021-23133)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\n - An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations. (CVE-2021-29155)\n\n - kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel. (CVE-2021-31829)\n\n - An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi- device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. (CVE-2021-31916)\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. (CVE-2021-33033)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-24T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2021-1503)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-25673", "CVE-2020-29374", "CVE-2021-23133", "CVE-2021-28688", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-29154", "CVE-2021-29155", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-33033"], "modified": "2021-05-24T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2021-1503.NASL", "href": "https://www.tenable.com/plugins/nessus/149872", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2021-1503.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149872);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/24\");\n\n script_cve_id(\n \"CVE-2020-25670\",\n \"CVE-2020-25671\",\n \"CVE-2020-25672\",\n \"CVE-2020-25673\",\n \"CVE-2020-29374\",\n \"CVE-2021-23133\",\n \"CVE-2021-28688\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-29154\",\n \"CVE-2021-29155\",\n \"CVE-2021-31829\",\n \"CVE-2021-31916\",\n \"CVE-2021-33033\"\n );\n script_xref(name:\"ALAS\", value:\"2021-1503\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2021-1503)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 4.14.232-123.381. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS-2021-1503 advisory.\n\n - An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The\n get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider\n the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.\n (CVE-2020-29374)\n\n - A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel\n privilege escalation from the context of a network service or an unprivileged process. If\n sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the\n auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network\n service privileges to escalate to root or from the context of an unprivileged user directly if a\n BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket. (CVE-2021-23133)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use\n uninitialized or stale values. This initialization went too far and may under certain conditions also\n overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking\n persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died,\n leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It\n allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer\n before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some\n Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS\n status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements,\n allowing them to execute arbitrary code within the kernel context. This affects\n arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\n - An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable\n out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer\n arithmetic operations, the pointer modification performed by the first operation is not correctly\n accounted for when restricting subsequent operations. (CVE-2021-29155)\n\n - kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading\n to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not\n protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized\n data that might represent sensitive information previously operated on by the kernel. (CVE-2021-31829)\n\n - An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-\n device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with\n special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or\n a leak of internal kernel information. The highest threat from this vulnerability is to system\n availability. (CVE-2021-31916)\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because\n the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads\n to writing an arbitrary value. (CVE-2021-33033)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2021-1503.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25670\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-29374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-23133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-28688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-28964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-28971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-31829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-31916\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-33033\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-29154\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n cve_list = make_list(\"CVE-2020-25670\", \"CVE-2020-25671\", \"CVE-2020-25672\", \"CVE-2020-25673\", \"CVE-2020-29374\", \"CVE-2021-23133\", \"CVE-2021-28688\", \"CVE-2021-28964\", \"CVE-2021-28971\", \"CVE-2021-29154\", \"CVE-2021-29155\", \"CVE-2021-31829\", \"CVE-2021-31916\", \"CVE-2021-33033\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALAS-2021-1503\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\npkgs = [\n {'reference':'kernel-4.14.232-123.381.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.14.232-123.381.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.14.232-123.381.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.14.232-123.381.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-i686-4.14.232-123.381.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-x86_64-4.14.232-123.381.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.232-123.381.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.232-123.381.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.232-123.381.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.232-123.381.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.232-123.381.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.232-123.381.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.14.232-123.381.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.14.232-123.381.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-4.14.232-123.381.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-4.14.232-123.381.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.232-123.381.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.232-123.381.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.14.232-123.381.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.14.232-123.381.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-23T15:27:31", "description": "The remote Ubuntu 20.04 LTS / 20.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4984-1 advisory.\n\n - A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions before kernel 5.12-rc6 are affected (CVE-2021-3483)\n\n - An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.\n (CVE-2021-28038)\n\n - rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base. (CVE-2021-28660)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)\n\n - An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This has been fixed in 5.12-rc4.) (CVE-2021-28952)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8. (CVE-2021-28972)\n\n - An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624. (CVE-2021-29647)\n\n - An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.\n (CVE-2021-30002)\n\n - An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi- device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. (CVE-2021-31916)\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. (CVE-2021-33033)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-06-04T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-4984-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26931", "CVE-2021-28038", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28952", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972", "CVE-2021-29647", "CVE-2021-30002", "CVE-2021-31916", "CVE-2021-33033", "CVE-2021-3483"], "modified": "2023-10-23T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-55-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-55-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-55-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-55-lowlatency"], "id": "UBUNTU_USN-4984-1.NASL", "href": "https://www.tenable.com/plugins/nessus/150292", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4984-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150292);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/23\");\n\n script_cve_id(\n \"CVE-2021-3483\",\n \"CVE-2021-28038\",\n \"CVE-2021-28660\",\n \"CVE-2021-28688\",\n \"CVE-2021-28950\",\n \"CVE-2021-28952\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-28972\",\n \"CVE-2021-29647\",\n \"CVE-2021-30002\",\n \"CVE-2021-31916\",\n \"CVE-2021-33033\"\n );\n script_xref(name:\"USN\", value:\"4984-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-4984-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 20.10 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-4984-1 advisory.\n\n - A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice\n into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest\n threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions\n before kernel 5.12-rc6 are affected (CVE-2021-3483)\n\n - An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the\n netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of\n changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior\n of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.\n (CVE-2021-28038)\n\n - rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6\n allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases,\n CVE IDs are not normally used for drivers/staging/* (unfinished work); however, system integrators may\n have situations in which a drivers/staging issue is relevant to their own customer base. (CVE-2021-28660)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use\n uninitialized or stale values. This initialization went too far and may under certain conditions also\n overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking\n persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died,\n leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur\n because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)\n\n - An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device\n driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This\n has been fixed in 5.12-rc4.) (CVE-2021-28952)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It\n allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer\n before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some\n Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS\n status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has\n a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing\n userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and\n remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8. (CVE-2021-28972)\n\n - An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows\n attackers to obtain sensitive information from kernel memory because of a partially uninitialized data\n structure, aka CID-50535249f624. (CVE-2021-29647)\n\n - An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in\n drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.\n (CVE-2021-30002)\n\n - An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-\n device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with\n special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or\n a leak of internal kernel information. The highest threat from this vulnerability is to system\n availability. (CVE-2021-31916)\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because\n the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads\n to writing an arbitrary value. (CVE-2021-33033)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4984-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28660\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-55-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-55-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-55-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.8.0-55-lowlatency\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '20.04': {\n '5.8.0': {\n 'generic': '5.8.0-55',\n 'generic-64k': '5.8.0-55',\n 'generic-lpae': '5.8.0-55',\n 'lowlatency': '5.8.0-55'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-4984-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2021-3483', 'CVE-2021-28038', 'CVE-2021-28660', 'CVE-2021-28688', 'CVE-2021-28950', 'CVE-2021-28952', 'CVE-2021-28964', 'CVE-2021-28971', 'CVE-2021-28972', 'CVE-2021-29647', 'CVE-2021-30002', 'CVE-2021-31916', 'CVE-2021-33033');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4984-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-23T15:27:31", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - There is a flaw reported in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.(CVE-2021-20292)\n\n - An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.(CVE-2021-30002)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6.(CVE-2021-28971)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc.(CVE-2021-28964)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.(CVE-2021-29154)\n\n - An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6.(CVE-2021-29264)\n\n - An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-35519)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d.(CVE-2020-27171)\n\n - rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work) however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.(CVE-2021-28660)\n\n - An issue was discovered in the Linux kernel before 5.8.\n arch/x86/kvm/svm/svm.c allows a set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52.(CVE-2020-36310)\n\n - An issue was discovered in the Linux kernel before 5.7.\n The KVM subsystem allows out-of-range access to memslots after a deletion, aka CID-0774a964ef56. This affects arch/s390/kvm/kvm-s390.c, include/linux/kvm_host.h, and virt/kvm/kvm_main.c.(CVE-2020-36313)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.(CVE-2021-29650)\n\n - An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624.(CVE-2021-29647)\n\n - A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2021-3483)\n\n - A race condition was found in the Linux kernel in sctp_destroy_sock. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock held and sp->do_auto_asconf is true, then an element is removed from the auto_asconf_splist without any proper locking.\n This can lead to kernel privilege escalation from the context of a network service or from an unprivileged process if certain conditions are met.(CVE-2021-23133)\n\n - An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.(CVE-2020-36322)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-06-04T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.0 : kernel (EulerOS-SA-2021-1971)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27171", "CVE-2020-35519", "CVE-2020-36310", "CVE-2020-36313", "CVE-2020-36322", "CVE-2021-20292", "CVE-2021-23133", "CVE-2021-28660", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-29154", "CVE-2021-29264", "CVE-2021-29647", "CVE-2021-29650", "CVE-2021-30002", "CVE-2021-3483"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "cpe:/o:huawei:euleros:uvp:2.9.0"], "id": "EULEROS_SA-2021-1971.NASL", "href": "https://www.tenable.com/plugins/nessus/150253", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(150253);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2020-27171\",\n \"CVE-2020-35519\",\n \"CVE-2020-36310\",\n \"CVE-2020-36313\",\n \"CVE-2020-36322\",\n \"CVE-2021-3483\",\n \"CVE-2021-20292\",\n \"CVE-2021-23133\",\n \"CVE-2021-28660\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-29154\",\n \"CVE-2021-29264\",\n \"CVE-2021-29647\",\n \"CVE-2021-29650\",\n \"CVE-2021-30002\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.9.0 : kernel (EulerOS-SA-2021-1971)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - There is a flaw reported in\n drivers/gpu/drm/nouveau/nouveau_sgdma.c in\n nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The\n issue results from the lack of validating the existence\n of an object prior to performing operations on the\n object. An attacker with a local account with a root\n privilege, can leverage this vulnerability to escalate\n privileges and execute code in the context of the\n kernel.(CVE-2021-20292)\n\n - An issue was discovered in the Linux kernel before\n 5.11.3 when a webcam device exists. video_usercopy in\n drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak\n for large arguments, aka\n CID-fb18802a338b.(CVE-2021-30002)\n\n - In intel_pmu_drain_pebs_nhm in\n arch/x86/events/intel/ds.c in the Linux kernel through\n 5.11.8 on some Haswell CPUs, userspace applications\n (such as perf-fuzzer) can cause a system crash because\n the PEBS status in a PEBS record is mishandled, aka\n CID-d88d05a9e0b6.(CVE-2021-28971)\n\n - A race condition was discovered in get_old_root in\n fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It\n allows attackers to cause a denial of service (BUG)\n because of a lack of locking on an extent buffer before\n a cloning operation, aka\n CID-dbcc7d57bffc.(CVE-2021-28964)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12\n have incorrect computation of branch displacements,\n allowing them to execute arbitrary code within the\n kernel context. This affects\n arch/x86/net/bpf_jit_comp.c and\n arch/x86/net/bpf_jit_comp32.c.(CVE-2021-29154)\n\n - An issue was discovered in the Linux kernel through\n 5.11.10. drivers/net/ethernet/freescale/gianfar.c in\n the Freescale Gianfar Ethernet driver allows attackers\n to cause a system crash because a negative fragment\n size is calculated in situations involving an rx queue\n overrun when jumbo packets are used and NAPI is\n enabled, aka CID-d8861bab48b6.(CVE-2021-29264)\n\n - An out-of-bounds (OOB) memory access flaw was found in\n x25_bind in net/x25/af_x25.c in the Linux kernel. A\n bounds check failure allows a local attacker with a\n user account on the system to gain access to\n out-of-bounds memory, leading to a system crash or a\n leak of internal kernel information. The highest threat\n from this vulnerability is to confidentiality,\n integrity, as well as system\n availability.(CVE-2020-35519)\n\n - An issue was discovered in the Linux kernel before\n 5.11.8. kernel/bpf/verifier.c has an off-by-one error\n (with a resultant integer underflow) affecting\n out-of-bounds speculation on pointer arithmetic,\n leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from\n kernel memory, aka CID-10d2bb2e6b1d.(CVE-2020-27171)\n\n - rtw_wx_set_scan in\n drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the\n Linux kernel through 5.11.6 allows writing beyond the\n end of the ->ssid[] array. NOTE: from the perspective\n of kernel.org releases, CVE IDs are not normally used\n for drivers/staging/* (unfinished work) however, system\n integrators may have situations in which a\n drivers/staging issue is relevant to their own customer\n base.(CVE-2021-28660)\n\n - An issue was discovered in the Linux kernel before 5.8.\n arch/x86/kvm/svm/svm.c allows a set_memory_region_test\n infinite loop for certain nested page faults, aka\n CID-e72436bc3a52.(CVE-2020-36310)\n\n - An issue was discovered in the Linux kernel before 5.7.\n The KVM subsystem allows out-of-range access to\n memslots after a deletion, aka CID-0774a964ef56. This\n affects arch/s390/kvm/kvm-s390.c,\n include/linux/kvm_host.h, and\n virt/kvm/kvm_main.c.(CVE-2020-36313)\n\n - An issue was discovered in the Linux kernel before\n 5.11.11. The netfilter subsystem allows attackers to\n cause a denial of service (panic) because\n net/netfilter/x_tables.c and\n include/linux/netfilter/x_tables.h lack a full memory\n barrier upon the assignment of a new table value, aka\n CID-175e476b8cdf.(CVE-2021-29650)\n\n - An issue was discovered in the Linux kernel before\n 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows\n attackers to obtain sensitive information from kernel\n memory because of a partially uninitialized data\n structure, aka CID-50535249f624.(CVE-2021-29647)\n\n - A flaw was found in the Nosy driver in the Linux\n kernel. This issue allows a device to be inserted twice\n into a doubly-linked list, leading to a use-after-free\n when one of these devices is removed. The highest\n threat from this vulnerability is to confidentiality,\n integrity, as well as system\n availability.(CVE-2021-3483)\n\n - A race condition was found in the Linux kernel in\n sctp_destroy_sock. If sctp_destroy_sock is called\n without sock_net(sk)->sctp.addr_wq_lock held and\n sp->do_auto_asconf is true, then an element is removed\n from the auto_asconf_splist without any proper locking.\n This can lead to kernel privilege escalation from the\n context of a network service or from an unprivileged\n process if certain conditions are met.(CVE-2021-23133)\n\n - An issue was discovered in the FUSE filesystem\n implementation in the Linux kernel before 5.10.6, aka\n CID-5d069dbe8aaf. fuse_do_getattr() calls\n make_bad_inode() in inappropriate situations, causing a\n system crash. NOTE: the original fix for this\n vulnerability was incomplete, and its incompleteness is\n tracked as CVE-2021-28950.(CVE-2020-36322)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1971\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?221a799c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28660\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.18.0-147.5.1.6.h451.eulerosv2r9\",\n \"kernel-tools-4.18.0-147.5.1.6.h451.eulerosv2r9\",\n \"kernel-tools-libs-4.18.0-147.5.1.6.h451.eulerosv2r9\",\n \"perf-4.18.0-147.5.1.6.h451.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-23T15:27:59", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2021-3483)\n\n - An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.(CVE-2021-30002)\n\n - An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950.(CVE-2020-36322)\n\n - There is a flaw reported in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.(CVE-2021-20292)\n\n - An issue was discovered in the Linux kernel before 5.8.\n arch/x86/kvm/svm/svm.c allows a set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52.(CVE-2020-36310)\n\n - A race condition was found in the Linux kernel in sctp_destroy_sock. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock held and sp->do_auto_asconf is true, then an element is removed from the auto_asconf_splist without any proper locking.\n This can lead to kernel privilege escalation from the context of a network service or from an unprivileged process if certain conditions are met.(CVE-2021-23133)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6.(CVE-2021-28971)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c.(CVE-2021-29154)\n\n - An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624.(CVE-2021-29647)\n\n - An issue was discovered in the Linux kernel before 5.7.\n The KVM subsystem allows out-of-range access to memslots after a deletion, aka CID-0774a964ef56. This affects arch/s390/kvm/kvm-s390.c, include/linux/kvm_host.h, and virt/kvm/kvm_main.c.(CVE-2020-36313)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc.(CVE-2021-28964)\n\n - An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6.(CVE-2021-29264)\n\n - An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c has an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-10d2bb2e6b1d.(CVE-2020-27171)\n\n - An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-35519)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.(CVE-2021-29650)\n\n - rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the Linux kernel through 5.11.6 allows writing beyond the end of the ->ssid[] array. NOTE: from the perspective of kernel.org releases, CVE IDs are not normally used for drivers/staging/* (unfinished work) however, system integrators may have situations in which a drivers/staging issue is relevant to their own customer base.(CVE-2021-28660)\n\n - An issue was discovered in the Linux kernel before 5.9.\n arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions), aka CID-7be74942f184.(CVE-2020-36311)\n\n - An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d.(CVE-2020-36312)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-07-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-2051)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27171", "CVE-2020-35519", "CVE-2020-36310", "CVE-2020-36311", "CVE-2020-36312", "CVE-2020-36313", "CVE-2020-36322", "CVE-2021-20292", "CVE-2021-23133", "CVE-2021-28660", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-29154", "CVE-2021-29264", "CVE-2021-29647", "CVE-2021-29650", "CVE-2021-30002", "CVE-2021-3483"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2051.NASL", "href": "https://www.tenable.com/plugins/nessus/151238", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151238);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2020-27171\",\n \"CVE-2020-35519\",\n \"CVE-2020-36310\",\n \"CVE-2020-36311\",\n \"CVE-2020-36312\",\n \"CVE-2020-36313\",\n \"CVE-2020-36322\",\n \"CVE-2021-3483\",\n \"CVE-2021-20292\",\n \"CVE-2021-23133\",\n \"CVE-2021-28660\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-29154\",\n \"CVE-2021-29264\",\n \"CVE-2021-29647\",\n \"CVE-2021-29650\",\n \"CVE-2021-30002\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : kernel (EulerOS-SA-2021-2051)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A flaw was found in the Nosy driver in the Linux\n kernel. This issue allows a device to be inserted twice\n into a doubly-linked list, leading to a use-after-free\n when one of these devices is removed. The highest\n threat from this vulnerability is to confidentiality,\n integrity, as well as system\n availability.(CVE-2021-3483)\n\n - An issue was discovered in the Linux kernel before\n 5.11.3 when a webcam device exists. video_usercopy in\n drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak\n for large arguments, aka\n CID-fb18802a338b.(CVE-2021-30002)\n\n - An issue was discovered in the FUSE filesystem\n implementation in the Linux kernel before 5.10.6, aka\n CID-5d069dbe8aaf. fuse_do_getattr() calls\n make_bad_inode() in inappropriate situations, causing a\n system crash. NOTE: the original fix for this\n vulnerability was incomplete, and its incompleteness is\n tracked as CVE-2021-28950.(CVE-2020-36322)\n\n - There is a flaw reported in\n drivers/gpu/drm/nouveau/nouveau_sgdma.c in\n nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The\n issue results from the lack of validating the existence\n of an object prior to performing operations on the\n object. An attacker with a local account with a root\n privilege, can leverage this vulnerability to escalate\n privileges and execute code in the context of the\n kernel.(CVE-2021-20292)\n\n - An issue was discovered in the Linux kernel before 5.8.\n arch/x86/kvm/svm/svm.c allows a set_memory_region_test\n infinite loop for certain nested page faults, aka\n CID-e72436bc3a52.(CVE-2020-36310)\n\n - A race condition was found in the Linux kernel in\n sctp_destroy_sock. If sctp_destroy_sock is called\n without sock_net(sk)->sctp.addr_wq_lock held and\n sp->do_auto_asconf is true, then an element is removed\n from the auto_asconf_splist without any proper locking.\n This can lead to kernel privilege escalation from the\n context of a network service or from an unprivileged\n process if certain conditions are met.(CVE-2021-23133)\n\n - In intel_pmu_drain_pebs_nhm in\n arch/x86/events/intel/ds.c in the Linux kernel through\n 5.11.8 on some Haswell CPUs, userspace applications\n (such as perf-fuzzer) can cause a system crash because\n the PEBS status in a PEBS record is mishandled, aka\n CID-d88d05a9e0b6.(CVE-2021-28971)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12\n have incorrect computation of branch displacements,\n allowing them to execute arbitrary code within the\n kernel context. This affects\n arch/x86/net/bpf_jit_comp.c and\n arch/x86/net/bpf_jit_comp32.c.(CVE-2021-29154)\n\n - An issue was discovered in the Linux kernel before\n 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows\n attackers to obtain sensitive information from kernel\n memory because of a partially uninitialized data\n structure, aka CID-50535249f624.(CVE-2021-29647)\n\n - An issue was discovered in the Linux kernel before 5.7.\n The KVM subsystem allows out-of-range access to\n memslots after a deletion, aka CID-0774a964ef56. This\n affects arch/s390/kvm/kvm-s390.c,\n include/linux/kvm_host.h, and\n virt/kvm/kvm_main.c.(CVE-2020-36313)\n\n - A race condition was discovered in get_old_root in\n fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It\n allows attackers to cause a denial of service (BUG)\n because of a lack of locking on an extent buffer before\n a cloning operation, aka\n CID-dbcc7d57bffc.(CVE-2021-28964)\n\n - An issue was discovered in the Linux kernel through\n 5.11.10. drivers/net/ethernet/freescale/gianfar.c in\n the Freescale Gianfar Ethernet driver allows attackers\n to cause a system crash because a negative fragment\n size is calculated in situations involving an rx queue\n overrun when jumbo packets are used and NAPI is\n enabled, aka CID-d8861bab48b6.(CVE-2021-29264)\n\n - An issue was discovered in the Linux kernel before\n 5.11.8. kernel/bpf/verifier.c has an off-by-one error\n (with a resultant integer underflow) affecting\n out-of-bounds speculation on pointer arithmetic,\n leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from\n kernel memory, aka CID-10d2bb2e6b1d.(CVE-2020-27171)\n\n - An out-of-bounds (OOB) memory access flaw was found in\n x25_bind in net/x25/af_x25.c in the Linux kernel. A\n bounds check failure allows a local attacker with a\n user account on the system to gain access to\n out-of-bounds memory, leading to a system crash or a\n leak of internal kernel information. The highest threat\n from this vulnerability is to confidentiality,\n integrity, as well as system\n availability.(CVE-2020-35519)\n\n - An issue was discovered in the Linux kernel before\n 5.11.11. The netfilter subsystem allows attackers to\n cause a denial of service (panic) because\n net/netfilter/x_tables.c and\n include/linux/netfilter/x_tables.h lack a full memory\n barrier upon the assignment of a new table value, aka\n CID-175e476b8cdf.(CVE-2021-29650)\n\n - rtw_wx_set_scan in\n drivers/staging/rtl8188eu/os_dep/ioctl_linux.c in the\n Linux kernel through 5.11.6 allows writing beyond the\n end of the ->ssid[] array. NOTE: from the perspective\n of kernel.org releases, CVE IDs are not normally used\n for drivers/staging/* (unfinished work) however, system\n integrators may have situations in which a\n drivers/staging issue is relevant to their own customer\n base.(CVE-2021-28660)\n\n - An issue was discovered in the Linux kernel before 5.9.\n arch/x86/kvm/svm/sev.c allows attackers to cause a\n denial of service (soft lockup) by triggering\n destruction of a large SEV VM (which requires\n unregistering many encrypted regions), aka\n CID-7be74942f184.(CVE-2020-36311)\n\n - An issue was discovered in the Linux kernel before\n 5.8.10. virt/kvm/kvm_main.c has a\n kvm_io_bus_unregister_dev memory leak upon a kmalloc\n failure, aka CID-f65886606c2d.(CVE-2020-36312)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2051\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9dbc5945\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28660\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.18.0-147.5.1.6.h451.eulerosv2r9\",\n \"kernel-tools-4.18.0-147.5.1.6.h451.eulerosv2r9\",\n \"kernel-tools-libs-4.18.0-147.5.1.6.h451.eulerosv2r9\",\n \"python3-perf-4.18.0-147.5.1.6.h451.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T16:21:47", "description": "The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4948-1 advisory.\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25. (CVE-2021-28951)\n\n - An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This has been fixed in 5.12-rc4.) (CVE-2021-28952)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8. (CVE-2021-28972)\n\n - An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled, aka CID-d8861bab48b6. (CVE-2021-29264)\n\n - An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free because v->config_ctx has an invalid value upon re-opening a character device, aka CID-f6bbf0010ba0.\n (CVE-2021-29266)\n\n - An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8. (CVE-2021-29646)\n\n - An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure, aka CID-50535249f624. (CVE-2021-29647)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677. (CVE-2021-29649)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\n - An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi- device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. (CVE-2021-31916)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-12T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-4948-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2021-28688", "CVE-2021-28951", "CVE-2021-28952", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972", "CVE-2021-29264", "CVE-2021-29266", "CVE-2021-29646", "CVE-2021-29647", "CVE-2021-29649", "CVE-2021-29650", "CVE-2021-29657", "CVE-2021-31916", "CVE-2021-3483", "CVE-2021-3489", "CVE-2021-3490", "CVE-2021-3491"], "modified": "2023-10-20T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.10.0-1026-oem"], "id": "UBUNTU_USN-4948-1.NASL", "href": "https://www.tenable.com/plugins/nessus/149407", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4948-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149407);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2020-25670\",\n \"CVE-2020-25671\",\n \"CVE-2020-25672\",\n \"CVE-2021-3483\",\n \"CVE-2021-3489\",\n \"CVE-2021-3490\",\n \"CVE-2021-3491\",\n \"CVE-2021-28688\",\n \"CVE-2021-28951\",\n \"CVE-2021-28952\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-28972\",\n \"CVE-2021-29264\",\n \"CVE-2021-29266\",\n \"CVE-2021-29646\",\n \"CVE-2021-29647\",\n \"CVE-2021-29649\",\n \"CVE-2021-29650\",\n \"CVE-2021-29657\",\n \"CVE-2021-31916\"\n );\n script_xref(name:\"USN\", value:\"4948-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-4948-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-4948-1 advisory.\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use\n uninitialized or stale values. This initialization went too far and may under certain conditions also\n overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking\n persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died,\n leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - An issue was discovered in fs/io_uring.c in the Linux kernel through 5.11.8. It allows attackers to cause\n a denial of service (deadlock) because exit may be waiting to park a SQPOLL thread, but concurrently that\n SQPOLL thread is waiting for a signal to start, aka CID-3ebba796fa25. (CVE-2021-28951)\n\n - An issue was discovered in the Linux kernel through 5.11.8. The sound/soc/qcom/sdm845.c soundwire device\n driver has a buffer overflow when an unexpected port ID number is encountered, aka CID-1c668e1c0a0f. (This\n has been fixed in 5.12-rc4.) (CVE-2021-28952)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It\n allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer\n before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some\n Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS\n status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has\n a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing\n userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and\n remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8. (CVE-2021-28972)\n\n - An issue was discovered in the Linux kernel through 5.11.10. drivers/net/ethernet/freescale/gianfar.c in\n the Freescale Gianfar Ethernet driver allows attackers to cause a system crash because a negative fragment\n size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is\n enabled, aka CID-d8861bab48b6. (CVE-2021-29264)\n\n - An issue was discovered in the Linux kernel before 5.11.9. drivers/vhost/vdpa.c has a use-after-free\n because v->config_ctx has an invalid value upon re-opening a character device, aka CID-f6bbf0010ba0.\n (CVE-2021-29266)\n\n - An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does\n not properly validate certain data sizes, aka CID-0217ed2848e8. (CVE-2021-29646)\n\n - An issue was discovered in the Linux kernel before 5.11.11. qrtr_recvmsg in net/qrtr/qrtr.c allows\n attackers to obtain sensitive information from kernel memory because of a partially uninitialized data\n structure, aka CID-50535249f624. (CVE-2021-29647)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The user mode driver (UMD) has a\n copy_process() memory leak, related to a lack of cleanup steps in kernel/usermode_driver.c and\n kernel/bpf/preload/bpf_preload_kern.c, aka CID-f60a85cad677. (CVE-2021-29649)\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to\n cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h\n lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\n - An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-\n device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with\n special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or\n a leak of internal kernel information. The highest threat from this vulnerability is to system\n availability. (CVE-2021-31916)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4948-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3491\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux eBPF ALU32 32-bit Invalid Bounds Tracking LPE');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.10.0-1026-oem\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar kernel_mappings = {\n '20.04': {\n '5.10.0': {\n 'oem': '5.10.0-1026'\n }\n }\n};\n\nvar host_kernel_release = get_kb_item_or_exit('Host/uname-r');\nvar host_kernel_version = get_kb_item_or_exit('Host/Debian/kernel-version');\nvar host_kernel_base_version = get_kb_item_or_exit('Host/Debian/kernel-base-version');\nvar host_kernel_type = get_kb_item_or_exit('Host/Debian/kernel-type');\nif(empty_or_null(kernel_mappings[os_release][host_kernel_base_version][host_kernel_type])) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + host_kernel_release);\n\nvar extra = '';\nvar kernel_fixed_version = kernel_mappings[os_release][host_kernel_base_version][host_kernel_type];\nif (deb_ver_cmp(ver1:host_kernel_version, ver2:kernel_fixed_version) < 0)\n{\n extra = extra + 'Running Kernel level of ' + host_kernel_version + ' does not meet the minimum fixed level of ' + kernel_fixed_version + ' for this advisory.\\n\\n';\n}\n else\n{\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-4948-1');\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2020-25670', 'CVE-2020-25671', 'CVE-2020-25672', 'CVE-2021-3483', 'CVE-2021-3489', 'CVE-2021-3490', 'CVE-2021-3491', 'CVE-2021-28688', 'CVE-2021-28951', 'CVE-2021-28952', 'CVE-2021-28964', 'CVE-2021-28971', 'CVE-2021-28972', 'CVE-2021-29264', 'CVE-2021-29266', 'CVE-2021-29646', 'CVE-2021-29647', 'CVE-2021-29649', 'CVE-2021-29650', 'CVE-2021-29657', 'CVE-2021-31916');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-4948-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-23T15:25:42", "description": "The openSUSE Leap 15.2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170).\n\n - CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485).\n\n - CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ).\n\n - CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167).\n\n - CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168).\n\n - CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198).\n\n - CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ).\n\n - CVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193).\n\n - CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).\n\n - CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ).\n\n - CVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not prevent user applications from sending kernel RPC messages (bsc#1183596).\n\n - CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022).\n\n - CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715).\n\n - CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717).\n\n - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716).\n\n - CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696).\n\n - CVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454).\n\n - CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775).\n\n - CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686).\n\n - CVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire function (bsc#1159280 ).\n\n - CVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in aa_audit_rule_init() (bsc#1156256).\n\nThe following non-security bugs were fixed :\n\n - 0007-block-add-docs-for-gendisk-request_queue-refcount-h e.patch: (bsc#1171295, git fixes (block drivers)).\n\n - 0008-block-revert-back-to-synchronous-request_queue-remo v.patch: (bsc#1171295, git fixes (block drivers)).\n\n - 0009-blktrace-fix-debugfs-use-after-free.patch:\n (bsc#1171295, git fixes (block drivers)). \n\n - ACPI: bus: Constify is_acpi_node() and friends (part 2) (git-fixes).\n\n - ACPICA: Always create namespace nodes using acpi_ns_create_node() (git-fixes).\n\n - ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383).\n\n - ACPICA: Fix race in generic_serial_bus (I2C) and GPIO op_region parameter handling (git-fixes).\n\n - ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes).\n\n - ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807 (git-fixes).\n\n - ACPI: video: Add missing callback back for Sony VPCEH3U1E (git-fixes).\n\n - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (git-fixes).\n\n - ALSA: hda: Avoid spurious unsol event handling during S3/S4 (git-fixes).\n\n - ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes).\n\n - ALSA: hda: generic: Fix the micmute led init state (git-fixes).\n\n - ALSA: hda/hdmi: Cancel pending works before suspend (git-fixes).\n\n - ALSA: hda/realtek: Add quirk for Clevo NH55RZQ (git-fixes).\n\n - ALSA: hda/realtek: Add quirk for Intel NUC 10 (git-fixes).\n\n - ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike X570 board (git-fixes).\n\n - ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air (git-fixes).\n\n - ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro (git-fixes).\n\n - ALSA: hda/realtek: Enable headset mic of Acer SWIFT with ALC256 (git-fixes).\n\n - ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO (git-fixes).\n\n - ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk (bsc#1182552).\n\n - ALSA: usb-audio: Allow modifying parameters with succeeding hw_params calls (bsc#1182552).\n\n - ALSA: usb-audio: Apply sample rate quirk to Logitech Connect (git-fixes).\n\n - ALSA: usb-audio: Apply the control quirk to Plantronics headsets (bsc#1182552).\n\n - ALSA: usb-audio: Disable USB autosuspend properly in setup_disable_autosuspend() (bsc#1182552).\n\n - ALSA: usb-audio: Do not abort even if the clock rate differs (bsc#1182552).\n\n - ALSA: usb-audio: Drop bogus dB range in too low level (bsc#1182552).\n\n - ALSA: usb-audio: Fix 'cannot get freq eq' errors on Dell AE515 sound bar (bsc#1182552).\n\n - ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe (bsc#1182552).\n\n - ALSA: usb-audio: Fix 'RANGE setting not yet supported' errors (git-fixes).\n\n - ALSA: usb-audio: fix use after free in usb_audio_disconnect (bsc#1182552).\n\n - ALSA: usb-audio: Skip the clock selector inquiry for single connections (git-fixes).\n\n - ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it (git-fixes).\n\n - amd/amdgpu: Disable VCN DPG mode for Picasso (git-fixes).\n\n - apparmor: check/put label on apparmor_sk_clone_security() (git-fixes).\n\n - arm64: make STACKPROTECTOR_PER_TASK configurable (bsc#1181862).\n\n - ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes).\n\n - ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes).\n\n - ASoC: cs42l42: Always wait at least 3ms after reset (git-fixes).\n\n - ASoC: cs42l42: Do not enable/disable regulator at Bias Level (git-fixes).\n\n - ASoC: cs42l42: Fix Bitclock polarity inversion (git-fixes).\n\n - ASoC: cs42l42: Fix channel width support (git-fixes).\n\n - ASoC: cs42l42: Fix mixer volume control (git-fixes).\n\n - ASoC: es8316: Simplify adc_pga_gain_tlv table (git-fixes).\n\n - ASoC: fsl_ssi: Fix TDM slot setup for I2S mode (git-fixes).\n\n - ASoC: Intel: Add DMI quirk table to soc_intel_is_byt_cr() (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140 (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID 7316R tablet (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX OVCD current threshold (git-fixes).\n\n - ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper EZpad 7 tablet (git-fixes).\n\n - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes).\n\n - ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes).\n\n - ASoC: rt5670: Add emulated 'DAC1 Playback Switch' control (git-fixes).\n\n - ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from Sto1 ADC mixer settings (git-fixes).\n\n - ASoC: rt5670: Remove 'HP Playback Switch' control (git-fixes).\n\n - ASoC: rt5670: Remove 'OUT Channel Switch' control (git-fixes).\n\n - ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe (git-fixes).\n\n - ASoC: simple-card-utils: Do not handle device clock (git-fixes).\n\n - ath10k: fix wmi mgmt tx queue full due to race condition (git-fixes).\n\n - ath9k: fix transmitting to stations in dynamic SMPS mode (git-fixes).\n\n - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes).\n\n - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes).\n\n - blktrace-annotate-required-lock-on-do_blk_trace_setu.pat ch: (bsc#1171295).\n\n - blktrace-Avoid-sparse-warnings-when-assigning-q-blk_.pat ch: (bsc#1171295).\n\n - blktrace-break-out-of-blktrace-setup-on-concurrent-c.pat ch: (bsc#1171295).\n\n - block-clarify-context-for-refcount-increment-helpers.pat ch: (bsc#1171295).\n\n - block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes).\n\n - Bluetooth: Fix NULL pointer dereference in amp_read_loc_assoc_final_data (git-fixes).\n\n - Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl (git-fixes).\n\n - bnxt_en: reliably allocate IRQ table on reset to avoid crash (jsc#SLE-8371 bsc#1153274).\n\n - bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775).\n\n - bpf: Avoid warning when re-casting __bpf_call_base into\n __bpf_call_base_args (bsc#1155518).\n\n - bpf: Declare __bpf_free_used_maps() unconditionally (bsc#1155518).\n\n - bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp programs (bsc#1155518).\n\n - bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170).\n\n - bpf_lru_list: Read double-checked variable once without lock (bsc#1155518).\n\n - bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775).\n\n - bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163).\n\n - brcmfmac: Add DMI nvram filename quirk for Predia Basic tablet (git-fixes).\n\n - brcmfmac: Add DMI nvram filename quirk for Voyo winpad A15 tablet (git-fixes).\n\n - btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root (bsc#1184217).\n\n - btrfs: always pin deleted leaves when there are active tree mod log users (bsc#1184224).\n\n - btrfs: fix exhaustion of the system chunk array due to concurrent allocations (bsc#1183386).\n\n - btrfs: fix extent buffer leak on failure to copy root (bsc#1184218).\n\n - btrfs: fix race when cloning extent buffer during rewind of an old root (bsc#1184193).\n\n - btrfs: fix stale data exposure after cloning a hole with NO_HOLES enabled (bsc#1184220).\n\n - btrfs: fix subvolume/snapshot deletion not triggered on mount (bsc#1184219).\n\n - bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes).\n\n - can: c_can: move runtime PM enable/disable to c_can_platform (git-fixes).\n\n - can: c_can_pci: c_can_pci_remove(): fix use-after-free (git-fixes).\n\n - can: flexcan: assert FRZ bit in flexcan_chip_freeze() (git-fixes).\n\n - can: flexcan: enable RX FIFO after FRZ/HALT valid (git-fixes).\n\n - can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate (git-fixes).\n\n - can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode (git-fixes).\n\n - can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning (git-fixes).\n\n - can: peak_usb: add forgotten supported devices (git-fixes).\n\n - can: peak_usb: Revert 'can: peak_usb: add forgotten supported devices' (git-fixes).\n\n - can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership (git-fixes).\n\n - cdc-acm: fix BREAK rx code path adding necessary calls (git-fixes).\n\n - certs: Fix blacklist flag type confusion (git-fixes).\n\n - cifs: check pointer before freeing (bsc#1183534).\n\n - completion: Drop init_completion define (git-fixes).\n\n - configfs: fix a use-after-free in __configfs_open_file (git-fixes).\n\n - config: net: freescale: change xgmac-mdio to built-in References: bsc#1183015,bsc#1182595\n\n - crypto: aesni - prevent misaligned buffers on the stack (git-fixes).\n\n - crypto: arm64/sha - add missing module aliases (git-fixes).\n\n - crypto: bcm - Rename struct device_private to bcm_device_private (git-fixes).\n\n - crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires the manager (git-fixes).\n\n - crypto: tcrypt - avoid signed overflow in byte count (git-fixes).\n\n - Delete patches.suse/sched-Reenable-interrupts-in-do_sched_yield .patch (bsc#1183530) \n\n - drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue (git-fixes).\n\n - drm/amd/display: Guard against NULL pointer deref when get_i2c_info fails (git-fixes).\n\n - drm/amdgpu: Add check to prevent IH overflow (git-fixes).\n\n - drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie (git-fixes).\n\n - drm/amdkfd: Put ACPI table after using it (bsc#1152489) Backporting notes: * context changes\n\n - drm/amd/powerplay: fix spelling mistake 'smu_state_memroy_block' -> (bsc#1152489) Backporting notes: * rename amd/pm to amd/powerplay * context changes\n\n - drm/compat: Clear bounce structures (git-fixes).\n\n - drm/hisilicon: Fix use-after-free (git-fixes).\n\n - drm/i915: Reject 446-480MHz HDMI clock on GLK (git-fixes).\n\n - drm/mediatek: Fix aal size config (bsc#1152489) Backporting notes: * replaced mtk_ddp_write() with writel()\n\n - drm: meson_drv add shutdown function (git-fixes).\n\n - drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register (git-fixes).\n\n - drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) (git-fixes).\n\n - drm/msm: Fix races managing the OOB state for timestamp vs (bsc#1152489) Backporting notes: * context changes\n\n - drm/msm: fix shutdown hook in case GPU components failed to bind (git-fixes).\n\n - drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1152489) Backporting notes: * context changes\n\n - drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1152489) Backporting notes: * context changes\n\n - drm/msm/gem: Add obj->lock wrappers (bsc#1152489) Backporting notes: * taken for 9b73bde39cf2 ('drm/msm:\n Fix use-after-free in msm_gem with carveout') * context changes\n\n - drm/nouveau: bail out of nouveau_channel_new if channel init fails (bsc#1152489) \n\n - drm/nouveau/kms: handle mDP connectors (git-fixes).\n\n - drm/panfrost: Do not corrupt the queue mutex on open/close (bsc#1152472) \n\n - drm/panfrost: Fix job timeout handling (bsc#1152472) Backporting notes :\n\n - drm/panfrost: Remove unused variables in panfrost_job_close() (bsc#1152472)\n\n - drm/radeon: fix AGP dependency (git-fixes).\n\n - drm: rcar-du: Fix crash when using LVDS1 clock for CRTC (bsc#1152489) Backporting notes: * context changes\n\n - drm/sched: Cancel and flush all outstanding jobs before finish (git-fixes).\n\n - drm/sun4i: tcon: fix inverted DCLK polarity (bsc#1152489) Backporting notes: * context changes\n\n - drm/tegra: sor: Grab runtime PM reference across reset (git-fixes).\n\n - drm/vc4: hdmi: Restore cec physical address on reconnect (bsc#1152472) Backporting notes: * context changes * change vc4_hdmi to vc4->hdmi * removed references to encoder->hdmi_monitor\n\n - efi: use 32-bit alignment for efi_guid_t literals (git-fixes).\n\n - epoll: check for events when removing a timed out thread from the wait queue (git-fixes).\n\n - ethernet: alx: fix order of calls on resume (git-fixes).\n\n - exec: Move would_dump into flush_old_exec (git-fixes).\n\n - exfat: add missing MODULE_ALIAS_FS() (bsc#1182989).\n\n - exfat: add the dummy mount options to be backward compatible with staging/exfat (bsc#1182989).\n\n - extcon: Add stubs for extcon_register_notifier_all() functions (git-fixes).\n\n - extcon: Fix error handling in extcon_dev_register (git-fixes).\n\n - fbdev: aty: SPARC64 requires FB_ATY_CT (git-fixes).\n\n - firmware/efi: Fix a use after bug in efi_mem_reserve_persistent (git-fixes).\n\n - flow_dissector: fix byteorder of dissected ICMP ID (bsc#1154353).\n\n - fsl/fman: check dereferencing NULL pointer (git-fixes).\n\n - fsl/fman: fix dereference null return value (git-fixes).\n\n - fsl/fman: fix eth hash table allocation (git-fixes).\n\n - fsl/fman: fix unreachable code (git-fixes).\n\n - fsl/fman: use 32-bit unsigned integer (git-fixes).\n\n - fuse: verify write return (git-fixes).\n\n - gcc-plugins: drop support for GCC <= 4.7 (bcs#1181862).\n\n - gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS again (bcs#1181862).\n\n - gcc-plugins: simplify GCC plugin-dev capability test (bsc#1181862).\n\n - gianfar: Account for Tx PTP timestamp in the skb headroom (git-fixes).\n\n - gianfar: Fix TX timestamping with a stacked DSA driver (git-fixes).\n\n - gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP (git-fixes).\n\n - Goodix Fingerprint device is not a modem (git-fixes).\n\n - gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes).\n\n - gpio: pca953x: Set IRQ type when handle Intel Galileo Gen 2 (git-fixes).\n\n - gpio: zynq: fix reference leak in zynq_gpio functions (git-fixes).\n\n - HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for ITE8568 EC on Voyo Winpad A15 (git-fixes).\n\n - HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube Adapter (git-fixes).\n\n - HSI: Fix PM usage counter unbalance in ssi_hw_init (git-fixes).\n\n - hwmon: (ina3221) Fix PM usage counter unbalance in ina3221_write_enable (git-fixes).\n\n - i2c: rcar: faster irq code to minimize HW race condition (git-fixes).\n\n - i2c: rcar: optimize cacheline to minimize HW race condition (git-fixes).\n\n - iavf: Fix incorrect adapter get in iavf_resume (git-fixes).\n\n - iavf: use generic power management (git-fixes).\n\n - ibmvnic: add comments for spinlock_t definitions (bsc#1183871 ltc#192139).\n\n - ibmvnic: always store valid MAC address (bsc#1182011 ltc#191844).\n\n - ibmvnic: avoid multiple line dereference (bsc#1183871 ltc#192139).\n\n - ibmvnic: fix block comments (bsc#1183871 ltc#192139).\n\n - ibmvnic: fix braces (bsc#1183871 ltc#192139).\n\n - ibmvnic: fix miscellaneous checks (bsc#1183871 ltc#192139).\n\n - ibmvnic: Fix possibly uninitialized old_num_tx_queues variable warning (jsc#SLE-17268).\n\n - ibmvnic: merge do_change_param_reset into do_reset (bsc#1183871 ltc#192139).\n\n - ibmvnic: prefer strscpy over strlcpy (bsc#1183871 ltc#192139).\n\n - ibmvnic: prefer 'unsigned long' over 'unsigned long int' (bsc#1183871 ltc#192139).\n\n - ibmvnic: remove excessive irqsave (bsc#1182485 ltc#191591).\n\n - ibmvnic: remove unnecessary rmb() inside ibmvnic_poll (bsc#1183871 ltc#192139).\n\n - ibmvnic: remove unused spinlock_t stats_lock definition (bsc#1183871 ltc#192139).\n\n - ibmvnic: rework to ensure SCRQ entry reads are properly ordered (bsc#1183871 ltc#192139).\n\n - ibmvnic: simplify reset_long_term_buff function (bsc#1183023 ltc#191791).\n\n - ibmvnic: substitute mb() with dma_wmb() for send_*crq* functions (bsc#1183023 ltc#191791).\n\n - ice: fix memory leak if register_netdev_fails (git-fixes).\n\n - ice: fix memory leak in ice_vsi_setup (git-fixes).\n\n - ice: Fix state bits on LLDP mode switch (jsc#SLE-7926).\n\n - ice: renegotiate link after FW DCB on (jsc#SLE-8464).\n\n - ice: report correct max number of TCs (jsc#SLE-7926).\n\n - ice: update the number of available RSS queues (jsc#SLE-7926).\n\n - igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634).\n\n - iio: adc: ad7949: fix wrong ADC result due to incorrect bit mask (git-fixes).\n\n - iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel (git-fixes).\n\n - iio: adis16400: Fix an error code in adis16400_initial_setup() (git-fixes).\n\n - iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler (git-fixes).\n\n - iio: hid-sensor-humidity: Fix alignment issue of timestamp channel (git-fixes).\n\n - iio: hid-sensor-prox: Fix scale not correct issue (git-fixes).\n\n - iio: hid-sensor-temperature: Fix issues of timestamp channel (git-fixes).\n\n - Input: applespi - do not wait for responses to commands indefinitely (git-fixes).\n\n - Input: elantech - fix protocol errors for some trackpoints in SMBus mode (git-fixes).\n\n - Input: i8042 - add ASUS Zenbook Flip to noselftest list (git-fixes).\n\n - Input: raydium_ts_i2c - do not send zero length (git-fixes).\n\n - Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S (git-fixes).\n\n - iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc#1183277).\n\n - iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183278).\n\n - iommu/qcom: add missing put_device() call in qcom_iommu_of_xlate() (bsc#1183637).\n\n - iommu/vt-d: Add get_domain_info() helper (bsc#1183279).\n\n - iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1183280).\n\n - iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid() (bsc#1183281).\n\n - iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183282).\n\n - iommu/vt-d: Fix general protection fault in aux_detach_device() (bsc#1183283).\n\n - iommu/vt-d: Fix ineffective devTLB invalidation for subdevices (bsc#1183284).\n\n - iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev() (bsc#1183285).\n\n - iommu/vt-d: Move intel_iommu info from struct intel_svm to struct intel_svm_dev (bsc#1183286).\n\n - ionic: linearize tso skb with too many frags (bsc#1167773).\n\n - kbuild: add dummy toolchains to enable all cc-option etc. in Kconfig (bcs#1181862).\n\n - kbuild: change *FLAGS_<basetarget>.o to take the path relative to $(obj) (bcs#1181862).\n\n - kbuild: dummy-tools, fix inverted tests for gcc (bcs#1181862).\n\n - kbuild: dummy-tools, support MPROFILE_KERNEL checks for ppc (bsc#1181862).\n\n - kbuild: Fail if gold linker is detected (bcs#1181862).\n\n - kbuild: improve cc-option to clean up all temporary files (bsc#1178330).\n\n - kbuild: include scripts/Makefile.* only when relevant CONFIG is enabled (bcs#1181862).\n\n - kbuild: simplify GCC_PLUGINS enablement in dummy-tools/gcc (bcs#1181862).\n\n - kbuild: stop filtering out $(GCC_PLUGINS_CFLAGS) from cc-option base (bcs#1181862).\n\n - kbuild: use -S instead of -E for precise cc-option test in Kconfig (bsc#1178330).\n\n - kconfig: introduce m32-flag and m64-flag (bcs#1181862).\n\n - KVM: nVMX: Properly handle userspace interrupt window request (bsc#1183427).\n\n - KVM: SVM: Clear the CR4 register on reset (bsc#1183252).\n\n - KVM: x86: Add helpers to perform CPUID-based guest vendor check (bsc#1183445). \n\n - KVM: x86: Add RIP to the kvm_entry, i.e. VM-Enter, tracepoint Needed as a dependency of 0b40723a827 ('kvm:\n tracing: Fix unmatched kvm_entry and kvm_exit events', bsc#1182770).\n\n - KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc#1183287).\n\n - KVM: x86: do not reset microcode version on INIT or RESET (bsc#1183412).\n\n - KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1183447).\n\n - KVM: x86: list MSR_IA32_UCODE_REV as an emulated MSR (bsc#1183369).\n\n - KVM: x86: Return -E2BIG when KVM_GET_SUPPORTED_CPUID hits max entries (bsc#1183428).\n\n - KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset (bsc#1183288).\n\n - libbpf: Clear map_info before each bpf_obj_get_info_by_fd (bsc#1155518).\n\n - libbpf: Fix BTF dump of pointer-to-array-of-struct (bsc#1155518).\n\n - libbpf: Use SOCK_CLOEXEC when opening the netlink socket (bsc#1155518).\n\n - lib/syscall: fix syscall registers retrieval on 32-bit platforms (git-fixes).\n\n - loop-be-paranoid-on-exit-and-prevent-new-additions-r.pat ch: (bsc#1171295).\n\n - mac80211: fix double free in ibss_leave (git-fixes).\n\n - mac80211: fix rate mask reset (git-fixes).\n\n - mdio: fix mdio-thunder.c dependency & build error (git-fixes).\n\n - media: cros-ec-cec: do not bail on device_init_wakeup failure (git-fixes).\n\n - media: cx23885: add more quirks for reset DMA on some AMD IOMMU (git-fixes).\n\n - media: mceusb: Fix potential out-of-bounds shift (git-fixes).\n\n - media: mceusb: sanity check for prescaler value (git-fixes).\n\n - media: rc: compile rc-cec.c into rc-core (git-fixes).\n\n - media: usbtv: Fix deadlock on suspend (git-fixes).\n\n - media: uvcvideo: Allow entities with no pads (git-fixes).\n\n - media: v4l2-ctrls.c: fix shift-out-of-bounds in std_validate (git-fixes).\n\n - media: v4l: vsp1: Fix bru NULL pointer access (git-fixes).\n\n - media: v4l: vsp1: Fix uif NULL pointer access (git-fixes).\n\n - media: vicodec: add missing v4l2_ctrl_request_hdl_put() (git-fixes).\n\n - misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom (git-fixes).\n\n - misc: fastrpc: restrict user apps from sending kernel RPC messages (git-fixes).\n\n - misc/pvpanic: Export module FDT device table (git-fixes).\n\n - misc: rtsx: init of rts522a add OCP power off when no card is present (git-fixes).\n\n - mmc: core: Fix partition switch time for eMMC (git-fixes).\n\n - mmc: cqhci: Fix random crash when remove mmc module/card (git-fixes).\n\n - mmc: mxs-mmc: Fix a resource leak in an error handling path in 'mxs_mmc_probe()' (git-fixes).\n\n - mmc: sdhci-esdhc-imx: fix kernel panic when remove module (git-fixes).\n\n - mmc: sdhci-of-dwcmshc: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes).\n\n - mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page (git-fixes).\n\n - mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (bsc#1168777).\n\n - mount: fix mounting of detached mounts onto targets that reside on shared mounts (git-fixes).\n\n - net: bonding: fix error return code of bond_neigh_init() (bsc#1154353).\n\n - net: cdc-phonet: fix data-interface release on probe failure (git-fixes).\n\n - net: core: introduce __netdev_notify_peers (bsc#1183871 ltc#192139).\n\n - netdevsim: init u64 stats for 32bit hardware (git-fixes).\n\n - net: dsa: rtl8366: Fix VLAN semantics (git-fixes).\n\n - net: dsa: rtl8366: Fix VLAN set-up (git-fixes).\n\n - net: dsa: rtl8366rb: Support all 4096 VLANs (git-fixes).\n\n - net: enic: Cure the enic api locking trainwreck (git-fixes).\n\n - net: ethernet: aquantia: Fix wrong return value (git-fixes).\n\n - net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop (git-fixes).\n\n - net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours (bsc#1183871 ltc#192139).\n\n - net: ethernet: ti: cpsw: fix clean up of vlan mc entries for host port (git-fixes).\n\n - net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() (git-fixes).\n\n - net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes).\n\n - net: fec: Fix reference count leak in fec series ops (git-fixes).\n\n - net: gemini: Fix another missing clk_disable_unprepare() in probe (git-fixes).\n\n - net: gemini: Fix missing free_netdev() in error path of gemini_ethernet_port_probe() (git-fixes).\n\n - net: gianfar: Add of_node_put() before goto statement (git-fixes).\n\n - net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device (git-fixes).\n\n - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup (git-fixes).\n\n - net: korina: cast KSEG0 address to pointer in kfree (git-fixes).\n\n - net: korina: fix kfree of rx/tx descriptor array (git-fixes).\n\n - net/mlx5: Disable devlink reload for lag devices (jsc#SLE-8464).\n\n - net/mlx5: Disable devlink reload for multi port slave device (jsc#SLE-8464).\n\n - net/mlx5: Disallow RoCE on lag device (jsc#SLE-8464).\n\n - net/mlx5: Disallow RoCE on multi port slave device (jsc#SLE-8464).\n\n - net/mlx5e: E-switch, Fix rate calculation division (jsc#SLE-8464).\n\n - net/mlx5e: E-switch, Fix rate calculation for overflow (jsc#SLE-8464).\n\n - net: mvneta: fix double free of txq->buf (git-fixes).\n\n - net: mvneta: make tx buffer array agnostic (git-fixes).\n\n - net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes).\n\n - netsec: restore phy power state after controller reset (bsc#1183757).\n\n - net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes).\n\n - net: stmmac: Fix incorrect location to set real_num_rx|tx_queues (git-fixes).\n\n - net: stmmac: removed enabling eee in EEE set callback (git-fixes).\n\n - net: stmmac: use netif_tx_start|stop_all_queues() function (git-fixes).\n\n - net: stmmac: Use rtnl_lock/unlock on netif_set_real_num_rx_queues() call (git-fixes).\n\n - net: usb: ax88179_178a: fix missing stop entry in driver_info (git-fixes).\n\n - net: usb: qmi_wwan: allow qmimux add/del with master up (git-fixes).\n\n - net: usb: qmi_wwan: support ZTE P685M modem (git-fixes).\n\n - nfp: flower: fix pre_tun mask id allocation (bsc#1154353).\n\n - nvme: allocate the keep alive request using BLK_MQ_REQ_NOWAIT (bsc#1182077).\n\n - nvme-fabrics: fix kato initialization (bsc#1182591).\n\n - nvme-fabrics: only reserve a single tag (bsc#1182077).\n\n - nvme-fc: fix racing controller reset and create association (bsc#1183048).\n\n - nvme-hwmon: Return error code when registration fails (bsc#1177326).\n\n - nvme: merge nvme_keep_alive into nvme_keep_alive_work (bsc#1182077).\n\n - nvme: return an error if nvme_set_queue_count() fails (bsc#1180197).\n\n - nvmet-rdma: Fix list_del corruption on queue establishment failure (bsc#1183501).\n\n - objtool: Fix '.cold' section suffix check for newer versions of GCC (bsc#1169514).\n\n - objtool: Fix error handling for STD/CLD warnings (bsc#1169514).\n\n - objtool: Fix retpoline detection in asm code (bsc#1169514).\n\n - ovl: fix dentry leak in ovl_get_redirect (bsc#1184176).\n\n - ovl: fix out of date comment and unreachable code (bsc#1184176).\n\n - ovl: fix regression with re-formatted lower squashfs (bsc#1184176).\n\n - ovl: fix unneeded call to ovl_change_flags() (bsc#1184176).\n\n - ovl: fix value of i_ino for lower hardlink corner case (bsc#1184176).\n\n - ovl: initialize error in ovl_copy_xattr (bsc#1184176).\n\n - ovl: relax WARN_ON() when decoding lower directory file handle (bsc#1184176).\n\n - PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse (git-fixes).\n\n - PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller (git-fixes).\n\n - PCI: Align checking of syscall user config accessors (git-fixes).\n\n - PCI: Decline to resize resources if boot config must be preserved (git-fixes).\n\n - PCI: Fix pci_register_io_range() memory leak (git-fixes).\n\n - PCI: mediatek: Add missing of_node_put() to fix reference leak (git-fixes).\n\n - PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes).\n\n - PCI: xgene-msi: Fix race in installing chained irq handler (git-fixes).\n\n - pinctrl: rockchip: fix restore error in resume (git-fixes).\n\n - Platform: OLPC: Fix probe error handling (git-fixes).\n\n - platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch 10E SW3-016 (git-fixes).\n\n - platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag (git-fixes).\n\n - platform/x86: acer-wmi: Add new force_caps module parameter (git-fixes).\n\n - platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices (git-fixes).\n\n - platform/x86: acer-wmi: Cleanup accelerometer device handling (git-fixes).\n\n - platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines (git-fixes).\n\n - platform/x86: intel-vbtn: Stop reporting SW_DOCK events (git-fixes).\n\n - PM: EM: postpone creating the debugfs dir till fs_initcall (git-fixes).\n\n - PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter (bsc#1183366).\n\n - PM: runtime: Fix race getting/putting suppliers at probe (git-fixes).\n\n - powerpc/book3s64/radix: Remove WARN_ON in destroy_context() (bsc#1183692 ltc#191963).\n\n - powerpc/pseries/mobility: handle premature return from H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922).\n\n - powerpc/pseries/mobility: use struct for shared state (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922).\n\n - printk: fix deadlock when kernel panic (bsc#1183018).\n\n - proc: fix lookup in /proc/net subdirectories after setns(2) (git-fixes).\n\n - pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() (git-fixes).\n\n - qxl: Fix uninitialised struct field head.surface_id (git-fixes).\n\n - random: fix the RNDRESEEDCRNG ioctl (git-fixes).\n\n - RDMA/hns: Disable RQ inline by default (jsc#SLE-8449).\n\n - RDMA/hns: Fix type of sq_signal_bits (jsc#SLE-8449).\n\n - RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc#1169709)\n\n - Revert 'net: bonding: fix error return code of bond_neigh_init()' (bsc#1154353).\n\n - rpadlpar: fix potential drc_name corruption in store functions (bsc#1183416 ltc#191079).\n\n - rpm/check-for-config-changes: add -mrecord-mcount ignore Added by 3b15cdc15956 (tracing: move function tracer options to Kconfig) upstream.\n\n - rpm/check-for-config-changes: comment on the list To explain what it actually is.\n\n - rpm/check-for-config-changes: declare sed args as an array So that we can reuse it in both seds. This also introduces IGNORED_CONFIGS_RE array which can be easily extended.\n\n - rpm/check-for-config-changes: define ignores more strictly * search for whole words, so make wildcards explicit * use ' for quoting * prepend CONFIG_ dynamically, so it need not be in the list\n\n - rpm/check-for-config-changes: ignore more configs Specifially, these: * CONFIG_CC_HAS_* * CONFIG_CC_HAVE_*\n * CONFIG_CC_CAN_* * CONFIG_HAVE_[A-Z]*_COMPILER * CONFIG_TOOLS_SUPPORT_* are compiler specific too. This will allow us to use super configs using kernel's dummy-tools.\n\n - rpm/check-for-config-changes: sort the ignores They are growing so to make them searchable by humans.\n\n - rsi: Fix TX EAPOL packet handling against iwlwifi AP (git-fixes).\n\n - rsi: Move card interrupt handling to RX thread (git-fixes).\n\n - rsxx: Return -EFAULT if copy_to_user() fails (git-fixes).\n\n - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes).\n\n - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes).\n\n - s390/crypto: return -EFAULT if copy_to_user() fails (git-fixes).\n\n - s390/dasd: fix hanging IO request during DASD driver unbind (git-fixes).\n\n - s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes).\n\n - s390/qeth: fix notification for pending buffers during teardown (git-fixes).\n\n - s390/qeth: improve completion of pending TX buffers (git-fixes).\n\n - s390/qeth: schedule TX NAPI on QAOB completion (git-fixes).\n\n - s390/vtime: fix increased steal time accounting (bsc#1183859).\n\n - samples, bpf: Add missing munmap in xdpsock (bsc#1155518).\n\n - scsi: lpfc: Change wording of invalid pci reset log message (bsc#1182574).\n\n - scsi: lpfc: Correct function header comments related to ndlp reference counting (bsc#1182574).\n\n - scsi: lpfc: Fix ADISC handling that never frees nodes (bsc#1182574).\n\n - scsi: lpfc: Fix crash caused by switch reboot (bsc#1182574).\n\n - scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (bsc#1182574).\n\n - scsi: lpfc: Fix FLOGI failure due to accessing a freed node (bsc#1182574).\n\n - scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe (bsc#1182574).\n\n - scsi: lpfc: Fix lpfc_els_retry() possible NULL pointer dereference (bsc#1182574).\n\n - scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574).\n\n - scsi: lpfc: Fix NULL pointer dereference in lpfc_prep_els_iocb() (bsc#1182574).\n\n - scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN (bsc#1182574).\n\n - scsi: lpfc: Fix pt2pt connection does not recover after LOGO (bsc#1182574).\n\n - scsi: lpfc: Fix pt2pt state transition causing rmmod hang (bsc#1182574).\n\n - scsi: lpfc: Fix reftag generation sizing errors (bsc#1182574).\n\n - scsi: lpfc: Fix stale node accesses on stale RRQ request (bsc#1182574).\n\n - scsi: lpfc: Fix status returned in lpfc_els_retry() error exit path (bsc#1182574).\n\n - scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf (bsc#1182574).\n\n - scsi: lpfc: Fix use after free in lpfc_els_free_iocb (bsc#1182574).\n\n - scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid() (bsc#1182574).\n\n - scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports (bsc#1182574).\n\n - scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8 changes (bsc#1182574).\n\n - scsi: lpfc: Update lpfc version to 12.8.0.8 (bsc#1182574).\n\n - scsi: target: pscsi: Avoid OOM in pscsi_map_sg() (bsc#1183843).\n\n - scsi: target: pscsi: Clean up after failure in pscsi_map_sg() (bsc#1183843).\n\n - selftests/bpf: Mask bpf_csum_diff() return value to 16 bits in test_verifier (bsc#1155518).\n\n - selftests/bpf: No need to drop the packet when there is no geneve opt (bsc#1155518).\n\n - selftests/bpf: Set gopt opt_class to 0 if get tunnel opt failed (bsc#1155518).\n\n - selinux: fix error initialization in inode_doinit_with_dentry() (git-fixes).\n\n - selinux: Fix error return code in sel_ib_pkey_sid_slow() (git-fixes).\n\n - selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling (git-fixes).\n\n - smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540).\n\n - software node: Fix node registration (git-fixes).\n\n - spi: stm32: make spurious and overrun interrupts visible (git-fixes).\n\n - squashfs: fix inode lookup sanity checks (bsc#1183750).\n\n - squashfs: fix xattr id and id lookup sanity checks (bsc#1183750).\n\n - staging: bcm2835-audio: Replace unsafe strcpy() with strscpy() (git-fixes).\n\n - staging: comedi: addi_apci_1032: Fix endian problem for COS sample (git-fixes).\n\n - staging: comedi: addi_apci_1500: Fix endian problem for command sample (git-fixes).\n\n - staging: comedi: adv_pci1710: Fix endian problem for AI command data (git-fixes).\n\n - staging: comedi: das6402: Fix endian problem for AI command data (git-fixes).\n\n - staging: comedi: das800: Fix endian problem for AI command data (git-fixes).\n\n - staging: comedi: dmm32at: Fix endian problem for AI command data (git-fixes).\n\n - staging: comedi: me4000: Fix endian problem for AI command data (git-fixes).\n\n - staging: comedi: pcl711: Fix endian problem for AI command data (git-fixes).\n\n - staging: comedi: pcl818: Fix endian problem for AI command data (git-fixes).\n\n - staging: fwserial: Fix error handling in fwserial_create (git-fixes).\n\n - staging: gdm724x: Fix DMA from stack (git-fixes).\n\n - staging: ks7010: prevent buffer overflow in ks_wlan_set_scan() (git-fixes).\n\n - staging: most: sound: add sanity check for function argument (git-fixes).\n\n - staging: rtl8188eu: Add Edimax EW-7811UN V2 to device table (git-fixes).\n\n - staging: rtl8188eu: fix potential memory corruption in rtw_check_beacon_data() (git-fixes).\n\n - staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan() (git-fixes).\n\n - staging: rtl8192e: Change state information from u16 to u8 (git-fixes).\n\n - staging: rtl8192e: Fix incorrect source in memcpy() (git-fixes).\n\n - staging: rtl8192e: Fix possible buffer overflow in\n _rtl92e_wx_set_scan (git-fixes).\n\n - staging: rtl8192u: fix ->ssid overflow in r8192_wx_set_scan() (git-fixes).\n\n - staging: rtl8712: Fix possible buffer overflow in r8712_sitesurvey_cmd (git-fixes).\n\n - staging: rtl8712: unterminated string leads to read overflow (git-fixes).\n\n - stop_machine: mark helpers __always_inline (git-fixes).\n\n - udlfb: Fix memory leak in dlfb_usb_probe (git-fixes).\n\n - Update bug reference for USB-audio fixes (bsc#1182552 bsc#1183598)\n\n - USB: cdc-acm: fix double free on probe failure (git-fixes).\n\n - USB: cdc-acm: fix use-after-free after probe failure (git-fixes).\n\n - USB: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board (git-fixes).\n\n - USB: dwc2: Prevent core suspend when port connection flag is 0 (git-fixes).\n\n - USB: dwc3: gadget: Fix dep->interval for fullspeed interrupt (git-fixes).\n\n - USB: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1 (git-fixes).\n\n - USB: dwc3: qcom: Add missing DWC3 OF node refcount decrement (git-fixes).\n\n - USB: dwc3: qcom: Honor wakeup enabled/disabled state (git-fixes).\n\n - USB: gadget: configfs: Fix KASAN use-after-free (git-fixes).\n\n - USB: gadget: f_uac1: stop playback on function disable (git-fixes).\n\n - USB: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot (git-fixes).\n\n - USB: gadget: udc: amd5536udc_pci fix null-ptr-dereference (git-fixes).\n\n - USB: gadget: u_ether: Fix a configfs return code (git-fixes).\n\n - USBip: Fix incorrect double assignment to udc->ud.tcp_rx (git-fixes).\n\n - USBip: fix stub_dev to check for stream socket (git-fixes).\n\n - USBip: fix stub_dev USBip_sockfd_store() races leading to gpf (git-fixes).\n\n - USBip: fix vhci_hcd attach_store() races leading to gpf (git-fixes).\n\n - USBip: fix vhci_hcd to check for stream socket (git-fixes).\n\n - USBip: fix vudc to check for stream socket (git-fixes).\n\n - USBip: fix vudc usbip_sockfd_store races leading to gpf (git-fixes).\n\n - USBip: tools: fix build error for multiple definition (git-fixes).\n\n - USB: musb: Fix suspend with devices connected for a64 (git-fixes).\n\n - USB: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM (git-fixes).\n\n - USB: replace hardcode maximum usb string length by definition (git-fixes).\n\n - USB: serial: ch341: add new Product ID (git-fixes).\n\n - USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter (git-fixes).\n\n - USB: serial: cp210x: add some more GE USB IDs (git-fixes).\n\n - USB: serial: ftdi_sio: fix FTX sub-integer prescaler (git-fixes).\n\n - USB: serial: io_edgeport: fix memory leak in edge_startup (git-fixes).\n\n - USB-storage: Add quirk to defeat Kindle's automatic unload (git-fixes).\n\n - USB: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy- (git-fixes).\n\n - USB: usblp: fix a hang in poll() if disconnected (git-fixes).\n\n - USB: xhci: do not perform Soft Retry for some xHCI hosts (git-fixes).\n\n - USB: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing (git-fixes).\n\n - USB: xhci-mtk: fix broken streams issue on 0.96 xHCI (git-fixes).\n\n - use __netdev_notify_peers in ibmvnic (bsc#1183871 ltc#192139).\n\n - video: fbdev: acornfb: remove free_unused_pages() (bsc#1152489)\n\n - video: hyperv_fb: Fix a double free in hvfb_probe (git-fixes).\n\n - VMCI: Use set_page_dirty_lock() when unregistering guest memory (git-fixes).\n\n - vt/consolemap: do font sum unsigned (git-fixes).\n\n - watchdog: mei_wdt: request stop on unregister (git-fixes).\n\n - wireguard: device: do not generate ICMP for non-IP packets (git-fixes).\n\n - wireguard: kconfig: use arm chacha even with no neon (git-fixes).\n\n - wireguard: selftests: test multiple parallel streams (git-fixes).\n\n - wlcore: Fix command execute failure 19 for wl12xx (git-fixes).\n\n - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1152489).\n\n - xen/events: avoid handling the same event on two cpus at the same time (git-fixes).\n\n - xen/events: do not unmask an event channel when an eoi is pending (git-fixes).\n\n - xen/events: reset affinity of 2-level event when tearing it down (git-fixes).\n\n - xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367).\n\n - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367).\n\n - xfs: group quota should return EDQUOT when prj quota enabled (bsc#1180980).\n\n - xhci: Fix repeated xhci wake after suspend due to uncleared internal wake state (git-fixes).\n\n - xhci: Improve detection of device initiated wake signal (git-fixes).", "cvss3": {}, "published": "2021-04-12T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2021-532)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18814", "CVE-2019-19769", "CVE-2020-27170", "CVE-2020-27171", "CVE-2020-27815", "CVE-2020-35519", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-28038", "CVE-2021-28375", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972", "CVE-2021-29264", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-3428", "CVE-2021-3444"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-rebuild", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-preempt", "p-cpe:/a:novell:opensuse:kernel-preempt-debuginfo", "p-cpe:/a:novell:opensuse:kernel-preempt-debugsource", "p-cpe:/a:novell:opensuse:kernel-preempt-devel", "p-cpe:/a:novell:opensuse:kernel-preempt-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-532.NASL", "href": "https://www.tenable.com/plugins/nessus/148438", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-532.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148438);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2019-18814\",\n \"CVE-2019-19769\",\n \"CVE-2020-27170\",\n \"CVE-2020-27171\",\n \"CVE-2020-27815\",\n \"CVE-2020-35519\",\n \"CVE-2021-3428\",\n \"CVE-2021-3444\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\",\n \"CVE-2021-28038\",\n \"CVE-2021-28375\",\n \"CVE-2021-28660\",\n \"CVE-2021-28688\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-28972\",\n \"CVE-2021-29264\",\n \"CVE-2021-29265\",\n \"CVE-2021-29647\"\n );\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2021-532)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The openSUSE Leap 15.2 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2021-3444: Fixed an issue with the bpf verifier\n which did not properly handle mod32 destination register\n truncation when the source register was known to be 0\n leading to out of bounds read (bsc#1184170).\n\n - CVE-2021-3428: Fixed an integer overflow in\n ext4_es_cache_extent (bsc#1173485).\n\n - CVE-2021-29647: Fixed an issue in qrtr_recvmsg which\n could have allowed attackers to obtain sensitive\n information from kernel memory because of a partially\n uninitialized data structure (bsc#1184192 ).\n\n - CVE-2021-29265: Fixed an issue in usbip_sockfd_store\n which could have allowed attackers to cause a denial of\n service due to race conditions during an update of the\n local and shared status (bsc#1184167).\n\n - CVE-2021-29264: Fixed an issue in the Freescale Gianfar\n Ethernet driver which could have allowed attackers to\n cause a system crash due to a calculation of negative\n fragment size (bsc#1184168).\n\n - CVE-2021-28972: Fixed a user-tolerable buffer overflow\n when writing a new device name to the driver from\n userspace, allowing userspace to write data to the\n kernel stack frame directly (bsc#1184198).\n\n - CVE-2021-28971: Fixed an issue in\n intel_pmu_drain_pebs_nhm which could have caused a\n system crash because the PEBS status in a PEBS record\n was mishandled (bsc#1184196 ).\n\n - CVE-2021-28964: Fixed a race condition in get_old_root\n which could have allowed attackers to cause a denial of\n service (bsc#1184193).\n\n - CVE-2021-28688: Fixed an issue introduced by XSA-365\n (bsc#1183646).\n\n - CVE-2021-28660: Fixed an out of bounds write in\n rtw_wx_set_scan (bsc#1183593 ).\n\n - CVE-2021-28375: Fixed an issue in\n fastrpc_internal_invoke which did not prevent user\n applications from sending kernel RPC messages\n (bsc#1183596).\n\n - CVE-2021-28038: Fixed an issue with the netback driver\n which was lacking necessary treatment of errors such as\n failed memory allocations (bsc#1183022).\n\n - CVE-2021-27365: Fixed an issue where an unprivileged\n user can send a Netlink message that is associated with\n iSCSI, and has a length up to the maximum length of a\n Netlink message (bsc#1182715).\n\n - CVE-2021-27364: Fixed an issue where an attacker could\n craft Netlink messages (bsc#1182717).\n\n - CVE-2021-27363: Fixed a kernel pointer leak which could\n have been used to determine the address of the\n iscsi_transport structure (bsc#1182716).\n\n - CVE-2020-35519: Fixed an out-of-bounds memory access was\n found in x25_bind (bsc#1183696).\n\n - CVE-2020-27815: Fixed an issue in JFS filesystem where\n could have allowed an attacker to execute code\n (bsc#1179454).\n\n - CVE-2020-27171: Fixed an off-by-one error affecting\n out-of-bounds speculation on pointer arithmetic, leading\n to side-channel attacks that defeat Spectre mitigations\n and obtain sensitive information from kernel memory\n (bsc#1183775).\n\n - CVE-2020-27170: Fixed potential side-channel attacks\n that defeat Spectre mitigations and obtain sensitive\n information from kernel memory (bsc#1183686).\n\n - CVE-2019-19769: Fixed a use-after-free in the\n perf_trace_lock_acquire function (bsc#1159280 ).\n\n - CVE-2019-18814: Fixed a use-after-free when\n aa_label_parse() fails in aa_audit_rule_init()\n (bsc#1156256).\n\nThe following non-security bugs were fixed :\n\n -\n 0007-block-add-docs-for-gendisk-request_queue-refcount-h\n e.patch: (bsc#1171295, git fixes (block drivers)).\n\n -\n 0008-block-revert-back-to-synchronous-request_queue-remo\n v.patch: (bsc#1171295, git fixes (block drivers)).\n\n - 0009-blktrace-fix-debugfs-use-after-free.patch:\n (bsc#1171295, git fixes (block drivers)). \n\n - ACPI: bus: Constify is_acpi_node() and friends (part 2)\n (git-fixes).\n\n - ACPICA: Always create namespace nodes using\n acpi_ns_create_node() (git-fixes).\n\n - ACPICA: Enable sleep button on ACPI legacy wake\n (bsc#1181383).\n\n - ACPICA: Fix race in generic_serial_bus (I2C) and GPIO\n op_region parameter handling (git-fixes).\n\n - ACPI: scan: Rearrange memory allocation in\n acpi_device_add() (git-fixes).\n\n - ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807\n (git-fixes).\n\n - ACPI: video: Add missing callback back for Sony\n VPCEH3U1E (git-fixes).\n\n - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits\n (git-fixes).\n\n - ALSA: hda: Avoid spurious unsol event handling during\n S3/S4 (git-fixes).\n\n - ALSA: hda: Drop the BATCH workaround for AMD controllers\n (git-fixes).\n\n - ALSA: hda: generic: Fix the micmute led init state\n (git-fixes).\n\n - ALSA: hda/hdmi: Cancel pending works before suspend\n (git-fixes).\n\n - ALSA: hda/realtek: Add quirk for Clevo NH55RZQ\n (git-fixes).\n\n - ALSA: hda/realtek: Add quirk for Intel NUC 10\n (git-fixes).\n\n - ALSA: hda/realtek: Apply dual codec quirks for MSI\n Godlike X570 board (git-fixes).\n\n - ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi\n Redmibook Air (git-fixes).\n\n - ALSA: hda/realtek: apply pin quirk for XiaomiNotebook\n Pro (git-fixes).\n\n - ALSA: hda/realtek: Enable headset mic of Acer SWIFT with\n ALC256 (git-fixes).\n\n - ALSA: hda/realtek: fix a determine_headset_type issue\n for a Dell AIO (git-fixes).\n\n - ALSA: usb: Add Plantronics C320-M USB ctrl msg delay\n quirk (bsc#1182552).\n\n - ALSA: usb-audio: Allow modifying parameters with\n succeeding hw_params calls (bsc#1182552).\n\n - ALSA: usb-audio: Apply sample rate quirk to Logitech\n Connect (git-fixes).\n\n - ALSA: usb-audio: Apply the control quirk to Plantronics\n headsets (bsc#1182552).\n\n - ALSA: usb-audio: Disable USB autosuspend properly in\n setup_disable_autosuspend() (bsc#1182552).\n\n - ALSA: usb-audio: Do not abort even if the clock rate\n differs (bsc#1182552).\n\n - ALSA: usb-audio: Drop bogus dB range in too low level\n (bsc#1182552).\n\n - ALSA: usb-audio: Fix 'cannot get freq eq' errors on Dell\n AE515 sound bar (bsc#1182552).\n\n - ALSA: usb-audio: fix NULL ptr dereference in\n usb_audio_probe (bsc#1182552).\n\n - ALSA: usb-audio: Fix 'RANGE setting not yet supported'\n errors (git-fixes).\n\n - ALSA: usb-audio: fix use after free in\n usb_audio_disconnect (bsc#1182552).\n\n - ALSA: usb-audio: Skip the clock selector inquiry for\n single connections (git-fixes).\n\n - ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it\n (git-fixes).\n\n - amd/amdgpu: Disable VCN DPG mode for Picasso\n (git-fixes).\n\n - apparmor: check/put label on\n apparmor_sk_clone_security() (git-fixes).\n\n - arm64: make STACKPROTECTOR_PER_TASK configurable\n (bsc#1181862).\n\n - ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes).\n\n - ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes).\n\n - ASoC: cs42l42: Always wait at least 3ms after reset\n (git-fixes).\n\n - ASoC: cs42l42: Do not enable/disable regulator at Bias\n Level (git-fixes).\n\n - ASoC: cs42l42: Fix Bitclock polarity inversion\n (git-fixes).\n\n - ASoC: cs42l42: Fix channel width support (git-fixes).\n\n - ASoC: cs42l42: Fix mixer volume control (git-fixes).\n\n - ASoC: es8316: Simplify adc_pga_gain_tlv table\n (git-fixes).\n\n - ASoC: fsl_ssi: Fix TDM slot setup for I2S mode\n (git-fixes).\n\n - ASoC: Intel: Add DMI quirk table to\n soc_intel_is_byt_cr() (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium\n 140 (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One\n S1002 tablet (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for the Estar\n Beauty HD MID 7316R tablet (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad\n A15 tablet (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX\n OVCD current threshold (git-fixes).\n\n - ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper\n EZpad 7 tablet (git-fixes).\n\n - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off\n by a factor of 10 (git-fixes).\n\n - ASoC: rt5651: Fix dac- and adc- vol-tlv values being off\n by a factor of 10 (git-fixes).\n\n - ASoC: rt5670: Add emulated 'DAC1 Playback Switch'\n control (git-fixes).\n\n - ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from\n Sto1 ADC mixer settings (git-fixes).\n\n - ASoC: rt5670: Remove 'HP Playback Switch' control\n (git-fixes).\n\n - ASoC: rt5670: Remove 'OUT Channel Switch' control\n (git-fixes).\n\n - ASoC: sgtl5000: set DAP_AVC_CTRL register to correct\n default value on probe (git-fixes).\n\n - ASoC: simple-card-utils: Do not handle device clock\n (git-fixes).\n\n - ath10k: fix wmi mgmt tx queue full due to race condition\n (git-fixes).\n\n - ath9k: fix transmitting to stations in dynamic SMPS mode\n (git-fixes).\n\n - binfmt_misc: fix possible deadlock in bm_register_write\n (git-fixes).\n\n - binfmt_misc: fix possible deadlock in bm_register_write\n (git-fixes).\n\n -\n blktrace-annotate-required-lock-on-do_blk_trace_setu.pat\n ch: (bsc#1171295).\n\n -\n blktrace-Avoid-sparse-warnings-when-assigning-q-blk_.pat\n ch: (bsc#1171295).\n\n -\n blktrace-break-out-of-blktrace-setup-on-concurrent-c.pat\n ch: (bsc#1171295).\n\n -\n block-clarify-context-for-refcount-increment-helpers.pat\n ch: (bsc#1171295).\n\n - block: rsxx: fix error return code of rsxx_pci_probe()\n (git-fixes).\n\n - Bluetooth: Fix NULL pointer dereference in\n amp_read_loc_assoc_final_data (git-fixes).\n\n - Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY\n for btrtl (git-fixes).\n\n - bnxt_en: reliably allocate IRQ table on reset to avoid\n crash (jsc#SLE-8371 bsc#1153274).\n\n - bpf: Add sanity check for upper ptr_limit (bsc#1183686\n bsc#1183775).\n\n - bpf: Avoid warning when re-casting __bpf_call_base into\n __bpf_call_base_args (bsc#1155518).\n\n - bpf: Declare __bpf_free_used_maps() unconditionally\n (bsc#1155518).\n\n - bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp\n programs (bsc#1155518).\n\n - bpf: Fix 32 bit src register truncation on div/mod\n (bsc#1184170).\n\n - bpf_lru_list: Read double-checked variable once without\n lock (bsc#1155518).\n\n - bpf: Simplify alu_limit masking for pointer arithmetic\n (bsc#1183686 bsc#1183775).\n\n - bpf,x64: Pad NOPs to make images converge more easily\n (bsc#1178163).\n\n - brcmfmac: Add DMI nvram filename quirk for Predia Basic\n tablet (git-fixes).\n\n - brcmfmac: Add DMI nvram filename quirk for Voyo winpad\n A15 tablet (git-fixes).\n\n - btrfs: abort the transaction if we fail to inc ref in\n btrfs_copy_root (bsc#1184217).\n\n - btrfs: always pin deleted leaves when there are active\n tree mod log users (bsc#1184224).\n\n - btrfs: fix exhaustion of the system chunk array due to\n concurrent allocations (bsc#1183386).\n\n - btrfs: fix extent buffer leak on failure to copy root\n (bsc#1184218).\n\n - btrfs: fix race when cloning extent buffer during rewind\n of an old root (bsc#1184193).\n\n - btrfs: fix stale data exposure after cloning a hole with\n NO_HOLES enabled (bsc#1184220).\n\n - btrfs: fix subvolume/snapshot deletion not triggered on\n mount (bsc#1184219).\n\n - bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD\n (git-fixes).\n\n - can: c_can: move runtime PM enable/disable to\n c_can_platform (git-fixes).\n\n - can: c_can_pci: c_can_pci_remove(): fix use-after-free\n (git-fixes).\n\n - can: flexcan: assert FRZ bit in flexcan_chip_freeze()\n (git-fixes).\n\n - can: flexcan: enable RX FIFO after FRZ/HALT valid\n (git-fixes).\n\n - can: flexcan: flexcan_chip_freeze(): fix chip freeze for\n missing bitrate (git-fixes).\n\n - can: flexcan: invoke flexcan_chip_freeze() to enter\n freeze mode (git-fixes).\n\n - can: m_can: m_can_do_rx_poll(): fix extraneous msg loss\n warning (git-fixes).\n\n - can: peak_usb: add forgotten supported devices\n (git-fixes).\n\n - can: peak_usb: Revert 'can: peak_usb: add forgotten\n supported devices' (git-fixes).\n\n - can: skb: can_skb_set_owner(): fix ref counting if\n socket was closed before setting skb ownership\n (git-fixes).\n\n - cdc-acm: fix BREAK rx code path adding necessary calls\n (git-fixes).\n\n - certs: Fix blacklist flag type confusion (git-fixes).\n\n - cifs: check pointer before freeing (bsc#1183534).\n\n - completion: Drop init_completion define (git-fixes).\n\n - configfs: fix a use-after-free in __configfs_open_file\n (git-fixes).\n\n - config: net: freescale: change xgmac-mdio to built-in\n References: bsc#1183015,bsc#1182595\n\n - crypto: aesni - prevent misaligned buffers on the stack\n (git-fixes).\n\n - crypto: arm64/sha - add missing module aliases\n (git-fixes).\n\n - crypto: bcm - Rename struct device_private to\n bcm_device_private (git-fixes).\n\n - crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires\n the manager (git-fixes).\n\n - crypto: tcrypt - avoid signed overflow in byte count\n (git-fixes).\n\n - Delete\n patches.suse/sched-Reenable-interrupts-in-do_sched_yield\n .patch (bsc#1183530) \n\n - drivers/misc/vmw_vmci: restrict too big queue size in\n qp_host_alloc_queue (git-fixes).\n\n - drm/amd/display: Guard against NULL pointer deref when\n get_i2c_info fails (git-fixes).\n\n - drm/amdgpu: Add check to prevent IH overflow\n (git-fixes).\n\n - drm/amdgpu: fix parameter error of RREG32_PCIE() in\n amdgpu_regs_pcie (git-fixes).\n\n - drm/amdkfd: Put ACPI table after using it (bsc#1152489)\n Backporting notes: * context changes\n\n - drm/amd/powerplay: fix spelling mistake\n 'smu_state_memroy_block' -> (bsc#1152489) Backporting\n notes: * rename amd/pm to amd/powerplay * context\n changes\n\n - drm/compat: Clear bounce structures (git-fixes).\n\n - drm/hisilicon: Fix use-after-free (git-fixes).\n\n - drm/i915: Reject 446-480MHz HDMI clock on GLK\n (git-fixes).\n\n - drm/mediatek: Fix aal size config (bsc#1152489)\n Backporting notes: * replaced mtk_ddp_write() with\n writel()\n\n - drm: meson_drv add shutdown function (git-fixes).\n\n - drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL\n register (git-fixes).\n\n - drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY)\n (git-fixes).\n\n - drm/msm: Fix races managing the OOB state for timestamp\n vs (bsc#1152489) Backporting notes: * context changes\n\n - drm/msm: fix shutdown hook in case GPU components failed\n to bind (git-fixes).\n\n - drm/msm: Fix use-after-free in msm_gem with carveout\n (bsc#1152489) Backporting notes: * context changes\n\n - drm/msm: Fix WARN_ON() splat in _free_object()\n (bsc#1152489) Backporting notes: * context changes\n\n - drm/msm/gem: Add obj->lock wrappers (bsc#1152489)\n Backporting notes: * taken for 9b73bde39cf2 ('drm/msm:\n Fix use-after-free in msm_gem with carveout') * context\n changes\n\n - drm/nouveau: bail out of nouveau_channel_new if channel\n init fails (bsc#1152489) \n\n - drm/nouveau/kms: handle mDP connectors (git-fixes).\n\n - drm/panfrost: Do not corrupt the queue mutex on\n open/close (bsc#1152472) \n\n - drm/panfrost: Fix job timeout handling (bsc#1152472)\n Backporting notes :\n\n - drm/panfrost: Remove unused variables in\n panfrost_job_close() (bsc#1152472)\n\n - drm/radeon: fix AGP dependency (git-fixes).\n\n - drm: rcar-du: Fix crash when using LVDS1 clock for CRTC\n (bsc#1152489) Backporting notes: * context changes\n\n - drm/sched: Cancel and flush all outstanding jobs before\n finish (git-fixes).\n\n - drm/sun4i: tcon: fix inverted DCLK polarity\n (bsc#1152489) Backporting notes: * context changes\n\n - drm/tegra: sor: Grab runtime PM reference across reset\n (git-fixes).\n\n - drm/vc4: hdmi: Restore cec physical address on reconnect\n (bsc#1152472) Backporting notes: * context changes *\n change vc4_hdmi to vc4->hdmi * removed references to\n encoder->hdmi_monitor\n\n - efi: use 32-bit alignment for efi_guid_t literals\n (git-fixes).\n\n - epoll: check for events when removing a timed out thread\n from the wait queue (git-fixes).\n\n - ethernet: alx: fix order of calls on resume (git-fixes).\n\n - exec: Move would_dump into flush_old_exec (git-fixes).\n\n - exfat: add missing MODULE_ALIAS_FS() (bsc#1182989).\n\n - exfat: add the dummy mount options to be backward\n compatible with staging/exfat (bsc#1182989).\n\n - extcon: Add stubs for extcon_register_notifier_all()\n functions (git-fixes).\n\n - extcon: Fix error handling in extcon_dev_register\n (git-fixes).\n\n - fbdev: aty: SPARC64 requires FB_ATY_CT (git-fixes).\n\n - firmware/efi: Fix a use after bug in\n efi_mem_reserve_persistent (git-fixes).\n\n - flow_dissector: fix byteorder of dissected ICMP ID\n (bsc#1154353).\n\n - fsl/fman: check dereferencing NULL pointer (git-fixes).\n\n - fsl/fman: fix dereference null return value (git-fixes).\n\n - fsl/fman: fix eth hash table allocation (git-fixes).\n\n - fsl/fman: fix unreachable code (git-fixes).\n\n - fsl/fman: use 32-bit unsigned integer (git-fixes).\n\n - fuse: verify write return (git-fixes).\n\n - gcc-plugins: drop support for GCC <= 4.7 (bcs#1181862).\n\n - gcc-plugins: make it possible to disable\n CONFIG_GCC_PLUGINS again (bcs#1181862).\n\n - gcc-plugins: simplify GCC plugin-dev capability test\n (bsc#1181862).\n\n - gianfar: Account for Tx PTP timestamp in the skb\n headroom (git-fixes).\n\n - gianfar: Fix TX timestamping with a stacked DSA driver\n (git-fixes).\n\n - gianfar: Replace skb_realloc_headroom with skb_cow_head\n for PTP (git-fixes).\n\n - Goodix Fingerprint device is not a modem (git-fixes).\n\n - gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes).\n\n - gpio: pca953x: Set IRQ type when handle Intel Galileo\n Gen 2 (git-fixes).\n\n - gpio: zynq: fix reference leak in zynq_gpio functions\n (git-fixes).\n\n - HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for\n ITE8568 EC on Voyo Winpad A15 (git-fixes).\n\n - HID: mf: add support for 0079:1846 Mayflash/Dragonrise\n USB Gamecube Adapter (git-fixes).\n\n - HSI: Fix PM usage counter unbalance in ssi_hw_init\n (git-fixes).\n\n - hwmon: (ina3221) Fix PM usage counter unbalance in\n ina3221_write_enable (git-fixes).\n\n - i2c: rcar: faster irq code to minimize HW race condition\n (git-fixes).\n\n - i2c: rcar: optimize cacheline to minimize HW race\n condition (git-fixes).\n\n - iavf: Fix incorrect adapter get in iavf_resume\n (git-fixes).\n\n - iavf: use generic power management (git-fixes).\n\n - ibmvnic: add comments for spinlock_t definitions\n (bsc#1183871 ltc#192139).\n\n - ibmvnic: always store valid MAC address (bsc#1182011\n ltc#191844).\n\n - ibmvnic: avoid multiple line dereference (bsc#1183871\n ltc#192139).\n\n - ibmvnic: fix block comments (bsc#1183871 ltc#192139).\n\n - ibmvnic: fix braces (bsc#1183871 ltc#192139).\n\n - ibmvnic: fix miscellaneous checks (bsc#1183871\n ltc#192139).\n\n - ibmvnic: Fix possibly uninitialized old_num_tx_queues\n variable warning (jsc#SLE-17268).\n\n - ibmvnic: merge do_change_param_reset into do_reset\n (bsc#1183871 ltc#192139).\n\n - ibmvnic: prefer strscpy over strlcpy (bsc#1183871\n ltc#192139).\n\n - ibmvnic: prefer 'unsigned long' over 'unsigned long int'\n (bsc#1183871 ltc#192139).\n\n - ibmvnic: remove excessive irqsave (bsc#1182485\n ltc#191591).\n\n - ibmvnic: remove unnecessary rmb() inside ibmvnic_poll\n (bsc#1183871 ltc#192139).\n\n - ibmvnic: remove unused spinlock_t stats_lock definition\n (bsc#1183871 ltc#192139).\n\n - ibmvnic: rework to ensure SCRQ entry reads are properly\n ordered (bsc#1183871 ltc#192139).\n\n - ibmvnic: simplify reset_long_term_buff function\n (bsc#1183023 ltc#191791).\n\n - ibmvnic: substitute mb() with dma_wmb() for send_*crq*\n functions (bsc#1183023 ltc#191791).\n\n - ice: fix memory leak if register_netdev_fails\n (git-fixes).\n\n - ice: fix memory leak in ice_vsi_setup (git-fixes).\n\n - ice: Fix state bits on LLDP mode switch (jsc#SLE-7926).\n\n - ice: renegotiate link after FW DCB on (jsc#SLE-8464).\n\n - ice: report correct max number of TCs (jsc#SLE-7926).\n\n - ice: update the number of available RSS queues\n (jsc#SLE-7926).\n\n - igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634).\n\n - iio: adc: ad7949: fix wrong ADC result due to incorrect\n bit mask (git-fixes).\n\n - iio:adc:qcom-spmi-vadc: add default scale to\n LR_MUX2_BAT_ID channel (git-fixes).\n\n - iio: adis16400: Fix an error code in\n adis16400_initial_setup() (git-fixes).\n\n - iio: gyro: mpu3050: Fix error handling in\n mpu3050_trigger_handler (git-fixes).\n\n - iio: hid-sensor-humidity: Fix alignment issue of\n timestamp channel (git-fixes).\n\n - iio: hid-sensor-prox: Fix scale not correct issue\n (git-fixes).\n\n - iio: hid-sensor-temperature: Fix issues of timestamp\n channel (git-fixes).\n\n - Input: applespi - do not wait for responses to commands\n indefinitely (git-fixes).\n\n - Input: elantech - fix protocol errors for some\n trackpoints in SMBus mode (git-fixes).\n\n - Input: i8042 - add ASUS Zenbook Flip to noselftest list\n (git-fixes).\n\n - Input: raydium_ts_i2c - do not send zero length\n (git-fixes).\n\n - Input: xpad - add support for PowerA Enhanced Wired\n Controller for Xbox Series X|S (git-fixes).\n\n - iommu/amd: Fix sleeping in atomic in\n increase_address_space() (bsc#1183277).\n\n - iommu/intel: Fix memleak in intel_irq_remapping_alloc\n (bsc#1183278).\n\n - iommu/qcom: add missing put_device() call in\n qcom_iommu_of_xlate() (bsc#1183637).\n\n - iommu/vt-d: Add get_domain_info() helper (bsc#1183279).\n\n - iommu/vt-d: Avoid panic if iommu init fails in tboot\n system (bsc#1183280).\n\n - iommu/vt-d: Correctly check addr alignment in\n qi_flush_dev_iotlb_pasid() (bsc#1183281).\n\n - iommu/vt-d: Do not use flush-queue when caching-mode is\n on (bsc#1183282).\n\n - iommu/vt-d: Fix general protection fault in\n aux_detach_device() (bsc#1183283).\n\n - iommu/vt-d: Fix ineffective devTLB invalidation for\n subdevices (bsc#1183284).\n\n - iommu/vt-d: Fix unaligned addresses for\n intel_flush_svm_range_dev() (bsc#1183285).\n\n - iommu/vt-d: Move intel_iommu info from struct intel_svm\n to struct intel_svm_dev (bsc#1183286).\n\n - ionic: linearize tso skb with too many frags\n (bsc#1167773).\n\n - kbuild: add dummy toolchains to enable all cc-option\n etc. in Kconfig (bcs#1181862).\n\n - kbuild: change *FLAGS_<basetarget>.o to take the path\n relative to $(obj) (bcs#1181862).\n\n - kbuild: dummy-tools, fix inverted tests for gcc\n (bcs#1181862).\n\n - kbuild: dummy-tools, support MPROFILE_KERNEL checks for\n ppc (bsc#1181862).\n\n - kbuild: Fail if gold linker is detected (bcs#1181862).\n\n - kbuild: improve cc-option to clean up all temporary\n files (bsc#1178330).\n\n - kbuild: include scripts/Makefile.* only when relevant\n CONFIG is enabled (bcs#1181862).\n\n - kbuild: simplify GCC_PLUGINS enablement in\n dummy-tools/gcc (bcs#1181862).\n\n - kbuild: stop filtering out $(GCC_PLUGINS_CFLAGS) from\n cc-option base (bcs#1181862).\n\n - kbuild: use -S instead of -E for precise cc-option test\n in Kconfig (bsc#1178330).\n\n - kconfig: introduce m32-flag and m64-flag (bcs#1181862).\n\n - KVM: nVMX: Properly handle userspace interrupt window\n request (bsc#1183427).\n\n - KVM: SVM: Clear the CR4 register on reset (bsc#1183252).\n\n - KVM: x86: Add helpers to perform CPUID-based guest\n vendor check (bsc#1183445). \n\n - KVM: x86: Add RIP to the kvm_entry, i.e. VM-Enter,\n tracepoint Needed as a dependency of 0b40723a827 ('kvm:\n tracing: Fix unmatched kvm_entry and kvm_exit events',\n bsc#1182770).\n\n - KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if\n tsx=off (bsc#1183287).\n\n - KVM: x86: do not reset microcode version on INIT or\n RESET (bsc#1183412).\n\n - KVM x86: Extend AMD specific guest behavior to Hygon\n virtual CPUs (bsc#1183447).\n\n - KVM: x86: list MSR_IA32_UCODE_REV as an emulated MSR\n (bsc#1183369).\n\n - KVM: x86: Return -E2BIG when KVM_GET_SUPPORTED_CPUID\n hits max entries (bsc#1183428).\n\n - KVM: x86: Set so called 'reserved CR3 bits in LM mask'\n at vCPU reset (bsc#1183288).\n\n - libbpf: Clear map_info before each\n bpf_obj_get_info_by_fd (bsc#1155518).\n\n - libbpf: Fix BTF dump of pointer-to-array-of-struct\n (bsc#1155518).\n\n - libbpf: Use SOCK_CLOEXEC when opening the netlink socket\n (bsc#1155518).\n\n - lib/syscall: fix syscall registers retrieval on 32-bit\n platforms (git-fixes).\n\n -\n loop-be-paranoid-on-exit-and-prevent-new-additions-r.pat\n ch: (bsc#1171295).\n\n - mac80211: fix double free in ibss_leave (git-fixes).\n\n - mac80211: fix rate mask reset (git-fixes).\n\n - mdio: fix mdio-thunder.c dependency & build error\n (git-fixes).\n\n - media: cros-ec-cec: do not bail on device_init_wakeup\n failure (git-fixes).\n\n - media: cx23885: add more quirks for reset DMA on some\n AMD IOMMU (git-fixes).\n\n - media: mceusb: Fix potential out-of-bounds shift\n (git-fixes).\n\n - media: mceusb: sanity check for prescaler value\n (git-fixes).\n\n - media: rc: compile rc-cec.c into rc-core (git-fixes).\n\n - media: usbtv: Fix deadlock on suspend (git-fixes).\n\n - media: uvcvideo: Allow entities with no pads\n (git-fixes).\n\n - media: v4l2-ctrls.c: fix shift-out-of-bounds in\n std_validate (git-fixes).\n\n - media: v4l: vsp1: Fix bru NULL pointer access\n (git-fixes).\n\n - media: v4l: vsp1: Fix uif NULL pointer access\n (git-fixes).\n\n - media: vicodec: add missing v4l2_ctrl_request_hdl_put()\n (git-fixes).\n\n - misc: eeprom_93xx46: Add quirk to support Microchip\n 93LC46B eeprom (git-fixes).\n\n - misc: fastrpc: restrict user apps from sending kernel\n RPC messages (git-fixes).\n\n - misc/pvpanic: Export module FDT device table\n (git-fixes).\n\n - misc: rtsx: init of rts522a add OCP power off when no\n card is present (git-fixes).\n\n - mmc: core: Fix partition switch time for eMMC\n (git-fixes).\n\n - mmc: cqhci: Fix random crash when remove mmc module/card\n (git-fixes).\n\n - mmc: mxs-mmc: Fix a resource leak in an error handling\n path in 'mxs_mmc_probe()' (git-fixes).\n\n - mmc: sdhci-esdhc-imx: fix kernel panic when remove\n module (git-fixes).\n\n - mmc: sdhci-of-dwcmshc: set\n SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes).\n\n - mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB\n page (git-fixes).\n\n - mm, numa: fix bad pmd by atomically check for\n pmd_trans_huge when marking page tables prot_numa\n (bsc#1168777).\n\n - mount: fix mounting of detached mounts onto targets that\n reside on shared mounts (git-fixes).\n\n - net: bonding: fix error return code of bond_neigh_init()\n (bsc#1154353).\n\n - net: cdc-phonet: fix data-interface release on probe\n failure (git-fixes).\n\n - net: core: introduce __netdev_notify_peers (bsc#1183871\n ltc#192139).\n\n - netdevsim: init u64 stats for 32bit hardware\n (git-fixes).\n\n - net: dsa: rtl8366: Fix VLAN semantics (git-fixes).\n\n - net: dsa: rtl8366: Fix VLAN set-up (git-fixes).\n\n - net: dsa: rtl8366rb: Support all 4096 VLANs (git-fixes).\n\n - net: enic: Cure the enic api locking trainwreck\n (git-fixes).\n\n - net: ethernet: aquantia: Fix wrong return value\n (git-fixes).\n\n - net: ethernet: cavium: octeon_mgmt: use phy_start and\n phy_stop (git-fixes).\n\n - net: ethernet: ibm: ibmvnic: Fix some kernel-doc\n misdemeanours (bsc#1183871 ltc#192139).\n\n - net: ethernet: ti: cpsw: fix clean up of vlan mc entries\n for host port (git-fixes).\n\n - net: fec: Fix phy_device lookup for\n phy_reset_after_clk_enable() (git-fixes).\n\n - net: fec: Fix PHY init after\n phy_reset_after_clk_enable() (git-fixes).\n\n - net: fec: Fix reference count leak in fec series ops\n (git-fixes).\n\n - net: gemini: Fix another missing clk_disable_unprepare()\n in probe (git-fixes).\n\n - net: gemini: Fix missing free_netdev() in error path of\n gemini_ethernet_port_probe() (git-fixes).\n\n - net: gianfar: Add of_node_put() before goto statement\n (git-fixes).\n\n - net: hdlc: In hdlc_rcv, check to make sure dev is an\n HDLC device (git-fixes).\n\n - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag\n after calling ether_setup (git-fixes).\n\n - net: korina: cast KSEG0 address to pointer in kfree\n (git-fixes).\n\n - net: korina: fix kfree of rx/tx descriptor array\n (git-fixes).\n\n - net/mlx5: Disable devlink reload for lag devices\n (jsc#SLE-8464).\n\n - net/mlx5: Disable devlink reload for multi port slave\n device (jsc#SLE-8464).\n\n - net/mlx5: Disallow RoCE on lag device (jsc#SLE-8464).\n\n - net/mlx5: Disallow RoCE on multi port slave device\n (jsc#SLE-8464).\n\n - net/mlx5e: E-switch, Fix rate calculation division\n (jsc#SLE-8464).\n\n - net/mlx5e: E-switch, Fix rate calculation for overflow\n (jsc#SLE-8464).\n\n - net: mvneta: fix double free of txq->buf (git-fixes).\n\n - net: mvneta: make tx buffer array agnostic (git-fixes).\n\n - net: qcom/emac: add missed clk_disable_unprepare in\n error path of emac_clks_phase1_init (git-fixes).\n\n - netsec: restore phy power state after controller reset\n (bsc#1183757).\n\n - net: spider_net: Fix the size used in a\n 'dma_free_coherent()' call (git-fixes).\n\n - net: stmmac: Fix incorrect location to set\n real_num_rx|tx_queues (git-fixes).\n\n - net: stmmac: removed enabling eee in EEE set callback\n (git-fixes).\n\n - net: stmmac: use netif_tx_start|stop_all_queues()\n function (git-fixes).\n\n - net: stmmac: Use rtnl_lock/unlock on\n netif_set_real_num_rx_queues() call (git-fixes).\n\n - net: usb: ax88179_178a: fix missing stop entry in\n driver_info (git-fixes).\n\n - net: usb: qmi_wwan: allow qmimux add/del with master up\n (git-fixes).\n\n - net: usb: qmi_wwan: support ZTE P685M modem (git-fixes).\n\n - nfp: flower: fix pre_tun mask id allocation\n (bsc#1154353).\n\n - nvme: allocate the keep alive request using\n BLK_MQ_REQ_NOWAIT (bsc#1182077).\n\n - nvme-fabrics: fix kato initialization (bsc#1182591).\n\n - nvme-fabrics: only reserve a single tag (bsc#1182077).\n\n - nvme-fc: fix racing controller reset and create\n association (bsc#1183048).\n\n - nvme-hwmon: Return error code when registration fails\n (bsc#1177326).\n\n - nvme: merge nvme_keep_alive into nvme_keep_alive_work\n (bsc#1182077).\n\n - nvme: return an error if nvme_set_queue_count() fails\n (bsc#1180197).\n\n - nvmet-rdma: Fix list_del corruption on queue\n establishment failure (bsc#1183501).\n\n - objtool: Fix '.cold' section suffix check for newer\n versions of GCC (bsc#1169514).\n\n - objtool: Fix error handling for STD/CLD warnings\n (bsc#1169514).\n\n - objtool: Fix retpoline detection in asm code\n (bsc#1169514).\n\n - ovl: fix dentry leak in ovl_get_redirect (bsc#1184176).\n\n - ovl: fix out of date comment and unreachable code\n (bsc#1184176).\n\n - ovl: fix regression with re-formatted lower squashfs\n (bsc#1184176).\n\n - ovl: fix unneeded call to ovl_change_flags()\n (bsc#1184176).\n\n - ovl: fix value of i_ino for lower hardlink corner case\n (bsc#1184176).\n\n - ovl: initialize error in ovl_copy_xattr (bsc#1184176).\n\n - ovl: relax WARN_ON() when decoding lower directory file\n handle (bsc#1184176).\n\n - PCI: Add a REBAR size quirk for Sapphire RX 5600 XT\n Pulse (git-fixes).\n\n - PCI: Add function 1 DMA alias quirk for Marvell 9215\n SATA controller (git-fixes).\n\n - PCI: Align checking of syscall user config accessors\n (git-fixes).\n\n - PCI: Decline to resize resources if boot config must be\n preserved (git-fixes).\n\n - PCI: Fix pci_register_io_range() memory leak\n (git-fixes).\n\n - PCI: mediatek: Add missing of_node_put() to fix\n reference leak (git-fixes).\n\n - PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064\n (git-fixes).\n\n - PCI: xgene-msi: Fix race in installing chained irq\n handler (git-fixes).\n\n - pinctrl: rockchip: fix restore error in resume\n (git-fixes).\n\n - Platform: OLPC: Fix probe error handling (git-fixes).\n\n - platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for\n the Aspire Switch 10E SW3-016 (git-fixes).\n\n - platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE\n capability flag (git-fixes).\n\n - platform/x86: acer-wmi: Add new force_caps module\n parameter (git-fixes).\n\n - platform/x86: acer-wmi: Add support for SW_TABLET_MODE\n on Switch devices (git-fixes).\n\n - platform/x86: acer-wmi: Cleanup accelerometer device\n handling (git-fixes).\n\n - platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines\n (git-fixes).\n\n - platform/x86: intel-vbtn: Stop reporting SW_DOCK events\n (git-fixes).\n\n - PM: EM: postpone creating the debugfs dir till\n fs_initcall (git-fixes).\n\n - PM: runtime: Add pm_runtime_resume_and_get to deal with\n usage counter (bsc#1183366).\n\n - PM: runtime: Fix race getting/putting suppliers at probe\n (git-fixes).\n\n - powerpc/book3s64/radix: Remove WARN_ON in\n destroy_context() (bsc#1183692 ltc#191963).\n\n - powerpc/pseries/mobility: handle premature return from\n H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662\n ltc#191922).\n\n - powerpc/pseries/mobility: use struct for shared state\n (bsc#1181674 ltc#189159 git-fixes bsc#1183662\n ltc#191922).\n\n - printk: fix deadlock when kernel panic (bsc#1183018).\n\n - proc: fix lookup in /proc/net subdirectories after\n setns(2) (git-fixes).\n\n - pwm: rockchip: rockchip_pwm_probe(): Remove superfluous\n clk_unprepare() (git-fixes).\n\n - qxl: Fix uninitialised struct field head.surface_id\n (git-fixes).\n\n - random: fix the RNDRESEEDCRNG ioctl (git-fixes).\n\n - RDMA/hns: Disable RQ inline by default (jsc#SLE-8449).\n\n - RDMA/hns: Fix type of sq_signal_bits (jsc#SLE-8449).\n\n - RDMA/srp: Fix support for unpopulated and unbalanced\n NUMA nodes (bsc#1169709)\n\n - Revert 'net: bonding: fix error return code of\n bond_neigh_init()' (bsc#1154353).\n\n - rpadlpar: fix potential drc_name corruption in store\n functions (bsc#1183416 ltc#191079).\n\n - rpm/check-for-config-changes: add -mrecord-mcount ignore\n Added by 3b15cdc15956 (tracing: move function tracer\n options to Kconfig) upstream.\n\n - rpm/check-for-config-changes: comment on the list To\n explain what it actually is.\n\n - rpm/check-for-config-changes: declare sed args as an\n array So that we can reuse it in both seds. This also\n introduces IGNORED_CONFIGS_RE array which can be easily\n extended.\n\n - rpm/check-for-config-changes: define ignores more\n strictly * search for whole words, so make wildcards\n explicit * use ' for quoting * prepend CONFIG_\n dynamically, so it need not be in the list\n\n - rpm/check-for-config-changes: ignore more configs\n Specifially, these: * CONFIG_CC_HAS_* * CONFIG_CC_HAVE_*\n * CONFIG_CC_CAN_* * CONFIG_HAVE_[A-Z]*_COMPILER *\n CONFIG_TOOLS_SUPPORT_* are compiler specific too. This\n will allow us to use super configs using kernel's\n dummy-tools.\n\n - rpm/check-for-config-changes: sort the ignores They are\n growing so to make them searchable by humans.\n\n - rsi: Fix TX EAPOL packet handling against iwlwifi AP\n (git-fixes).\n\n - rsi: Move card interrupt handling to RX thread\n (git-fixes).\n\n - rsxx: Return -EFAULT if copy_to_user() fails\n (git-fixes).\n\n - s390/cio: return -EFAULT if copy_to_user() fails\n (git-fixes).\n\n - s390/cio: return -EFAULT if copy_to_user() fails\n (git-fixes).\n\n - s390/crypto: return -EFAULT if copy_to_user() fails\n (git-fixes).\n\n - s390/dasd: fix hanging IO request during DASD driver\n unbind (git-fixes).\n\n - s390/qeth: fix memory leak after failed TX Buffer\n allocation (git-fixes).\n\n - s390/qeth: fix notification for pending buffers during\n teardown (git-fixes).\n\n - s390/qeth: improve completion of pending TX buffers\n (git-fixes).\n\n - s390/qeth: schedule TX NAPI on QAOB completion\n (git-fixes).\n\n - s390/vtime: fix increased steal time accounting\n (bsc#1183859).\n\n - samples, bpf: Add missing munmap in xdpsock\n (bsc#1155518).\n\n - scsi: lpfc: Change wording of invalid pci reset log\n message (bsc#1182574).\n\n - scsi: lpfc: Correct function header comments related to\n ndlp reference counting (bsc#1182574).\n\n - scsi: lpfc: Fix ADISC handling that never frees nodes\n (bsc#1182574).\n\n - scsi: lpfc: Fix crash caused by switch reboot\n (bsc#1182574).\n\n - scsi: lpfc: Fix dropped FLOGI during pt2pt discovery\n recovery (bsc#1182574).\n\n - scsi: lpfc: Fix FLOGI failure due to accessing a freed\n node (bsc#1182574).\n\n - scsi: lpfc: Fix incorrect dbde assignment when building\n target abts wqe (bsc#1182574).\n\n - scsi: lpfc: Fix lpfc_els_retry() possible NULL pointer\n dereference (bsc#1182574).\n\n - scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574).\n\n - scsi: lpfc: Fix NULL pointer dereference in\n lpfc_prep_els_iocb() (bsc#1182574).\n\n - scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN\n (bsc#1182574).\n\n - scsi: lpfc: Fix pt2pt connection does not recover after\n LOGO (bsc#1182574).\n\n - scsi: lpfc: Fix pt2pt state transition causing rmmod\n hang (bsc#1182574).\n\n - scsi: lpfc: Fix reftag generation sizing errors\n (bsc#1182574).\n\n - scsi: lpfc: Fix stale node accesses on stale RRQ request\n (bsc#1182574).\n\n - scsi: lpfc: Fix status returned in lpfc_els_retry()\n error exit path (bsc#1182574).\n\n - scsi: lpfc: Fix unnecessary null check in\n lpfc_release_scsi_buf (bsc#1182574).\n\n - scsi: lpfc: Fix use after free in lpfc_els_free_iocb\n (bsc#1182574).\n\n - scsi: lpfc: Fix vport indices in\n lpfc_find_vport_by_vpid() (bsc#1182574).\n\n - scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports\n (bsc#1182574).\n\n - scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8\n changes (bsc#1182574).\n\n - scsi: lpfc: Update lpfc version to 12.8.0.8\n (bsc#1182574).\n\n - scsi: target: pscsi: Avoid OOM in pscsi_map_sg()\n (bsc#1183843).\n\n - scsi: target: pscsi: Clean up after failure in\n pscsi_map_sg() (bsc#1183843).\n\n - selftests/bpf: Mask bpf_csum_diff() return value to 16\n bits in test_verifier (bsc#1155518).\n\n - selftests/bpf: No need to drop the packet when there is\n no geneve opt (bsc#1155518).\n\n - selftests/bpf: Set gopt opt_class to 0 if get tunnel opt\n failed (bsc#1155518).\n\n - selinux: fix error initialization in\n inode_doinit_with_dentry() (git-fixes).\n\n - selinux: Fix error return code in sel_ib_pkey_sid_slow()\n (git-fixes).\n\n - selinux: fix inode_doinit_with_dentry() LABEL_INVALID\n error handling (git-fixes).\n\n - smb3: Fix out-of-bounds bug in SMB2_negotiate()\n (bsc#1183540).\n\n - software node: Fix node registration (git-fixes).\n\n - spi: stm32: make spurious and overrun interrupts visible\n (git-fixes).\n\n - squashfs: fix inode lookup sanity checks (bsc#1183750).\n\n - squashfs: fix xattr id and id lookup sanity checks\n (bsc#1183750).\n\n - staging: bcm2835-audio: Replace unsafe strcpy() with\n strscpy() (git-fixes).\n\n - staging: comedi: addi_apci_1032: Fix endian problem for\n COS sample (git-fixes).\n\n - staging: comedi: addi_apci_1500: Fix endian problem for\n command sample (git-fixes).\n\n - staging: comedi: adv_pci1710: Fix endian problem for AI\n command data (git-fixes).\n\n - staging: comedi: das6402: Fix endian problem for AI\n command data (git-fixes).\n\n - staging: comedi: das800: Fix endian problem for AI\n command data (git-fixes).\n\n - staging: comedi: dmm32at: Fix endian problem for AI\n command data (git-fixes).\n\n - staging: comedi: me4000: Fix endian problem for AI\n command data (git-fixes).\n\n - staging: comedi: pcl711: Fix endian problem for AI\n command data (git-fixes).\n\n - staging: comedi: pcl818: Fix endian problem for AI\n command data (git-fixes).\n\n - staging: fwserial: Fix error handling in fwserial_create\n (git-fixes).\n\n - staging: gdm724x: Fix DMA from stack (git-fixes).\n\n - staging: ks7010: prevent buffer overflow in\n ks_wlan_set_scan() (git-fixes).\n\n - staging: most: sound: add sanity check for function\n argument (git-fixes).\n\n - staging: rtl8188eu: Add Edimax EW-7811UN V2 to device\n table (git-fixes).\n\n - staging: rtl8188eu: fix potential memory corruption in\n rtw_check_beacon_data() (git-fixes).\n\n - staging: rtl8188eu: prevent ->ssid overflow in\n rtw_wx_set_scan() (git-fixes).\n\n - staging: rtl8192e: Change state information from u16 to\n u8 (git-fixes).\n\n - staging: rtl8192e: Fix incorrect source in memcpy()\n (git-fixes).\n\n - staging: rtl8192e: Fix possible buffer overflow in\n _rtl92e_wx_set_scan (git-fixes).\n\n - staging: rtl8192u: fix ->ssid overflow in\n r8192_wx_set_scan() (git-fixes).\n\n - staging: rtl8712: Fix possible buffer overflow in\n r8712_sitesurvey_cmd (git-fixes).\n\n - staging: rtl8712: unterminated string leads to read\n overflow (git-fixes).\n\n - stop_machine: mark helpers __always_inline (git-fixes).\n\n - udlfb: Fix memory leak in dlfb_usb_probe (git-fixes).\n\n - Update bug reference for USB-audio fixes (bsc#1182552\n bsc#1183598)\n\n - USB: cdc-acm: fix double free on probe failure\n (git-fixes).\n\n - USB: cdc-acm: fix use-after-free after probe failure\n (git-fixes).\n\n - USB: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960\n board (git-fixes).\n\n - USB: dwc2: Prevent core suspend when port connection\n flag is 0 (git-fixes).\n\n - USB: dwc3: gadget: Fix dep->interval for fullspeed\n interrupt (git-fixes).\n\n - USB: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1\n (git-fixes).\n\n - USB: dwc3: qcom: Add missing DWC3 OF node refcount\n decrement (git-fixes).\n\n - USB: dwc3: qcom: Honor wakeup enabled/disabled state\n (git-fixes).\n\n - USB: gadget: configfs: Fix KASAN use-after-free\n (git-fixes).\n\n - USB: gadget: f_uac1: stop playback on function disable\n (git-fixes).\n\n - USB: gadget: f_uac2: always increase endpoint\n max_packet_size by one audio slot (git-fixes).\n\n - USB: gadget: udc: amd5536udc_pci fix\n null-ptr-dereference (git-fixes).\n\n - USB: gadget: u_ether: Fix a configfs return code\n (git-fixes).\n\n - USBip: Fix incorrect double assignment to udc->ud.tcp_rx\n (git-fixes).\n\n - USBip: fix stub_dev to check for stream socket\n (git-fixes).\n\n - USBip: fix stub_dev USBip_sockfd_store() races leading\n to gpf (git-fixes).\n\n - USBip: fix vhci_hcd attach_store() races leading to gpf\n (git-fixes).\n\n - USBip: fix vhci_hcd to check for stream socket\n (git-fixes).\n\n - USBip: fix vudc to check for stream socket (git-fixes).\n\n - USBip: fix vudc usbip_sockfd_store races leading to gpf\n (git-fixes).\n\n - USBip: tools: fix build error for multiple definition\n (git-fixes).\n\n - USB: musb: Fix suspend with devices connected for a64\n (git-fixes).\n\n - USB: renesas_usbhs: Clear PIPECFG for re-enabling pipe\n with other EPNUM (git-fixes).\n\n - USB: replace hardcode maximum usb string length by\n definition (git-fixes).\n\n - USB: serial: ch341: add new Product ID (git-fixes).\n\n - USB: serial: cp210x: add ID for Acuity Brands nLight Air\n Adapter (git-fixes).\n\n - USB: serial: cp210x: add some more GE USB IDs\n (git-fixes).\n\n - USB: serial: ftdi_sio: fix FTX sub-integer prescaler\n (git-fixes).\n\n - USB: serial: io_edgeport: fix memory leak in\n edge_startup (git-fixes).\n\n - USB-storage: Add quirk to defeat Kindle's automatic\n unload (git-fixes).\n\n - USB: typec: tcpm: Invoke power_supply_changed for\n tcpm-source-psy- (git-fixes).\n\n - USB: usblp: fix a hang in poll() if disconnected\n (git-fixes).\n\n - USB: xhci: do not perform Soft Retry for some xHCI hosts\n (git-fixes).\n\n - USB: xhci: Fix ASMedia ASM1042A and ASM3242 DMA\n addressing (git-fixes).\n\n - USB: xhci-mtk: fix broken streams issue on 0.96 xHCI\n (git-fixes).\n\n - use __netdev_notify_peers in ibmvnic (bsc#1183871\n ltc#192139).\n\n - video: fbdev: acornfb: remove free_unused_pages()\n (bsc#1152489)\n\n - video: hyperv_fb: Fix a double free in hvfb_probe\n (git-fixes).\n\n - VMCI: Use set_page_dirty_lock() when unregistering guest\n memory (git-fixes).\n\n - vt/consolemap: do font sum unsigned (git-fixes).\n\n - watchdog: mei_wdt: request stop on unregister\n (git-fixes).\n\n - wireguard: device: do not generate ICMP for non-IP\n packets (git-fixes).\n\n - wireguard: kconfig: use arm chacha even with no neon\n (git-fixes).\n\n - wireguard: selftests: test multiple parallel streams\n (git-fixes).\n\n - wlcore: Fix command execute failure 19 for wl12xx\n (git-fixes).\n\n - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task\n (bsc#1152489).\n\n - xen/events: avoid handling the same event on two cpus at\n the same time (git-fixes).\n\n - xen/events: do not unmask an event channel when an eoi\n is pending (git-fixes).\n\n - xen/events: reset affinity of 2-level event when tearing\n it down (git-fixes).\n\n - xen/gnttab: handle p2m update errors on a per-slot basis\n (bsc#1183022 XSA-367).\n\n - xen-netback: respect gnttab_map_refs()'s return value\n (bsc#1183022 XSA-367).\n\n - xfs: group quota should return EDQUOT when prj quota\n enabled (bsc#1180980).\n\n - xhci: Fix repeated xhci wake after suspend due to\n uncleared internal wake state (git-fixes).\n\n - xhci: Improve detection of device initiated wake signal\n (git-fixes).\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1155518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1156256\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1159280\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1160634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1167773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1168777\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177326\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1180197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1180980\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181862\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182077\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182989\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183277\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183280\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183287\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183288\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183366\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183369\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183412\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183416\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183501\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183530\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183750\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183757\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183859\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184176\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184218\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184219\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184220\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184224\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected the Linux Kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28660\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-18814\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-rebuild\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-debuginfo-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-debugsource-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-devel-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-devel-debuginfo-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-base-5.3.18-lp152.69.1.lp152.8.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-base-rebuild-5.3.18-lp152.69.1.lp152.8.28.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-debuginfo-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-debugsource-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-devel-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-devel-debuginfo-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-devel-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-docs-html-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-debuginfo-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-debugsource-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-devel-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-devel-debuginfo-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-macros-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-obs-build-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-obs-build-debugsource-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-obs-qa-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-debuginfo-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-debugsource-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-devel-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-devel-debuginfo-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-source-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-source-vanilla-5.3.18-lp152.69.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-syms-5.3.18-lp152.69.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-debuginfo / kernel-debug-debugsource / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-19T14:55:29", "description": "The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170).\n\nCVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485).\n\nCVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167).\n\nCVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168).\n\nCVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198).\n\nCVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ).\n\nCVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193).\n\nCVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).\n\nCVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ).\n\nCVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022).\n\nCVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715).\n\nCVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717).\n\nCVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716).\n\nCVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696).\n\nCVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454).\n\nCVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775).\n\nCVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686).\n\nCVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843).\n\nCVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753).\n\nCVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747).\n\nCVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428).\n\nCVE-2020-0433: Fixed a use after free due to improper locking which could have led to local escalation of privilege (bsc#1176720).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-04-14T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1175-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0433", "CVE-2020-27170", "CVE-2020-27171", "CVE-2020-27815", "CVE-2020-29368", "CVE-2020-29374", "CVE-2020-35519", "CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-28038", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972", "CVE-2021-29264", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-3428", "CVE-2021-3444"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-base", "p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debugsource", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-1175-1.NASL", "href": "https://www.tenable.com/plugins/nessus/148509", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:1175-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148509);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2020-0433\",\n \"CVE-2020-27170\",\n \"CVE-2020-27171\",\n \"CVE-2020-27815\",\n \"CVE-2020-29368\",\n \"CVE-2020-29374\",\n \"CVE-2020-35519\",\n \"CVE-2021-3428\",\n \"CVE-2021-3444\",\n \"CVE-2021-26930\",\n \"CVE-2021-26931\",\n \"CVE-2021-26932\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\",\n \"CVE-2021-28038\",\n \"CVE-2021-28660\",\n \"CVE-2021-28688\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-28972\",\n \"CVE-2021-29264\",\n \"CVE-2021-29265\",\n \"CVE-2021-29647\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1175-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3444: Fixed an issue with the bpf verifier which did not\nproperly handle mod32 destination register truncation when the source\nregister was known to be 0 leading to out of bounds read\n(bsc#1184170).\n\nCVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent\n(bsc#1173485).\n\nCVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have\nallowed attackers to obtain sensitive information from kernel memory\nbecause of a partially uninitialized data structure (bsc#1184192 ).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have\nallowed attackers to cause a denial of service due to race conditions\nduring an update of the local and shared status (bsc#1184167).\n\nCVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet\ndriver which could have allowed attackers to cause a system crash due\nto a calculation of negative fragment size (bsc#1184168).\n\nCVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a\nnew device name to the driver from userspace, allowing userspace to\nwrite data to the kernel stack frame directly (bsc#1184198).\n\nCVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could\nhave caused a system crash because the PEBS status in a PEBS record\nwas mishandled (bsc#1184196 ).\n\nCVE-2021-28964: Fixed a race condition in get_old_root which could\nhave allowed attackers to cause a denial of service (bsc#1184193).\n\nCVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).\n\nCVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan\n(bsc#1183593 ).\n\nCVE-2021-28038: Fixed an issue with the netback driver which was\nlacking necessary treatment of errors such as failed memory\nallocations (bsc#1183022).\n\nCVE-2021-27365: Fixed an issue where an unprivileged user can send a\nNetlink message that is associated with iSCSI, and has a length up to\nthe maximum length of a Netlink message (bsc#1182715).\n\nCVE-2021-27364: Fixed an issue where an attacker could craft Netlink\nmessages (bsc#1182717).\n\nCVE-2021-27363: Fixed a kernel pointer leak which could have been used\nto determine the address of the iscsi_transport structure\n(bsc#1182716).\n\nCVE-2020-35519: Fixed an out-of-bounds memory access was found in\nx25_bind (bsc#1183696).\n\nCVE-2020-27815: Fixed an issue in JFS filesystem where could have\nallowed an attacker to execute code (bsc#1179454).\n\nCVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds\nspeculation on pointer arithmetic, leading to side-channel attacks\nthat defeat Spectre mitigations and obtain sensitive information from\nkernel memory (bsc#1183775).\n\nCVE-2020-27170: Fixed potential side-channel attacks that defeat\nSpectre mitigations and obtain sensitive information from kernel\nmemory (bsc#1183686).\n\nCVE-2021-26930: Fixed an improper error handling in blkback's grant\nmapping (XSA-365 bsc#1181843).\n\nCVE-2021-26931: Fixed an issue where Linux kernel was treating grant\nmapping errors as bugs (XSA-362 bsc#1181753).\n\nCVE-2021-26932: Fixed improper error handling issues in Linux grant\nmapping (XSA-361 bsc#1181747).\n\nCVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write\nimplementation which could have granted unintended write access\nbecause of a race condition in a THP mapcount check (bsc#1179660,\nbsc#1179428).\n\nCVE-2020-0433: Fixed a use after free due to improper locking which\ncould have led to local escalation of privilege (bsc#1176720).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104270\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109837\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175165\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179243\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180846\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181515\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181747\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181753\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182175\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183379\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183380\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183416\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184114\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0433/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27170/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27171/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27815/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29368/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29374/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35519/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26930/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26931/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26932/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27363/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27364/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27365/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28038/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28688/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28964/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28971/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28972/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29264/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29265/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29647/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3428/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3444/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20211175-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f99314b7\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1175=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28660\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-4.12.14-16.50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-base-4.12.14-16.50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-base-debuginfo-4.12.14-16.50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-debuginfo-4.12.14-16.50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-debugsource-4.12.14-16.50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-devel-4.12.14-16.50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-syms-azure-4.12.14-16.50.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-15T15:21:18", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service, or information leaks.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including Linux's mac80211, did not correctly implement reassembly of fragmented packets. In some circumstances, an attacker within range of a network could exploit these flaws to forge arbitrary packets and/or to access sensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including Linux's mac80211, did not authenticate the 'is aggregated' packet header flag. An attacker within range of a network could exploit this to forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (&#x5C39;&#x4EAE;) of TenCent discovered several reference counting bugs in the NFC LLCP implementation which could lead to use-after-free. A local user could exploit these for denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered that the original fixes for these introduced a new bug that could result in use-after-free and double-free. This has also been fixed.\n\nCVE-2020-25672\n\nkiyin (&#x5C39;&#x4EAE;) of TenCent discovered a memory leak in the NFC LLCP implementation. A local user could exploit this for denial of service (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations, including Linux's mac80211. When operating in AP mode, they would forward EAPOL frames from one client to another while the sender was not yet authenticated. An attacker within range of a network could use this for denial of service or as an aid to exploiting other vulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth Passkey authentication method, and in Linux's implementation of it. An attacker within range of two Bluetooth devices while they pair using Passkey authentication could exploit this to obtain the shared secret (Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory management. A parent and child process initially share all their memory, but when either writes to a shared page, the page is duplicated and unshared (copy-on-write). However, in case an operation such as vmsplice() required the kernel to take an additional reference to a shared page, and a copy-on-write occurs during this operation, the kernel might have accessed the wrong process's memory. For some programs, this could lead to an information leak or data corruption.\n\nCVE-2021-3483\n\n&#x9A6C;&#x54F2;&#x5B87; (Zheyu Ma) reported a bug in the 'nosy' driver for TI PCILynx FireWire controllers, which could lead to list corruption and a use-after-free. On a system that uses this driver, local users granted access to /dev/nosy could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-3506\n\nThe ADLab of venustech discovered a bug in the F2FS driver which could lead to an out-of-bounds read when accessing a crafted filesystem. A local user permitted to mount arbitrary filesystems could exploit this to cause a denial of service (crash) or other security impact.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth subsystem that could lead to a use-after-free or double-free. A local user could exploit these to caue a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer dereference in the NFC LLCP implementation. A local user could use this to cause a denial of service (crash).\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP implementation, which can lead to list corruption. A local user could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365) introduced a potential resource leak. A malicious guest could presumably exploit this to cause a denial of service (resource exhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can lead to an assertion failure. On systems using Btrfs, a local user could exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel PEBS. A workaround for a hardware bug on Intel CPUs codenamed 'Haswell' and earlier could lead to a NULL pointer dereference. On systems with the affected CPUs, if users are permitted to access performance events, a local user may exploit this to cause a denial of service (crash).\n\nBy default, unprivileged users do not have access to performance events, which mitigates this issue. This is controlled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64 generated incorrect branch instructions in some cases. On systems where eBPF JIT is enabled, users could exploit this to execute arbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29155, CVE-2021-31829\n\nPiotr Krysiuk and Benedict Schlueter discovered that the Extended BPF (eBPF) verifier did not completely protect against information leaks due to speculative execution. A local user could exploit these to obtain sensitive information from kernel memory.\n\nCVE-2021-29264\n\nIt was discovered that the 'gianfar' Ethernet driver used with some Freescale SoCs did not correctly handle a Rx queue overrun when jumbo packets were enabled. On systems using this driver and jumbo packets, an attacker on the network could exploit this to cause a denial of service (crash).\n\nThis driver is not enabled in Debian's official kernel configurations.\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router (qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel configurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could lead to a NULL pointer dereference during replacement of a table. A local user with CAP_NET_ADMIN capability in any user namespace could use this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user namespaces, which mitigates this issue. This is controlled by the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the device-mapper (dm) subsystem, which could lead to a heap buffer overrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any security impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead to a use-after-free. A local user could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nFor Debian 9 stretch, these problems have been fixed in version 4.19.194-1~deb9u1. This update additionally fixes Debian bug #986949, #988352, and #989451; and includes many more bug fixes from stable updates 4.19.182-4.19.194 inclusive.\n\nWe recommend that you upgrade your linux-4.19 packages.\n\nFor the detailed security status of linux-4.19 please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/linux-4.19\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-06-24T00:00:00", "type": "nessus", "title": "Debian DLA-2690-1 : linux-4.19 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-26139", "CVE-2020-26147", "CVE-2020-26558", "CVE-2020-29374", "CVE-2021-0129", "CVE-2021-23133", "CVE-2021-23134", "CVE-2021-26930", "CVE-2021-28688", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-29154", "CVE-2021-29155", "CVE-2021-29264", "CVE-2021-29647", "CVE-2021-29650", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-32399", "CVE-2021-33034", "CVE-2021-3483", "CVE-2021-3506", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3587"], "modified": "2021-06-29T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-config-4.19", "p-cpe:/a:debian:debian_linux:linux-doc-4.19", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-cloud-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-marvell", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rpi", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.19", "p-cpe:/a:debian:debian_linux:linux-perf-4.19", "p-cpe:/a:debian:debian_linux:linux-source-4.19", "p-cpe:/a:debian:debian_linux:linux-support-4.19.0-0.bpo.10", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2690.NASL", "href": "https://www.tenable.com/plugins/nessus/150984", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2690-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(150984);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/29\");\n\n script_cve_id(\"CVE-2020-24586\", \"CVE-2020-24587\", \"CVE-2020-24588\", \"CVE-2020-25670\", \"CVE-2020-25671\", \"CVE-2020-25672\", \"CVE-2020-26139\", \"CVE-2020-26147\", \"CVE-2020-26558\", \"CVE-2020-29374\", \"CVE-2021-0129\", \"CVE-2021-23133\", \"CVE-2021-23134\", \"CVE-2021-28688\", \"CVE-2021-28964\", \"CVE-2021-28971\", \"CVE-2021-29154\", \"CVE-2021-29155\", \"CVE-2021-29264\", \"CVE-2021-29647\", \"CVE-2021-29650\", \"CVE-2021-31829\", \"CVE-2021-31916\", \"CVE-2021-32399\", \"CVE-2021-33034\", \"CVE-2021-3483\", \"CVE-2021-3506\", \"CVE-2021-3564\", \"CVE-2021-3573\", \"CVE-2021-3587\");\n\n script_name(english:\"Debian DLA-2690-1 : linux-4.19 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service, or information leaks.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including\nLinux's mac80211, did not correctly implement reassembly of fragmented\npackets. In some circumstances, an attacker within range of a network\ncould exploit these flaws to forge arbitrary packets and/or to access\nsensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including\nLinux's mac80211, did not authenticate the 'is aggregated' packet\nheader flag. An attacker within range of a network could exploit this\nto forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (&#x5C39;&#x4EAE;) of TenCent discovered several reference\ncounting bugs in the NFC LLCP implementation which could lead to\nuse-after-free. A local user could exploit these for denial of service\n(crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered\nthat the original fixes for these introduced a new bug that\ncould result in use-after-free and double-free. This has\nalso been fixed.\n\nCVE-2020-25672\n\nkiyin (&#x5C39;&#x4EAE;) of TenCent discovered a memory leak in the\nNFC LLCP implementation. A local user could exploit this for denial of\nservice (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations,\nincluding Linux's mac80211. When operating in AP mode, they would\nforward EAPOL frames from one client to another while the sender was\nnot yet authenticated. An attacker within range of a network could use\nthis for denial of service or as an aid to exploiting other\nvulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth\nPasskey authentication method, and in Linux's implementation of it. An\nattacker within range of two Bluetooth devices while they pair using\nPasskey authentication could exploit this to obtain the shared secret\n(Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory\nmanagement. A parent and child process initially share all their\nmemory, but when either writes to a shared page, the page is\nduplicated and unshared (copy-on-write). However, in case an operation\nsuch as vmsplice() required the kernel to take an additional reference\nto a shared page, and a copy-on-write occurs during this operation,\nthe kernel might have accessed the wrong process's memory. For some\nprograms, this could lead to an information leak or data corruption.\n\nCVE-2021-3483\n\n&#x9A6C;&#x54F2;&#x5B87; (Zheyu Ma) reported a bug in the 'nosy'\ndriver for TI PCILynx FireWire controllers, which could lead to list\ncorruption and a use-after-free. On a system that uses this driver,\nlocal users granted access to /dev/nosy could exploit this to cause a\ndenial of service (crash or memory corruption) or possibly for\nprivilege escalation.\n\nCVE-2021-3506\n\nThe ADLab of venustech discovered a bug in the F2FS driver which could\nlead to an out-of-bounds read when accessing a crafted filesystem. A\nlocal user permitted to mount arbitrary filesystems could exploit this\nto cause a denial of service (crash) or other security impact.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth\nsubsystem that could lead to a use-after-free or double-free. A local\nuser could exploit these to caue a denial of service (crash or memory\ncorruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer\ndereference in the NFC LLCP implementation. A local user could use\nthis to cause a denial of service (crash).\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP\nimplementation, which can lead to list corruption. A local user could\nexploit this to cause a denial of service (crash or memory corruption)\nor possibly for privilege escalation.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365)\nintroduced a potential resource leak. A malicious guest could\npresumably exploit this to cause a denial of service (resource\nexhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can\nlead to an assertion failure. On systems using Btrfs, a local user\ncould exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel\nPEBS. A workaround for a hardware bug on Intel CPUs codenamed\n'Haswell' and earlier could lead to a NULL pointer dereference. On\nsystems with the affected CPUs, if users are permitted to access\nperformance events, a local user may exploit this to cause a denial of\nservice (crash).\n\nBy default, unprivileged users do not have access to\nperformance events, which mitigates this issue. This is\ncontrolled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64\ngenerated incorrect branch instructions in some cases. On systems\nwhere eBPF JIT is enabled, users could exploit this to execute\narbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29155, CVE-2021-31829\n\nPiotr Krysiuk and Benedict Schlueter discovered that the Extended BPF\n(eBPF) verifier did not completely protect against information leaks\ndue to speculative execution. A local user could exploit these to\nobtain sensitive information from kernel memory.\n\nCVE-2021-29264\n\nIt was discovered that the 'gianfar' Ethernet driver used with some\nFreescale SoCs did not correctly handle a Rx queue overrun when jumbo\npackets were enabled. On systems using this driver and jumbo packets,\nan attacker on the network could exploit this to cause a denial of\nservice (crash).\n\nThis driver is not enabled in Debian's official kernel\nconfigurations.\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router\n(qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel\nconfigurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could\nlead to a NULL pointer dereference during replacement of a table. A\nlocal user with CAP_NET_ADMIN capability in any user namespace could\nuse this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user\nnamespaces, which mitigates this issue. This is controlled\nby the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the\ndevice-mapper (dm) subsystem, which could lead to a heap buffer\noverrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any\nsecurity impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead\nto a use-after-free. A local user could use this to cause a denial of\nservice (crash or memory corruption) or possibly for privilege\nescalation.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.19.194-1~deb9u1. This update additionally fixes Debian bug #986949,\n#988352, and #989451; and includes many more bug fixes from stable\nupdates 4.19.182-4.19.194 inclusive.\n\nWe recommend that you upgrade your linux-4.19 packages.\n\nFor the detailed security status of linux-4.19 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/linux-4.19\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux-4.19\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux-4.19\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-config-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-cloud-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.19.0-0.bpo.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"linux-config-4.19\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.19\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-686\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-686-pae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-arm64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-armel\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-armhf\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-i386\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-arm64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-armmp\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-armmp-lpae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-cloud-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-common\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-common-rt\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-marvell\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rpi\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-686-pae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-arm64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-armmp\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-pae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-pae-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-amd64-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-arm64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-arm64-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-lpae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-cloud-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-marvell\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-marvell-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rpi\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rpi-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-686-pae\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-amd64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-amd64-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-arm64\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-arm64-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-armmp\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-armmp-dbg\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.19\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.19\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.19\", reference:\"4.19.194-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.19.0-0.bpo.10\", reference:\"4.19.194-1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-23T15:25:40", "description": "The SUSE Linux Enterprise 15 SP2 kernel RT was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170).\n\nCVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485).\n\nCVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167).\n\nCVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168).\n\nCVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198).\n\nCVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ).\n\nCVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193).\n\nCVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).\n\nCVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ).\n\nCVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not prevent user applications from sending kernel RPC messages (bsc#1183596).\n\nCVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022).\n\nCVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715).\n\nCVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717).\n\nCVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716).\n\nCVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696).\n\nCVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454).\n\nCVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775).\n\nCVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686).\n\nCVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire function (bsc#1159280 ).\n\nCVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in aa_audit_rule_init() (bsc#1156256).\n\nCVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181).\n\nCVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511).\n\nCVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391).\n\nCVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120).\n\nCVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393).\n\nCVE-2020-36310: Fixed infinite loop for certain nested page faults (bsc#1184512).\n\nCVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509 ).\n\nCVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop continually was finding the same bad inode (bsc#1184194).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-04-16T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1211-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18814", "CVE-2019-19769", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-25673", "CVE-2020-27170", "CVE-2020-27171", "CVE-2020-27815", "CVE-2020-35519", "CVE-2020-36310", "CVE-2020-36311", "CVE-2020-36312", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-28038", "CVE-2021-28375", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972", "CVE-2021-29154", "CVE-2021-29264", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-30002", "CVE-2021-3428", "CVE-2021-3444", "CVE-2021-3483"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt", "p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt-devel", "p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-1211-1.NASL", "href": "https://www.tenable.com/plugins/nessus/148698", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:1211-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148698);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2019-18814\",\n \"CVE-2019-19769\",\n \"CVE-2020-25670\",\n \"CVE-2020-25671\",\n \"CVE-2020-25672\",\n \"CVE-2020-25673\",\n \"CVE-2020-27170\",\n \"CVE-2020-27171\",\n \"CVE-2020-27815\",\n \"CVE-2020-35519\",\n \"CVE-2020-36310\",\n \"CVE-2020-36311\",\n \"CVE-2020-36312\",\n \"CVE-2021-3428\",\n \"CVE-2021-3444\",\n \"CVE-2021-3483\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\",\n \"CVE-2021-28038\",\n \"CVE-2021-28375\",\n \"CVE-2021-28660\",\n \"CVE-2021-28688\",\n \"CVE-2021-28950\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-28972\",\n \"CVE-2021-29154\",\n \"CVE-2021-29264\",\n \"CVE-2021-29265\",\n \"CVE-2021-29647\",\n \"CVE-2021-30002\"\n );\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1211-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP2 kernel RT was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3444: Fixed an issue with the bpf verifier which did not\nproperly handle mod32 destination register truncation when the source\nregister was known to be 0 leading to out of bounds read\n(bsc#1184170).\n\nCVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent\n(bsc#1173485).\n\nCVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have\nallowed attackers to obtain sensitive information from kernel memory\nbecause of a partially uninitialized data structure (bsc#1184192 ).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have\nallowed attackers to cause a denial of service due to race conditions\nduring an update of the local and shared status (bsc#1184167).\n\nCVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet\ndriver which could have allowed attackers to cause a system crash due\nto a calculation of negative fragment size (bsc#1184168).\n\nCVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a\nnew device name to the driver from userspace, allowing userspace to\nwrite data to the kernel stack frame directly (bsc#1184198).\n\nCVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could\nhave caused a system crash because the PEBS status in a PEBS record\nwas mishandled (bsc#1184196 ).\n\nCVE-2021-28964: Fixed a race condition in get_old_root which could\nhave allowed attackers to cause a denial of service (bsc#1184193).\n\nCVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).\n\nCVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan\n(bsc#1183593 ).\n\nCVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did\nnot prevent user applications from sending kernel RPC messages\n(bsc#1183596).\n\nCVE-2021-28038: Fixed an issue with the netback driver which was\nlacking necessary treatment of errors such as failed memory\nallocations (bsc#1183022).\n\nCVE-2021-27365: Fixed an issue where an unprivileged user can send a\nNetlink message that is associated with iSCSI, and has a length up to\nthe maximum length of a Netlink message (bsc#1182715).\n\nCVE-2021-27364: Fixed an issue where an attacker could craft Netlink\nmessages (bsc#1182717).\n\nCVE-2021-27363: Fixed a kernel pointer leak which could have been used\nto determine the address of the iscsi_transport structure\n(bsc#1182716).\n\nCVE-2020-35519: Fixed an out-of-bounds memory access was found in\nx25_bind (bsc#1183696).\n\nCVE-2020-27815: Fixed an issue in JFS filesystem where could have\nallowed an attacker to execute code (bsc#1179454).\n\nCVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds\nspeculation on pointer arithmetic, leading to side-channel attacks\nthat defeat Spectre mitigations and obtain sensitive information from\nkernel memory (bsc#1183775).\n\nCVE-2020-27170: Fixed potential side-channel attacks that defeat\nSpectre mitigations and obtain sensitive information from kernel\nmemory (bsc#1183686).\n\nCVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire\nfunction (bsc#1159280 ).\n\nCVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in\naa_audit_rule_init() (bsc#1156256).\n\nCVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed\nmultiple bugs in NFC subsytem (bsc#1178181).\n\nCVE-2020-36311: Fixed a denial of service (soft lockup) by triggering\ndestruction of a large SEV VM (bsc#1184511).\n\nCVE-2021-29154: Fixed incorrect computation of branch displacements,\nallowing arbitrary code execution (bsc#1184391).\n\nCVE-2021-30002: Fixed a memory leak for large arguments in\nvideo_usercopy (bsc#1184120).\n\nCVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393).\n\nCVE-2020-36310: Fixed infinite loop for certain nested page faults\n(bsc#1184512).\n\nCVE-2020-36312: Fixed a memory leak upon a kmalloc failure\n(bsc#1184509 ).\n\nCVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop\ncontinually was finding the same bad inode (bsc#1184194).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156256\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159280\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168777\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177326\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178181\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180980\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181862\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182077\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182712\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182989\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183277\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183280\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183287\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183288\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183366\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183369\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183412\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183416\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183501\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183530\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183750\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183757\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183859\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184176\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184194\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184218\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184219\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184220\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184224\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184583\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-18814/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19769/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25670/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25671/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25672/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25673/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27170/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27171/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27815/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35519/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36310/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36311/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36312/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27363/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27364/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27365/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28038/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28375/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28688/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28950/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28964/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28971/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28972/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29154/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29264/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29265/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29647/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30002/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3428/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3444/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3483/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20211211-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3f6d73a2\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Realtime 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-RT-15-SP2-2021-1211=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28660\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-18814\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-debuginfo-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-debuginfo-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-debuginfo-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-debugsource-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-devel-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-devel-debuginfo-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debuginfo-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debugsource-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-debuginfo-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-syms-rt-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-5.3.18-33.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-debuginfo-5.3.18-33.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-23T15:25:57", "description": "The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170).\n\nCVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485).\n\nCVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167).\n\nCVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168).\n\nCVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198).\n\nCVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ).\n\nCVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193).\n\nCVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).\n\nCVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ).\n\nCVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not prevent user applications from sending kernel RPC messages (bsc#1183596).\n\nCVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022).\n\nCVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715).\n\nCVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717).\n\nCVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716).\n\nCVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696).\n\nCVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454).\n\nCVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775).\n\nCVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686).\n\nCVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire function (bsc#1159280 ).\n\nCVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in aa_audit_rule_init() (bsc#1156256).\n\nCVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393).\n\nCVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120).\n\nCVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391).\n\nCVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop continually was finding the same bad inode (bsc#1184194).\n\nCVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509 ).\n\nCVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511).\n\nCVE-2020-36310: Fixed infinite loop for certain nested page faults (bsc#1184512).\n\nCVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181).\n\nCVE-2020-36322: Fixed an issue was discovered in FUSE filesystem implementation which could have caused a system crash (bsc#1184211).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-04-19T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:1238-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18814", "CVE-2019-19769", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-25673", "CVE-2020-27170", "CVE-2020-27171", "CVE-2020-27815", "CVE-2020-35519", "CVE-2020-36310", "CVE-2020-36311", "CVE-2020-36312", "CVE-2020-36322", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-28038", "CVE-2021-28375", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972", "CVE-2021-29154", "CVE-2021-29264", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-30002", "CVE-2021-3428", "CVE-2021-3444", "CVE-2021-3483"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-preempt", "p-cpe:/a:novell:suse_linux:kernel-preempt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-preempt-debugsource", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-1238-1.NASL", "href": "https://www.tenable.com/plugins/nessus/148747", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:1238-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148747);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2019-18814\",\n \"CVE-2019-19769\",\n \"CVE-2020-25670\",\n \"CVE-2020-25671\",\n \"CVE-2020-25672\",\n \"CVE-2020-25673\",\n \"CVE-2020-27170\",\n \"CVE-2020-27171\",\n \"CVE-2020-27815\",\n \"CVE-2020-35519\",\n \"CVE-2020-36310\",\n \"CVE-2020-36311\",\n \"CVE-2020-36312\",\n \"CVE-2020-36322\",\n \"CVE-2021-3428\",\n \"CVE-2021-3444\",\n \"CVE-2021-3483\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\",\n \"CVE-2021-28038\",\n \"CVE-2021-28375\",\n \"CVE-2021-28660\",\n \"CVE-2021-28688\",\n \"CVE-2021-28950\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-28972\",\n \"CVE-2021-29154\",\n \"CVE-2021-29264\",\n \"CVE-2021-29265\",\n \"CVE-2021-29647\",\n \"CVE-2021-30002\"\n );\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:1238-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3444: Fixed an issue with the bpf verifier which did not\nproperly handle mod32 destination register truncation when the source\nregister was known to be 0 leading to out of bounds read\n(bsc#1184170).\n\nCVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent\n(bsc#1173485).\n\nCVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have\nallowed attackers to obtain sensitive information from kernel memory\nbecause of a partially uninitialized data structure (bsc#1184192 ).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have\nallowed attackers to cause a denial of service due to race conditions\nduring an update of the local and shared status (bsc#1184167).\n\nCVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet\ndriver which could have allowed attackers to cause a system crash due\nto a calculation of negative fragment size (bsc#1184168).\n\nCVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a\nnew device name to the driver from userspace, allowing userspace to\nwrite data to the kernel stack frame directly (bsc#1184198).\n\nCVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could\nhave caused a system crash because the PEBS status in a PEBS record\nwas mishandled (bsc#1184196 ).\n\nCVE-2021-28964: Fixed a race condition in get_old_root which could\nhave allowed attackers to cause a denial of service (bsc#1184193).\n\nCVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).\n\nCVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan\n(bsc#1183593 ).\n\nCVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did\nnot prevent user applications from sending kernel RPC messages\n(bsc#1183596).\n\nCVE-2021-28038: Fixed an issue with the netback driver which was\nlacking necessary treatment of errors such as failed memory\nallocations (bsc#1183022).\n\nCVE-2021-27365: Fixed an issue where an unprivileged user can send a\nNetlink message that is associated with iSCSI, and has a length up to\nthe maximum length of a Netlink message (bsc#1182715).\n\nCVE-2021-27364: Fixed an issue where an attacker could craft Netlink\nmessages (bsc#1182717).\n\nCVE-2021-27363: Fixed a kernel pointer leak which could have been used\nto determine the address of the iscsi_transport structure\n(bsc#1182716).\n\nCVE-2020-35519: Fixed an out-of-bounds memory access was found in\nx25_bind (bsc#1183696).\n\nCVE-2020-27815: Fixed an issue in JFS filesystem where could have\nallowed an attacker to execute code (bsc#1179454).\n\nCVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds\nspeculation on pointer arithmetic, leading to side-channel attacks\nthat defeat Spectre mitigations and obtain sensitive information from\nkernel memory (bsc#1183775).\n\nCVE-2020-27170: Fixed potential side-channel attacks that defeat\nSpectre mitigations and obtain sensitive information from kernel\nmemory (bsc#1183686).\n\nCVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire\nfunction (bsc#1159280 ).\n\nCVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in\naa_audit_rule_init() (bsc#1156256).\n\nCVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393).\n\nCVE-2021-30002: Fixed a memory leak for large arguments in\nvideo_usercopy (bsc#1184120).\n\nCVE-2021-29154: Fixed incorrect computation of branch displacements,\nallowing arbitrary code execution (bsc#1184391).\n\nCVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop\ncontinually was finding the same bad inode (bsc#1184194).\n\nCVE-2020-36312: Fixed a memory leak upon a kmalloc failure\n(bsc#1184509 ).\n\nCVE-2020-36311: Fixed a denial of service (soft lockup) by triggering\ndestruction of a large SEV VM (bsc#1184511).\n\nCVE-2020-36310: Fixed infinite loop for certain nested page faults\n(bsc#1184512).\n\nCVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed\nmultiple bugs in NFC subsytem (bsc#1178181).\n\nCVE-2020-36322: Fixed an issue was discovered in FUSE filesystem\nimplementation which could have caused a system crash (bsc#1184211).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1153274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156256\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1159280\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1160634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1167773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168777\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177326\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178181\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180980\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181862\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182077\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182989\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183277\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183280\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183287\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183288\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183366\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183369\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183412\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183416\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183501\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183530\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183750\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183757\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183859\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184176\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184194\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184218\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184219\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184220\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184224\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184583\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184585\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-18814/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19769/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25670/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25671/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25672/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25673/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27170/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27171/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27815/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35519/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36310/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36311/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36312/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36322/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27363/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27364/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27365/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28038/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28375/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28688/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28950/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28964/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28971/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28972/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29154/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29264/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29265/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29647/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30002/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3428/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3444/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3483/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20211238-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4eff8d90\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE MicroOS 5.0 :\n\nzypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1238=1\n\nSUSE Linux Enterprise Workstation Extension 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-1238=1\n\nSUSE Linux Enterprise Module for Live Patching 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-1238=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2021-1238=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Development-Tools-15-SP2-2021-1238=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1238=1\n\nSUSE Linux Enterprise High Availability 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-1238=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28660\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-18814\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debuginfo-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debugsource-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-debuginfo-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-base-5.3.18-24.61.1.9.26.4\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-debuginfo-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-debugsource-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-devel-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-devel-debuginfo-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-obs-build-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-obs-build-debugsource-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-syms-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"reiserfs-kmp-default-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"reiserfs-kmp-default-debuginfo-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debuginfo-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debugsource-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-debuginfo-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-base-5.3.18-24.61.1.9.26.4\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-debuginfo-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-debugsource-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-devel-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-devel-debuginfo-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-obs-build-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-obs-build-debugsource-5.3.18-24.61.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-syms-5.3.18-24.61.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-19T14:56:14", "description": "The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170).\n\nCVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485).\n\nCVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167).\n\nCVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168).\n\nCVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198).\n\nCVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ).\n\nCVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193).\n\nCVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).\n\nCVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ).\n\nCVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022).\n\nCVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715).\n\nCVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717).\n\nCVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716).\n\nCVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747).\n\nCVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753).\n\nCVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843).\n\nCVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696).\n\nCVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access (bsc#1179660, bsc#1179428).\n\nCVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454).\n\nCVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775).\n\nCVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686).\n\nCVE-2020-0433: Fixed a use after free due to improper locking which could have led to local escalation of privilege (bsc#1176720).\n\nCVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393).\n\nCVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120).\n\nCVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391).\n\nCVE-2021-20219: Fixed a denial of service in n_tty_receive_char_special (bsc#1184397).\n\nCVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511).\n\nCVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-04-16T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1210-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0433", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-25673", "CVE-2020-27170", "CVE-2020-27171", "CVE-2020-27815", "CVE-2020-29368", "CVE-2020-29374", "CVE-2020-35519", "CVE-2020-36311", "CVE-2021-20219", "CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-28038", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972", "CVE-2021-29154", "CVE-2021-29264", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-30002", "CVE-2021-3428", "CVE-2021-3444", "CVE-2021-3483"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-1210-1.NASL", "href": "https://www.tenable.com/plugins/nessus/148700", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:1210-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148700);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2020-0433\",\n \"CVE-2020-25670\",\n \"CVE-2020-25671\",\n \"CVE-2020-25672\",\n \"CVE-2020-25673\",\n \"CVE-2020-27170\",\n \"CVE-2020-27171\",\n \"CVE-2020-27815\",\n \"CVE-2020-29368\",\n \"CVE-2020-29374\",\n \"CVE-2020-35519\",\n \"CVE-2020-36311\",\n \"CVE-2021-3428\",\n \"CVE-2021-3444\",\n \"CVE-2021-3483\",\n \"CVE-2021-20219\",\n \"CVE-2021-26930\",\n \"CVE-2021-26931\",\n \"CVE-2021-26932\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\",\n \"CVE-2021-28038\",\n \"CVE-2021-28660\",\n \"CVE-2021-28688\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-28972\",\n \"CVE-2021-29154\",\n \"CVE-2021-29264\",\n \"CVE-2021-29265\",\n \"CVE-2021-29647\",\n \"CVE-2021-30002\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1210-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3444: Fixed an issue with the bpf verifier which did not\nproperly handle mod32 destination register truncation when the source\nregister was known to be 0 leading to out of bounds read\n(bsc#1184170).\n\nCVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent\n(bsc#1173485).\n\nCVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have\nallowed attackers to obtain sensitive information from kernel memory\nbecause of a partially uninitialized data structure (bsc#1184192 ).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have\nallowed attackers to cause a denial of service due to race conditions\nduring an update of the local and shared status (bsc#1184167).\n\nCVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet\ndriver which could have allowed attackers to cause a system crash due\nto a calculation of negative fragment size (bsc#1184168).\n\nCVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a\nnew device name to the driver from userspace, allowing userspace to\nwrite data to the kernel stack frame directly (bsc#1184198).\n\nCVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could\nhave caused a system crash because the PEBS status in a PEBS record\nwas mishandled (bsc#1184196 ).\n\nCVE-2021-28964: Fixed a race condition in get_old_root which could\nhave allowed attackers to cause a denial of service (bsc#1184193).\n\nCVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).\n\nCVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan\n(bsc#1183593 ).\n\nCVE-2021-28038: Fixed an issue with the netback driver which was\nlacking necessary treatment of errors such as failed memory\nallocations (bsc#1183022).\n\nCVE-2021-27365: Fixed an issue where an unprivileged user can send a\nNetlink message that is associated with iSCSI, and has a length up to\nthe maximum length of a Netlink message (bsc#1182715).\n\nCVE-2021-27364: Fixed an issue where an attacker could craft Netlink\nmessages (bsc#1182717).\n\nCVE-2021-27363: Fixed a kernel pointer leak which could have been used\nto determine the address of the iscsi_transport structure\n(bsc#1182716).\n\nCVE-2021-26932: Fixed improper error handling issues in Linux grant\nmapping (XSA-361 bsc#1181747).\n\nCVE-2021-26931: Fixed an issue where Linux kernel was treating grant\nmapping errors as bugs (XSA-362 bsc#1181753).\n\nCVE-2021-26930: Fixed an improper error handling in blkback's grant\nmapping (XSA-365 bsc#1181843).\n\nCVE-2020-35519: Fixed an out-of-bounds memory access was found in\nx25_bind (bsc#1183696).\n\nCVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write\nimplementation which could have granted unintended write access\n(bsc#1179660, bsc#1179428).\n\nCVE-2020-27815: Fixed an issue in JFS filesystem where could have\nallowed an attacker to execute code (bsc#1179454).\n\nCVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds\nspeculation on pointer arithmetic, leading to side-channel attacks\nthat defeat Spectre mitigations and obtain sensitive information from\nkernel memory (bsc#1183775).\n\nCVE-2020-27170: Fixed potential side-channel attacks that defeat\nSpectre mitigations and obtain sensitive information from kernel\nmemory (bsc#1183686).\n\nCVE-2020-0433: Fixed a use after free due to improper locking which\ncould have led to local escalation of privilege (bsc#1176720).\n\nCVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393).\n\nCVE-2021-30002: Fixed a memory leak for large arguments in\nvideo_usercopy (bsc#1184120).\n\nCVE-2021-29154: Fixed incorrect computation of branch displacements,\nallowing arbitrary code execution (bsc#1184391).\n\nCVE-2021-20219: Fixed a denial of service in\nn_tty_receive_char_special (bsc#1184397).\n\nCVE-2020-36311: Fixed a denial of service (soft lockup) by triggering\ndestruction of a large SEV VM (bsc#1184511).\n\nCVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed\nmultiple bugs in NFC subsytem (bsc#1178181).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104270\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109837\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175165\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178181\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179243\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180846\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181515\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181747\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181753\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182175\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183379\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183380\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183416\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184114\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184494\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184583\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0433/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25670/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25671/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25672/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25673/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27170/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27171/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27815/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29368/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29374/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35519/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36311/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20219/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26930/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26931/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26932/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27363/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27364/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27365/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28038/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28688/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28964/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28971/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28972/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29154/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29264/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29265/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29647/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30002/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3428/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3444/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3483/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20211210-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?07418a12\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP5 :\n\nzypper in -t patch SUSE-SLE-WE-12-SP5-2021-1210=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1210=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1210=1\n\nSUSE Linux Enterprise Live Patching 12-SP5 :\n\nzypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-1210=1\n\nSUSE Linux Enterprise High Availability 12-SP5 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP5-2021-1210=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28660\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-122.66.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-122.66.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-4.12.14-122.66.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-base-4.12.14-122.66.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-base-debuginfo-4.12.14-122.66.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-debuginfo-4.12.14-122.66.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-debugsource-4.12.14-122.66.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-devel-4.12.14-122.66.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-syms-4.12.14-122.66.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-23T15:27:14", "description": "The SUSE Linux Enterprise 15 SP2 kernel RT was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170).\n\n - CVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485).\n\n - CVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ).\n\n - CVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167).\n\n - CVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168).\n\n - CVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198).\n\n - CVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ).\n\n - CVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193).\n\n - CVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).\n\n - CVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ).\n\n - CVE-2021-28375: Fixed an issue in fastrpc_internal_invoke which did not prevent user applications from sending kernel RPC messages (bsc#1183596).\n\n - CVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022).\n\n - CVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715).\n\n - CVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717).\n\n - CVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716).\n\n - CVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696).\n\n - CVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454).\n\n - CVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775).\n\n - CVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686).\n\n - CVE-2019-19769: Fixed a use-after-free in the perf_trace_lock_acquire function (bsc#1159280 ).\n\n - CVE-2019-18814: Fixed a use-after-free when aa_label_parse() fails in aa_audit_rule_init() (bsc#1156256).\n\n - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181).\n\n - CVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511).\n\n - CVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391).\n\n - CVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120).\n\n - CVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393).\n\n - CVE-2020-36310: Fixed infinite loop for certain nested page faults (bsc#1184512).\n\n - CVE-2020-36312: Fixed a memory leak upon a kmalloc failure (bsc#1184509 ).\n\n - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due to a retry loop continually was finding the same bad inode (bsc#1184194).\n\nThe following non-security bugs were fixed :\n\n - 0007-block-add-docs-for-gendisk-request_queue-refcount-h e.patch: (bsc#1171295, git fixes (block drivers)).\n\n - 0008-block-revert-back-to-synchronous-request_queue-remo v.patch: (bsc#1171295, git fixes (block drivers)).\n\n - 0009-blktrace-fix-debugfs-use-after-free.patch:\n (bsc#1171295, git fixes (block drivers)). \n\n - ACPI: bus: Constify is_acpi_node() and friends (part 2) (git-fixes).\n\n - ACPICA: Always create namespace nodes using acpi_ns_create_node() (git-fixes).\n\n - ACPICA: Enable sleep button on ACPI legacy wake (bsc#1181383).\n\n - ACPICA: Fix race in generic_serial_bus (I2C) and GPIO op_region parameter handling (git-fixes).\n\n - ACPI: scan: Rearrange memory allocation in acpi_device_add() (git-fixes).\n\n - ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807 (git-fixes).\n\n - ACPI: video: Add missing callback back for Sony VPCEH3U1E (git-fixes).\n\n - ALSA: aloop: Fix initialization of controls (git-fixes).\n\n - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits (git-fixes).\n\n - ALSA: hda: Avoid spurious unsol event handling during S3/S4 (git-fixes).\n\n - ALSA: hda: Drop the BATCH workaround for AMD controllers (git-fixes).\n\n - ALSA: hda: generic: Fix the micmute led init state (git-fixes).\n\n - ALSA: hda/hdmi: Cancel pending works before suspend (git-fixes).\n\n - ALSA: hda/realtek: Add quirk for Clevo NH55RZQ (git-fixes).\n\n - ALSA: hda/realtek: Add quirk for Intel NUC 10 (git-fixes).\n\n - ALSA: hda/realtek: Apply dual codec quirks for MSI Godlike X570 board (git-fixes).\n\n - ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air (git-fixes).\n\n - ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro (git-fixes).\n\n - ALSA: hda/realtek: Enable headset mic of Acer SWIFT with ALC256 (git-fixes).\n\n - ALSA: hda/realtek: fix a determine_headset_type issue for a Dell AIO (git-fixes).\n\n - ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire E1 (git-fixes).\n\n - ALSA: usb: Add Plantronics C320-M USB ctrl msg delay quirk (bsc#1182552).\n\n - ALSA: usb-audio: Allow modifying parameters with succeeding hw_params calls (bsc#1182552).\n\n - ALSA: usb-audio: Apply sample rate quirk to Logitech Connect (git-fixes).\n\n - ALSA: usb-audio: Apply the control quirk to Plantronics headsets (bsc#1182552).\n\n - ALSA: usb-audio: Disable USB autosuspend properly in setup_disable_autosuspend() (bsc#1182552).\n\n - ALSA: usb-audio: Do not abort even if the clock rate differs (bsc#1182552).\n\n - ALSA: usb-audio: Drop bogus dB range in too low level (bsc#1182552).\n\n - ALSA: usb-audio: Fix 'cannot get freq eq' errors on Dell AE515 sound bar (bsc#1182552).\n\n - ALSA: usb-audio: fix NULL ptr dereference in usb_audio_probe (bsc#1182552).\n\n - ALSA: usb-audio: Fix 'RANGE setting not yet supported' errors (git-fixes).\n\n - ALSA: usb-audio: fix use after free in usb_audio_disconnect (bsc#1182552).\n\n - ALSA: usb-audio: Skip the clock selector inquiry for single connections (git-fixes).\n\n - ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it (git-fixes).\n\n - amd/amdgpu: Disable VCN DPG mode for Picasso (git-fixes).\n\n - apparmor: check/put label on apparmor_sk_clone_security() (git-fixes).\n\n - appletalk: Fix skb allocation size in loopback case (git-fixes).\n\n - arm64: make STACKPROTECTOR_PER_TASK configurable (bsc#1181862).\n\n - ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes).\n\n - ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes).\n\n - ASoC: cs42l42: Always wait at least 3ms after reset (git-fixes).\n\n - ASoC: cs42l42: Do not enable/disable regulator at Bias Level (git-fixes).\n\n - ASoC: cs42l42: Fix Bitclock polarity inversion (git-fixes).\n\n - ASoC: cs42l42: Fix channel width support (git-fixes).\n\n - ASoC: cs42l42: Fix mixer volume control (git-fixes).\n\n - ASoC: cygnus: fix for_each_child.cocci warnings (git-fixes).\n\n - ASoC: es8316: Simplify adc_pga_gain_tlv table (git-fixes).\n\n - ASoC: fsl_esai: Fix TDM slot setup for I2S mode (git-fixes).\n\n - ASoC: fsl_ssi: Fix TDM slot setup for I2S mode (git-fixes).\n\n - ASoC: Intel: Add DMI quirk table to soc_intel_is_byt_cr() (git-fixes).\n\n - ASoC: intel: atom: Remove 44100 sample-rate from the media and deep-buffer DAI descriptions (git-fixes).\n\n - ASoC: intel: atom: Stop advertising non working S24LE support (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium 140 (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One S1002 tablet (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for the Estar Beauty HD MID 7316R tablet (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad A15 tablet (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX OVCD current threshold (git-fixes).\n\n - ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper EZpad 7 tablet (git-fixes).\n\n - ASoC: max98373: Added 30ms turn on/off time delay (git-fixes).\n\n - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes).\n\n - ASoC: rt5651: Fix dac- and adc- vol-tlv values being off by a factor of 10 (git-fixes).\n\n - ASoC: rt5670: Add emulated 'DAC1 Playback Switch' control (git-fixes).\n\n - ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from Sto1 ADC mixer settings (git-fixes).\n\n - ASoC: rt5670: Remove 'HP Playback Switch' control (git-fixes).\n\n - ASoC: rt5670: Remove 'OUT Channel Switch' control (git-fixes).\n\n - ASoC: sgtl5000: set DAP_AVC_CTRL register to correct default value on probe (git-fixes).\n\n - ASoC: simple-card-utils: Do not handle device clock (git-fixes).\n\n - ASoC: sunxi: sun4i-codec: fill ASoC card owner (git-fixes).\n\n - ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled for some chips (git-fixes).\n\n - ath10k: fix wmi mgmt tx queue full due to race condition (git-fixes).\n\n - ath10k: hold RCU lock when calling ieee80211_find_sta_by_ifaddr() (git-fixes).\n\n - ath9k: fix transmitting to stations in dynamic SMPS mode (git-fixes).\n\n - atl1c: fix error return code in atl1c_probe() (git-fixes).\n\n - atl1e: fix error return code in atl1e_probe() (git-fixes).\n\n - batman-adv: initialize 'struct batadv_tvlv_tt_vlan_data'->reserved field (git-fixes).\n\n - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes).\n\n - binfmt_misc: fix possible deadlock in bm_register_write (git-fixes).\n\n - blktrace-annotate-required-lock-on-do_blk_trace_setu.pat ch: (bsc#1171295).\n\n - blktrace-Avoid-sparse-warnings-when-assigning-q-blk_.pat ch: (bsc#1171295).\n\n - blktrace-break-out-of-blktrace-setup-on-concurrent-c.pat ch: (bsc#1171295).\n\n - block-clarify-context-for-refcount-increment-helpers.pat ch: (bsc#1171295).\n\n - block: rsxx: fix error return code of rsxx_pci_probe() (git-fixes).\n\n - Bluetooth: Fix NULL pointer dereference in amp_read_loc_assoc_final_data (git-fixes).\n\n - Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY for btrtl (git-fixes).\n\n - bnxt_en: reliably allocate IRQ table on reset to avoid crash (jsc#SLE-8371 bsc#1153274).\n\n - bpf: Add sanity check for upper ptr_limit (bsc#1183686 bsc#1183775).\n\n - bpf: Avoid warning when re-casting __bpf_call_base into\n __bpf_call_base_args (bsc#1155518).\n\n - bpf: Declare __bpf_free_used_maps() unconditionally (bsc#1155518).\n\n - bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp programs (bsc#1155518).\n\n - bpf: Fix 32 bit src register truncation on div/mod (bsc#1184170).\n\n - bpf_lru_list: Read double-checked variable once without lock (bsc#1155518).\n\n - bpf: Remove MTU check in __bpf_skb_max_len (bsc#1155518).\n\n - bpf: Simplify alu_limit masking for pointer arithmetic (bsc#1183686 bsc#1183775).\n\n - bpf,x64: Pad NOPs to make images converge more easily (bsc#1178163).\n\n - brcmfmac: Add DMI nvram filename quirk for Predia Basic tablet (git-fixes).\n\n - brcmfmac: Add DMI nvram filename quirk for Voyo winpad A15 tablet (git-fixes).\n\n - brcmfmac: clear EAP/association status bits on linkdown events (git-fixes).\n\n - btrfs: abort the transaction if we fail to inc ref in btrfs_copy_root (bsc#1184217).\n\n - btrfs: always pin deleted leaves when there are active tree mod log users (bsc#1184224).\n\n - btrfs: fix exhaustion of the system chunk array due to concurrent allocations (bsc#1183386).\n\n - btrfs: fix extent buffer leak on failure to copy root (bsc#1184218).\n\n - btrfs: fix race when cloning extent buffer during rewind of an old root (bsc#1184193).\n\n - btrfs: fix stale data exposure after cloning a hole with NO_HOLES enabled (bsc#1184220).\n\n - btrfs: fix subvolume/snapshot deletion not triggered on mount (bsc#1184219).\n\n - bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD (git-fixes).\n\n - bus: ti-sysc: Fix warning on unbind if reset is not deasserted (git-fixes).\n\n - can: c_can: move runtime PM enable/disable to c_can_platform (git-fixes).\n\n - can: c_can_pci: c_can_pci_remove(): fix use-after-free (git-fixes).\n\n - can: flexcan: assert FRZ bit in flexcan_chip_freeze() (git-fixes).\n\n - can: flexcan: enable RX FIFO after FRZ/HALT valid (git-fixes).\n\n - can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate (git-fixes).\n\n - can: flexcan: invoke flexcan_chip_freeze() to enter freeze mode (git-fixes).\n\n - can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning (git-fixes).\n\n - can: peak_usb: add forgotten supported devices (git-fixes).\n\n - can: peak_usb: Revert 'can: peak_usb: add forgotten supported devices' (git-fixes).\n\n - can: skb: can_skb_set_owner(): fix ref counting if socket was closed before setting skb ownership (git-fixes).\n\n - cdc-acm: fix BREAK rx code path adding necessary calls (git-fixes).\n\n - certs: Fix blacklist flag type confusion (git-fixes).\n\n - cifs: change noisy error message to FYI (bsc#1181507).\n\n - cifs: check pointer before freeing (bsc#1183534).\n\n - cifs_debug: use %pd instead of messing with ->d_name (bsc#1181507).\n\n - cifs: do not send close in compound create+close requests (bsc#1181507).\n\n - cifs: New optype for session operations (bsc#1181507).\n\n - cifs: print MIDs in decimal notation (bsc#1181507).\n\n - cifs: return proper error code in statfs(2) (bsc#1181507).\n\n - cifs: Tracepoints and logs for tracing credit changes (bsc#1181507).\n\n - clk: fix invalid usage of list cursor in register (git-fixes).\n\n - clk: fix invalid usage of list cursor in unregister (git-fixes).\n\n - clk: socfpga: fix iomem pointer cast on 64-bit (git-fixes).\n\n - completion: Drop init_completion define (git-fixes).\n\n - configfs: fix a use-after-free in __configfs_open_file (git-fixes).\n\n - config: net: freescale: change xgmac-mdio to built-in References: bsc#1183015,bsc#1182595\n\n - crypto: aesni - prevent misaligned buffers on the stack (git-fixes).\n\n - crypto: arm64/sha - add missing module aliases (git-fixes).\n\n - crypto: bcm - Rename struct device_private to bcm_device_private (git-fixes).\n\n - crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires the manager (git-fixes).\n\n - crypto: tcrypt - avoid signed overflow in byte count (git-fixes).\n\n - Delete patches.suse/sched-Reenable-interrupts-in-do_sched_yield .patch (bsc#1183530) \n\n - drivers/misc/vmw_vmci: restrict too big queue size in qp_host_alloc_queue (git-fixes).\n\n - drivers: video: fbcon: fix NULL dereference in fbcon_cursor() (git-fixes).\n\n - drm/amd/display: Guard against NULL pointer deref when get_i2c_info fails (git-fixes).\n\n - drm/amdgpu: Add check to prevent IH overflow (git-fixes).\n\n - drm/amdgpu: check alignment on CPU page for bo map (git-fixes).\n\n - drm/amdgpu: fix offset calculation in amdgpu_vm_bo_clear_mappings() (git-fixes).\n\n - drm/amdgpu: fix parameter error of RREG32_PCIE() in amdgpu_regs_pcie (git-fixes).\n\n - drm/amdkfd: Put ACPI table after using it (bsc#1152489) Backporting notes: &#9;* context changes\n\n - drm/amd/powerplay: fix spelling mistake 'smu_state_memroy_block' -> (bsc#1152489) Backporting notes: &#9;* rename amd/pm to amd/powerplay &#9;* context changes\n\n - drm/compat: Clear bounce structures (git-fixes).\n\n - drm/hisilicon: Fix use-after-free (git-fixes).\n\n - drm/i915: Fix invalid access to ACPI _DSM objects (bsc#1184074).\n\n - drm/i915: Reject 446-480MHz HDMI clock on GLK (git-fixes).\n\n - drm/mediatek: Fix aal size config (bsc#1152489) \n\n - drm: meson_drv add shutdown function (git-fixes).\n\n - drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL register (git-fixes).\n\n - drm/msm/adreno: a5xx_power: Do not apply A540 lm_setup to other GPUs (git-fixes).\n\n - drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY) (git-fixes).\n\n - drm/msm: Fix races managing the OOB state for timestamp vs (bsc#1152489) \n\n - drm/msm: fix shutdown hook in case GPU components failed to bind (git-fixes).\n\n - drm/msm: Fix use-after-free in msm_gem with carveout (bsc#1152489) \n\n - drm/msm: Fix WARN_ON() splat in _free_object() (bsc#1152489) \n\n - drm/msm/gem: Add obj->lock wrappers (bsc#1152489) \n\n - drm/msm: Ratelimit invalid-fence message (git-fixes).\n\n - drm/msm: Set drvdata to NULL when msm_drm_init() fails (git-fixes).\n\n - drm/nouveau: bail out of nouveau_channel_new if channel init fails (bsc#1152489) \n\n - drm/nouveau/kms: handle mDP connectors (git-fixes).\n\n - drm/panfrost: Do not corrupt the queue mutex on open/close (bsc#1152472) \n\n - drm/panfrost: Fix job timeout handling (bsc#1152472) \n\n - drm/panfrost: Remove unused variables in panfrost_job_close() (bsc#1152472)\n\n - drm/radeon: fix AGP dependency (git-fixes).\n\n - drm: rcar-du: Fix crash when using LVDS1 clock for CRTC (bsc#1152489) \n\n - drm/sched: Cancel and flush all outstanding jobs before finish (git-fixes).\n\n - drm/sun4i: tcon: fix inverted DCLK polarity (bsc#1152489) \n\n - drm/tegra: sor: Grab runtime PM reference across reset (git-fixes).\n\n - drm/vc4: hdmi: Restore cec physical address on reconnect (bsc#1152472) \n\n - efi: use 32-bit alignment for efi_guid_t literals (git-fixes).\n\n - enetc: Fix reporting of h/w packet counters (git-fixes).\n\n - epoll: check for events when removing a timed out thread from the wait queue (git-fixes).\n\n - ethernet: alx: fix order of calls on resume (git-fixes).\n\n - exec: Move would_dump into flush_old_exec (git-fixes).\n\n - exfat: add missing MODULE_ALIAS_FS() (bsc#1182989).\n\n - exfat: add the dummy mount options to be backward compatible with staging/exfat (bsc#1182989).\n\n - extcon: Add stubs for extcon_register_notifier_all() functions (git-fixes).\n\n - extcon: Fix error handling in extcon_dev_register (git-fixes).\n\n - fbdev: aty: SPARC64 requires FB_ATY_CT (git-fixes).\n\n - firmware/efi: Fix a use after bug in efi_mem_reserve_persistent (git-fixes).\n\n - flow_dissector: fix byteorder of dissected ICMP ID (bsc#1154353).\n\n - fsl/fman: check dereferencing NULL pointer (git-fixes).\n\n - fsl/fman: fix dereference null return value (git-fixes).\n\n - fsl/fman: fix eth hash table allocation (git-fixes).\n\n - fsl/fman: fix unreachable code (git-fixes).\n\n - fsl/fman: use 32-bit unsigned integer (git-fixes).\n\n - fuse: fix bad inode (bsc#1184211).\n\n - fuse: fix live lock in fuse_iget() (bsc#1184211).\n\n - fuse: verify write return (git-fixes).\n\n - gcc-plugins: drop support for GCC <= 4.7 (bcs#1181862).\n\n - gcc-plugins: make it possible to disable CONFIG_GCC_PLUGINS again (bcs#1181862).\n\n - gcc-plugins: simplify GCC plugin-dev capability test (bsc#1181862).\n\n - gianfar: Account for Tx PTP timestamp in the skb headroom (git-fixes).\n\n - gianfar: Fix TX timestamping with a stacked DSA driver (git-fixes).\n\n - gianfar: Handle error code at MAC address change (git-fixes).\n\n - gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP (git-fixes).\n\n - Goodix Fingerprint device is not a modem (git-fixes).\n\n - gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes).\n\n - gpio: pca953x: Set IRQ type when handle Intel Galileo Gen 2 (git-fixes).\n\n - gpio: zynq: fix reference leak in zynq_gpio functions (git-fixes).\n\n - HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for ITE8568 EC on Voyo Winpad A15 (git-fixes).\n\n - HID: mf: add support for 0079:1846 Mayflash/Dragonrise USB Gamecube Adapter (git-fixes).\n\n - HSI: Fix PM usage counter unbalance in ssi_hw_init (git-fixes).\n\n - hwmon: (ina3221) Fix PM usage counter unbalance in ina3221_write_enable (git-fixes).\n\n - i2c: rcar: faster irq code to minimize HW race condition (git-fixes).\n\n - i2c: rcar: optimize cacheline to minimize HW race condition (git-fixes).\n\n - i40e: Fix parameters in aq_get_phy_register() (jsc#SLE-8025).\n\n - i40e: Fix sparse error: 'vsi->netdev' could be null (jsc#SLE-8025).\n\n - iavf: Fix incorrect adapter get in iavf_resume (git-fixes).\n\n - iavf: use generic power management (git-fixes).\n\n - ibmvnic: add comments for spinlock_t definitions (bsc#1183871 ltc#192139).\n\n - ibmvnic: always store valid MAC address (bsc#1182011 ltc#191844).\n\n - ibmvnic: avoid multiple line dereference (bsc#1183871 ltc#192139).\n\n - ibmvnic: fix block comments (bsc#1183871 ltc#192139).\n\n - ibmvnic: fix braces (bsc#1183871 ltc#192139).\n\n - ibmvnic: fix miscellaneous checks (bsc#1183871 ltc#192139).\n\n - ibmvnic: Fix possibly uninitialized old_num_tx_queues variable warning (jsc#SLE-17268).\n\n - ibmvnic: merge do_change_param_reset into do_reset (bsc#1183871 ltc#192139).\n\n - ibmvnic: prefer strscpy over strlcpy (bsc#1183871 ltc#192139).\n\n - ibmvnic: prefer 'unsigned long' over 'unsigned long int' (bsc#1183871 ltc#192139).\n\n - ibmvnic: remove excessive irqsave (bsc#1182485 ltc#191591).\n\n - ibmvnic: remove unnecessary rmb() inside ibmvnic_poll (bsc#1183871 ltc#192139).\n\n - ibmvnic: remove unused spinlock_t stats_lock definition (bsc#1183871 ltc#192139).\n\n - ibmvnic: rework to ensure SCRQ entry reads are properly ordered (bsc#1183871 ltc#192139).\n\n - ibmvnic: simplify reset_long_term_buff function (bsc#1183023 ltc#191791).\n\n - ibmvnic: substitute mb() with dma_wmb() for send_*crq* functions (bsc#1183023 ltc#191791).\n\n - ice: fix memory leak if register_netdev_fails (git-fixes).\n\n - ice: fix memory leak in ice_vsi_setup (git-fixes).\n\n - ice: Fix state bits on LLDP mode switch (jsc#SLE-7926).\n\n - ice: remove DCBNL_DEVRESET bit from PF state (jsc#SLE-7926).\n\n - ice: renegotiate link after FW DCB on (jsc#SLE-8464).\n\n - ice: report correct max number of TCs (jsc#SLE-7926).\n\n - ice: update the number of available RSS queues (jsc#SLE-7926).\n\n - igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634).\n\n - iio: adc: ad7949: fix wrong ADC result due to incorrect bit mask (git-fixes).\n\n - iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel (git-fixes).\n\n - iio: adis16400: Fix an error code in adis16400_initial_setup() (git-fixes).\n\n - iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler (git-fixes).\n\n - iio: hid-sensor-humidity: Fix alignment issue of timestamp channel (git-fixes).\n\n - iio: hid-sensor-prox: Fix scale not correct issue (git-fixes).\n\n - iio: hid-sensor-temperature: Fix issues of timestamp channel (git-fixes).\n\n - include/linux/sched/mm.h: use rcu_dereference in in_vfork() (git-fixes).\n\n - Input: applespi - do not wait for responses to commands indefinitely (git-fixes).\n\n - Input: elantech - fix protocol errors for some trackpoints in SMBus mode (git-fixes).\n\n - Input: i8042 - add ASUS Zenbook Flip to noselftest list (git-fixes).\n\n - Input: raydium_ts_i2c - do not send zero length (git-fixes).\n\n - Input: xpad - add support for PowerA Enhanced Wired Controller for Xbox Series X|S (git-fixes).\n\n - iommu/amd: Fix sleeping in atomic in increase_address_space() (bsc#1183277).\n\n - iommu/intel: Fix memleak in intel_irq_remapping_alloc (bsc#1183278).\n\n - iommu/qcom: add missing put_device() call in qcom_iommu_of_xlate() (bsc#1183637).\n\n - iommu/vt-d: Add get_domain_info() helper (bsc#1183279).\n\n - iommu/vt-d: Avoid panic if iommu init fails in tboot system (bsc#1183280).\n\n - iommu/vt-d: Correctly check addr alignment in qi_flush_dev_iotlb_pasid() (bsc#1183281).\n\n - iommu/vt-d: Do not use flush-queue when caching-mode is on (bsc#1183282).\n\n - iommu/vt-d: Fix general protection fault in aux_detach_device() (bsc#1183283).\n\n - iommu/vt-d: Fix ineffective devTLB invalidation for subdevices (bsc#1183284).\n\n - iommu/vt-d: Fix unaligned addresses for intel_flush_svm_range_dev() (bsc#1183285).\n\n - iommu/vt-d: Move intel_iommu info from struct intel_svm to struct intel_svm_dev (bsc#1183286).\n\n - ionic: linearize tso skb with too many frags (bsc#1167773).\n\n - kABI: powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes).\n\n - kbuild: add dummy toolchains to enable all cc-option etc. in Kconfig (bcs#1181862).\n\n - kbuild: change *FLAGS_<basetarget>.o to take the path relative to $(obj) (bcs#1181862).\n\n - kbuild: dummy-tools, fix inverted tests for gcc (bcs#1181862).\n\n - kbuild: dummy-tools, support MPROFILE_KERNEL checks for ppc (bsc#1181862).\n\n - kbuild: Fail if gold linker is detected (bcs#1181862).\n\n - kbuild: improve cc-option to clean up all temporary files (bsc#1178330).\n\n - kbuild: include scripts/Makefile.* only when relevant CONFIG is enabled (bcs#1181862).\n\n - kbuild: simplify GCC_PLUGINS enablement in dummy-tools/gcc (bcs#1181862).\n\n - kbuild: stop filtering out $(GCC_PLUGINS_CFLAGS) from cc-option base (bcs#1181862).\n\n - kbuild: use -S instead of -E for precise cc-option test in Kconfig (bsc#1178330).\n\n - kconfig: introduce m32-flag and m64-flag (bcs#1181862).\n\n - KVM: nVMX: Properly handle userspace interrupt window request (bsc#1183427).\n\n - KVM: SVM: Clear the CR4 register on reset (bsc#1183252).\n\n - KVM: x86: Add helpers to perform CPUID-based guest vendor check (bsc#1183445). \n\n - KVM: x86: Add RIP to the kvm_entry, i.e. VM-Enter, tracepoint Needed as a dependency of 0b40723a827 ('kvm:\n tracing: Fix unmatched kvm_entry and kvm_exit events', bsc#1182770).\n\n - KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (bsc#1183287).\n\n - KVM: x86: do not reset microcode version on INIT or RESET (bsc#1183412).\n\n - KVM x86: Extend AMD specific guest behavior to Hygon virtual CPUs (bsc#1183447).\n\n - KVM: x86: list MSR_IA32_UCODE_REV as an emulated MSR (bsc#1183369).\n\n - KVM: x86: Return -E2BIG when KVM_GET_SUPPORTED_CPUID hits max entries (bsc#1183428).\n\n - KVM: x86: Set so called 'reserved CR3 bits in LM mask' at vCPU reset (bsc#1183288).\n\n - libbpf: Clear map_info before each bpf_obj_get_info_by_fd (bsc#1155518).\n\n - libbpf: Fix BTF dump of pointer-to-array-of-struct (bsc#1155518).\n\n - libbpf: Fix INSTALL flag order (bsc#1155518).\n\n - libbpf: Use SOCK_CLOEXEC when opening the netlink socket (bsc#1155518).\n\n - lib/syscall: fix syscall registers retrieval on 32-bit platforms (git-fixes).\n\n - locking/mutex: Fix non debug version of mutex_lock_io_nested() (git-fixes).\n\n - loop-be-paranoid-on-exit-and-prevent-new-additions-r.pat ch: (bsc#1171295).\n\n - mac80211: choose first enabled channel for monitor (git-fixes).\n\n - mac80211: fix double free in ibss_leave (git-fixes).\n\n - mac80211: fix rate mask reset (git-fixes).\n\n - mac80211: fix TXQ AC confusion (git-fixes).\n\n - mdio: fix mdio-thunder.c dependency & build error (git-fixes).\n\n - media: cros-ec-cec: do not bail on device_init_wakeup failure (git-fixes).\n\n - media: cx23885: add more quirks for reset DMA on some AMD IOMMU (git-fixes).\n\n - media: mceusb: Fix potential out-of-bounds shift (git-fixes).\n\n - media: mceusb: sanity check for prescaler value (git-fixes).\n\n - media: rc: compile rc-cec.c into rc-core (git-fixes).\n\n - media: usbtv: Fix deadlock on suspend (git-fixes).\n\n - media: uvcvideo: Allow entities with no pads (git-fixes).\n\n - media: v4l2-ctrls.c: fix shift-out-of-bounds in std_validate (git-fixes).\n\n - media: v4l: vsp1: Fix bru NULL pointer access (git-fixes).\n\n - media: v4l: vsp1: Fix uif NULL pointer access (git-fixes).\n\n - media: vicodec: add missing v4l2_ctrl_request_hdl_put() (git-fixes).\n\n - misc: eeprom_93xx46: Add quirk to support Microchip 93LC46B eeprom (git-fixes).\n\n - misc: fastrpc: restrict user apps from sending kernel RPC messages (git-fixes).\n\n - misc/pvpanic: Export module FDT device table (git-fixes).\n\n - misc: rtsx: init of rts522a add OCP power off when no card is present (git-fixes).\n\n - mISDN: fix crash in fritzpci (git-fixes).\n\n - mmc: core: Fix partition switch time for eMMC (git-fixes).\n\n - mmc: cqhci: Fix random crash when remove mmc module/card (git-fixes).\n\n - mmc: mxs-mmc: Fix a resource leak in an error handling path in 'mxs_mmc_probe()' (git-fixes).\n\n - mmc: sdhci-esdhc-imx: fix kernel panic when remove module (git-fixes).\n\n - mmc: sdhci-of-dwcmshc: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes).\n\n - mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB page (git-fixes).\n\n - mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa (bsc#1168777).\n\n - mount: fix mounting of detached mounts onto targets that reside on shared mounts (git-fixes).\n\n - mt76: dma: do not report truncated frames to mac80211 (git-fixes).\n\n - mwifiex: pcie: skip cancel_work_sync() on reset failure path (git-fixes).\n\n - net: arc_emac: Fix memleak in arc_mdio_probe (git-fixes).\n\n - net: atheros: switch from 'pci_' to 'dma_' API (git-fixes).\n\n - net: b44: fix error return code in b44_init_one() (git-fixes).\n\n - net: bonding: fix error return code of bond_neigh_init() (bsc#1154353).\n\n - net: cdc-phonet: fix data-interface release on probe failure (git-fixes).\n\n - net: core: introduce __netdev_notify_peers (bsc#1183871 ltc#192139).\n\n - netdevsim: init u64 stats for 32bit hardware (git-fixes).\n\n - net: dsa: rtl8366: Fix VLAN semantics (git-fixes).\n\n - net: dsa: rtl8366: Fix VLAN set-up (git-fixes).\n\n - net: dsa: rtl8366rb: Support all 4096 VLANs (git-fixes).\n\n - net: enic: Cure the enic api locking trainwreck (git-fixes).\n\n - net: ethernet: aquantia: Fix wrong return value (git-fixes).\n\n - net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop (git-fixes).\n\n - net: ethernet: ibm: ibmvnic: Fix some kernel-doc misdemeanours (bsc#1183871 ltc#192139).\n\n - net: ethernet: ti: cpsw: fix clean up of vlan mc entries for host port (git-fixes).\n\n - net: ethernet: ti: cpsw: fix error return code in cpsw_probe() (git-fixes).\n\n - net: fec: Fix phy_device lookup for phy_reset_after_clk_enable() (git-fixes).\n\n - net: fec: Fix PHY init after phy_reset_after_clk_enable() (git-fixes).\n\n - net: fec: Fix reference count leak in fec series ops (git-fixes).\n\n - net: gemini: Fix another missing clk_disable_unprepare() in probe (git-fixes).\n\n - net: gemini: Fix missing free_netdev() in error path of gemini_ethernet_port_probe() (git-fixes).\n\n - net: gianfar: Add of_node_put() before goto statement (git-fixes).\n\n - net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device (git-fixes).\n\n - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup (git-fixes).\n\n - net: hns3: Remove the left over redundant check & assignment (bsc#1154353).\n\n - net: korina: cast KSEG0 address to pointer in kfree (git-fixes).\n\n - net: korina: fix kfree of rx/tx descriptor array (git-fixes).\n\n - net: lantiq: Wait for the GPHY firmware to be ready (git-fixes).\n\n - net/mlx5: Disable devlink reload for lag devices (jsc#SLE-8464).\n\n - net/mlx5: Disable devlink reload for multi port slave device (jsc#SLE-8464).\n\n - net/mlx5: Disallow RoCE on lag device (jsc#SLE-8464).\n\n - net/mlx5: Disallow RoCE on multi port slave device (jsc#SLE-8464).\n\n - net/mlx5e: E-switch, Fix rate calculation division (jsc#SLE-8464).\n\n - net/mlx5e: E-switch, Fix rate calculation for overflow (jsc#SLE-8464).\n\n - net/mlx5: Fix PPLM register mapping (jsc#SLE-8464).\n\n - net: mvneta: fix double free of txq->buf (git-fixes).\n\n - net: mvneta: make tx buffer array agnostic (git-fixes).\n\n - net: pasemi: fix error return code in pasemi_mac_open() (git-fixes).\n\n - net: phy: broadcom: Only advertise EEE for supported modes (git-fixes).\n\n - net: qcom/emac: add missed clk_disable_unprepare in error path of emac_clks_phase1_init (git-fixes).\n\n - net: qualcomm: rmnet: Fix incorrect receive packet handling during cleanup (git-fixes).\n\n - net: sched: disable TCQ_F_NOLOCK for pfifo_fast (bsc#1183405)\n\n - netsec: restore phy power state after controller reset (bsc#1183757).\n\n - net: spider_net: Fix the size used in a 'dma_free_coherent()' call (git-fixes).\n\n - net: stmmac: Fix incorrect location to set real_num_rx|tx_queues (git-fixes).\n\n - net: stmmac: removed enabling eee in EEE set callback (git-fixes).\n\n - net: stmmac: use netif_tx_start|stop_all_queues() function (git-fixes).\n\n - net: stmmac: Use rtnl_lock/unlock on netif_set_real_num_rx_queues() call (git-fixes).\n\n - net: usb: ax88179_178a: fix missing stop entry in driver_info (git-fixes).\n\n - net: usb: qmi_wwan: allow qmimux add/del with master up (git-fixes).\n\n - net: usb: qmi_wwan: support ZTE P685M modem (git-fixes).\n\n - net: wan/lmc: unregister device when no matching device is found (git-fixes).\n\n - nfp: flower: fix pre_tun mask id allocation (bsc#1154353).\n\n - nvme: allocate the keep alive request using BLK_MQ_REQ_NOWAIT (bsc#1182077).\n\n - nvme-fabrics: fix kato initialization (bsc#1182591).\n\n - nvme-fabrics: only reserve a single tag (bsc#1182077).\n\n - nvme-fc: fix racing controller reset and create association (bsc#1183048).\n\n - nvme-hwmon: Return error code when registration fails (bsc#1177326).\n\n - nvme: merge nvme_keep_alive into nvme_keep_alive_work (bsc#1182077).\n\n - nvme: return an error if nvme_set_queue_count() fails (bsc#1180197).\n\n - nvmet-rdma: Fix list_del corruption on queue establishment failure (bsc#1183501).\n\n - objtool: Fix '.cold' section suffix check for newer versions of GCC (bsc#1169514).\n\n - objtool: Fix error handling for STD/CLD warnings (bsc#1169514).\n\n - objtool: Fix retpoline detection in asm code (bsc#1169514).\n\n - ovl: fix dentry leak in ovl_get_redirect (bsc#1184176).\n\n - ovl: fix out of date comment and unreachable code (bsc#1184176).\n\n - ovl: fix regression with re-formatted lower squashfs (bsc#1184176).\n\n - ovl: fix unneeded call to ovl_change_flags() (bsc#1184176).\n\n - ovl: fix value of i_ino for lower hardlink corner case (bsc#1184176).\n\n - ovl: initialize error in ovl_copy_xattr (bsc#1184176).\n\n - ovl: relax WARN_ON() when decoding lower directory file handle (bsc#1184176).\n\n - PCI: Add a REBAR size quirk for Sapphire RX 5600 XT Pulse (git-fixes).\n\n - PCI: Add function 1 DMA alias quirk for Marvell 9215 SATA controller (git-fixes).\n\n - PCI: Align checking of syscall user config accessors (git-fixes).\n\n - PCI: Decline to resize resources if boot config must be preserved (git-fixes).\n\n - PCI: Fix pci_register_io_range() memory leak (git-fixes).\n\n - PCI: mediatek: Add missing of_node_put() to fix reference leak (git-fixes).\n\n - PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064 (git-fixes).\n\n - PCI: xgene-msi: Fix race in installing chained irq handler (git-fixes).\n\n - pinctrl: rockchip: fix restore error in resume (git-fixes).\n\n - Platform: OLPC: Fix probe error handling (git-fixes).\n\n - platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for the Aspire Switch 10E SW3-016 (git-fixes).\n\n - platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE capability flag (git-fixes).\n\n - platform/x86: acer-wmi: Add new force_caps module parameter (git-fixes).\n\n - platform/x86: acer-wmi: Add support for SW_TABLET_MODE on Switch devices (git-fixes).\n\n - platform/x86: acer-wmi: Cleanup accelerometer device handling (git-fixes).\n\n - platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines (git-fixes).\n\n - platform/x86: intel-hid: Support Lenovo ThinkPad X1 Tablet Gen 2 (git-fixes).\n\n - platform/x86: intel-vbtn: Stop reporting SW_DOCK events (git-fixes).\n\n - platform/x86: thinkpad_acpi: Allow the FnLock LED to change state (git-fixes).\n\n - PM: EM: postpone creating the debugfs dir till fs_initcall (git-fixes).\n\n - PM: runtime: Add pm_runtime_resume_and_get to deal with usage counter (bsc#1183366).\n\n - PM: runtime: Fix ordering in pm_runtime_get_suppliers() (git-fixes).\n\n - PM: runtime: Fix race getting/putting suppliers at probe (git-fixes).\n\n - post.sh: Return an error when module update fails (bsc#1047233 bsc#1184388).\n\n - powerpc/64s: Fix instruction encoding for lis in ppc_function_entry() (bsc#1065729).\n\n - powerpc/book3s64/radix: Remove WARN_ON in destroy_context() (bsc#1183692 ltc#191963).\n\n - powerpc/pmem: Include pmem prototypes (bsc#1113295 git-fixes).\n\n - powerpc/pseries/mobility: handle premature return from H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922).\n\n - powerpc/pseries/mobility: use struct for shared state (bsc#1181674 ltc#189159 git-fixes bsc#1183662 ltc#191922).\n\n - powerpc/pseries/ras: Remove unused variable 'status' (bsc#1065729).\n\n - powerpc/sstep: Check instruction validity against ISA version before emulation (bsc#1156395).\n\n - powerpc/sstep: Fix darn emulation (bsc#1156395).\n\n - powerpc/sstep: Fix incorrect return from analyze_instr() (bsc#1156395).\n\n - powerpc/sstep: Fix load-store and update emulation (bsc#1156395).\n\n - printk: fix deadlock when kernel panic (bsc#1183018).\n\n - proc: fix lookup in /proc/net subdirectories after setns(2) (git-fixes).\n\n - pwm: rockchip: rockchip_pwm_probe(): Remove superfluous clk_unprepare() (git-fixes).\n\n - qlcnic: fix error return code in qlcnic_83xx_restart_hw() (git-fixes).\n\n - qxl: Fix uninitialised struct field head.surface_id (git-fixes).\n\n - random: fix the RNDRESEEDCRNG ioctl (git-fixes).\n\n - RAS/CEC: Correct ce_add_elem()'s returned values (bsc#1152489).\n\n - RDMA/hns: Disable RQ inline by default (jsc#SLE-8449).\n\n - RDMA/hns: Fix type of sq_signal_bits (jsc#SLE-8449).\n\n - RDMA/srp: Fix support for unpopulated and unbalanced NUMA nodes (bsc#1169709)\n\n - regulator: bd9571mwv: Fix AVS and DVFS voltage range (git-fixes).\n\n - Revert 'net: bonding: fix error return code of bond_neigh_init()' (bsc#1154353).\n\n - rpadlpar: fix potential drc_name corruption in store functions (bsc#1183416 ltc#191079).\n\n - rpm/check-for-config-changes: add -mrecord-mcount ignore Added by 3b15cdc15956 (tracing: move function tracer options to Kconfig) upstream.\n\n - rpm/check-for-config-changes: Also ignore AS_VERSION added in 5.12.\n\n - rpm/check-for-config-changes: comment on the list To explain what it actually is.\n\n - rpm/check-for-config-changes: declare sed args as an array So that we can reuse it in both seds. This also introduces IGNORED_CONFIGS_RE array which can be easily extended.\n\n - rpm/check-for-config-changes: define ignores more strictly * search for whole words, so make wildcards explicit * use ' for quoting * prepend CONFIG_ dynamically, so it need not be in the list\n\n - rpm/check-for-config-changes: sort the ignores They are growing so to make them searchable by humans.\n\n - rpm/kernel-binary.spec.in: Fix dependency of kernel-*-devel package (bsc#1184514) The devel package requires the kernel binary package itself for building modules externally.\n\n - rsi: Fix TX EAPOL packet handling against iwlwifi AP (git-fixes).\n\n - rsi: Move card interrupt handling to RX thread (git-fixes).\n\n - rsxx: Return -EFAULT if copy_to_user() fails (git-fixes).\n\n - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes).\n\n - s390/cio: return -EFAULT if copy_to_user() fails (git-fixes).\n\n - s390/crypto: return -EFAULT if copy_to_user() fails (git-fixes).\n\n - s390/dasd: fix hanging IO request during DASD driver unbind (git-fixes).\n\n - s390/qeth: fix memory leak after failed TX Buffer allocation (git-fixes).\n\n - s390/qeth: fix notification for pending buffers during teardown (git-fixes).\n\n - s390/qeth: improve completion of pending TX buffers (git-fixes).\n\n - s390/qeth: schedule TX NAPI on QAOB completion (git-fixes).\n\n - s390/vtime: fix increased steal time accounting (bsc#1183859).\n\n - samples, bpf: Add missing munmap in xdpsock (bsc#1155518).\n\n - scsi: ibmvfc: Fix invalid state machine BUG_ON() (bsc#1184647 ltc#191231).\n\n - scsi: lpfc: Change wording of invalid pci reset log message (bsc#1182574).\n\n - scsi: lpfc: Correct function header comments related to ndlp reference counting (bsc#1182574).\n\n - scsi: lpfc: Fix ADISC handling that never frees nodes (bsc#1182574).\n\n - scsi: lpfc: Fix crash caused by switch reboot (bsc#1182574).\n\n - scsi: lpfc: Fix dropped FLOGI during pt2pt discovery recovery (bsc#1182574).\n\n - scsi: lpfc: Fix FLOGI failure due to accessing a freed node (bsc#1182574).\n\n - scsi: lpfc: Fix incorrect dbde assignment when building target abts wqe (bsc#1182574).\n\n - scsi: lpfc: Fix lpfc_els_retry() possible NULL pointer dereference (bsc#1182574).\n\n - scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574).\n\n - scsi: lpfc: Fix NULL pointer dereference in lpfc_prep_els_iocb() (bsc#1182574).\n\n - scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN (bsc#1182574).\n\n - scsi: lpfc: Fix pt2pt connection does not recover after LOGO (bsc#1182574).\n\n - scsi: lpfc: Fix pt2pt state transition causing rmmod hang (bsc#1182574).\n\n - scsi: lpfc: Fix reftag generation sizing errors (bsc#1182574).\n\n - scsi: lpfc: Fix stale node accesses on stale RRQ request (bsc#1182574).\n\n - scsi: lpfc: Fix status returned in lpfc_els_retry() error exit path (bsc#1182574).\n\n - scsi: lpfc: Fix unnecessary null check in lpfc_release_scsi_buf (bsc#1182574).\n\n - scsi: lpfc: Fix use after free in lpfc_els_free_iocb (bsc#1182574).\n\n - scsi: lpfc: Fix vport indices in lpfc_find_vport_by_vpid() (bsc#1182574).\n\n - scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports (bsc#1182574).\n\n - scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8 changes (bsc#1182574).\n\n - scsi: lpfc: Update lpfc version to 12.8.0.8 (bsc#1182574).\n\n - scsi: target: pscsi: Avoid OOM in pscsi_map_sg() (bsc#1183843).\n\n - scsi: target: pscsi: Clean up after failure in pscsi_map_sg() (bsc#1183843).\n\n - selftests/bpf: Mask bpf_csum_diff() return value to 16 bits in test_verifier (bsc#1155518).\n\n - selftests/bpf: No need to drop the packet when there is no geneve opt (bsc#1155518).\n\n - selftests/bpf: Set gopt opt_class to 0 if get tunnel opt failed (bsc#1155518).\n\n - selinux: fix error initialization in inode_doinit_with_dentry() (git-fixes).\n\n - selinux: Fix error return code in sel_ib_pkey_sid_slow() (git-fixes).\n\n - selinux: fix inode_doinit_with_dentry() LABEL_INVALID error handling (git-fixes).\n\n - smb3: add dynamic trace point to trace when credits obtained (bsc#1181507).\n\n - smb3: fix crediting for compounding when only one request in flight (bsc#1181507).\n\n - smb3: Fix out-of-bounds bug in SMB2_negotiate() (bsc#1183540).\n\n - soc/fsl: qbman: fix conflicting alignment attributes (git-fixes).\n\n - software node: Fix node registration (git-fixes).\n\n - spi: stm32: make spurious and overrun interrupts visible (git-fixes).\n\n - squashfs: fix inode lookup sanity checks (bsc#1183750).\n\n - squashfs: fix xattr id and id lookup sanity checks (bsc#1183750).\n\n - stop_machine: mark helpers __always_inline (git-fixes).\n\n - thermal/core: Add NULL pointer check before using cooling device stats (git-fixes).\n\n - udlfb: Fix memory leak in dlfb_usb_probe (git-fixes).\n\n - Update bug reference for USB-audio fixes (bsc#1182552 bsc#1183598)\n\n - USB: cdc-acm: downgrade message to debug (git-fixes).\n\n - USB: cdc-acm: fix double free on probe failure (git-fixes).\n\n - USB: cdc-acm: fix use-after-free after probe failure (git-fixes).\n\n - USB: cdc-acm: untangle a circular dependency between callback and softint (git-fixes).\n\n - USB: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960 board (git-fixes).\n\n - USB: dwc2: Prevent core suspend when port connection flag is 0 (git-fixes).\n\n - USB: dwc3: gadget: Fix dep->interval for fullspeed interrupt (git-fixes).\n\n - USB: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1 (git-fixes).\n\n - USB: dwc3: qcom: Add missing DWC3 OF node refcount decrement (git-fixes).\n\n - USB: dwc3: qcom: Honor wakeup enabled/disabled state (git-fixes).\n\n - USB: gadget: configfs: Fix KASAN use-after-free (git-fixes).\n\n - USB: gadget: f_uac1: stop playback on function disable (git-fixes).\n\n - USB: gadget: f_uac2: always increase endpoint max_packet_size by one audio slot (git-fixes).\n\n - USB: gadget: udc: amd5536udc_pci fix null-ptr-dereference (git-fixes).\n\n - USB: gadget: u_ether: Fix a configfs return code (git-fixes).\n\n - USBip: Fix incorrect double assignment to udc->ud.tcp_rx (git-fixes).\n\n - USBip: fix stub_dev to check for stream socket (git-fixes).\n\n - USBip: fix stub_dev usbip_sockfd_store() races leading to gpf (git-fixes).\n\n - USBip: fix vhci_hcd attach_store() races leading to gpf (git-fixes).\n\n - USBip: fix vhci_hcd to check for stream socket (git-fixes).\n\n - USBip: fix vudc to check for stream socket (git-fixes).\n\n - USBip: fix vudc usbip_sockfd_store races leading to gpf (git-fixes).\n\n - USBip: tools: fix build error for multiple definition (git-fixes).\n\n - USBip: vhci_hcd fix shift out-of-bounds in vhci_hub_control() (git-fixes).\n\n - USB: musb: Fix suspend with devices connected for a64 (git-fixes).\n\n - USB: quirks: ignore remote wake-up on Fibocom L850-GL LTE modem (git-fixes).\n\n - USB: renesas_usbhs: Clear PIPECFG for re-enabling pipe with other EPNUM (git-fixes).\n\n - USB: replace hardcode maximum usb string length by definition (git-fixes).\n\n - USB: serial: ch341: add new Product ID (git-fixes).\n\n - USB: serial: cp210x: add ID for Acuity Brands nLight Air Adapter (git-fixes).\n\n - USB: serial: cp210x: add some more GE USB IDs (git-fixes).\n\n - USB: serial: ftdi_sio: fix FTX sub-integer prescaler (git-fixes).\n\n - USB: serial: io_edgeport: fix memory leak in edge_startup (git-fixes).\n\n - USB-storage: Add quirk to defeat Kindle's automatic unload (git-fixes).\n\n - USB: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy- (git-fixes).\n\n - USB: usblp: fix a hang in poll() if disconnected (git-fixes).\n\n - USB: xhci: do not perform Soft Retry for some xHCI hosts (git-fixes).\n\n - USB: xhci: Fix ASMedia ASM1042A and ASM3242 DMA addressing (git-fixes).\n\n - USB: xhci-mtk: fix broken streams issue on 0.96 xHCI (git-fixes).\n\n - use __netdev_notify_peers in ibmvnic (bsc#1183871 ltc#192139).\n\n - video: fbdev: acornfb: remove free_unused_pages() (bsc#1152489)\n\n - video: hyperv_fb: Fix a double free in hvfb_probe (git-fixes).\n\n - VMCI: Use set_page_dirty_lock() when unregistering guest memory (git-fixes).\n\n - vt/consolemap: do font sum unsigned (git-fixes).\n\n - watchdog: mei_wdt: request stop on unregister (git-fixes).\n\n - wireguard: device: do not generate ICMP for non-IP packets (git-fixes).\n\n - wireguard: kconfig: use arm chacha even with no neon (git-fixes).\n\n - wireguard: selftests: test multiple parallel streams (git-fixes).\n\n - wlcore: Fix command execute failure 19 for wl12xx (git-fixes).\n\n - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task (bsc#1152489).\n\n - x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall() (bsc#1152489).\n\n - x86/ioapic: Ignore IRQ2 again (bsc#1152489).\n\n - x86/mem_encrypt: Correct physical address calculation in\n __set_clr_pte_enc() (bsc#1152489).\n\n - xen/events: avoid handling the same event on two cpus at the same time (git-fixes).\n\n - xen/events: do not unmask an event channel when an eoi is pending (git-fixes).\n\n - xen/events: fix setting irq affinity (bsc#1184583).\n\n - xen/events: reset affinity of 2-level event when tearing it down (git-fixes).\n\n - xen/gnttab: handle p2m update errors on a per-slot basis (bsc#1183022 XSA-367).\n\n - xen-netback: respect gnttab_map_refs()'s return value (bsc#1183022 XSA-367).\n\n - xfs: group quota should return EDQUOT when prj quota enabled (bsc#1180980).\n\n - xhci: Fix repeated xhci wake after suspend due to uncleared internal wake state (git-fixes).\n\n - xhci: Improve detection of device initiated wake signal (git-fixes).\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.", "cvss3": {}, "published": "2021-05-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2021-758)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18814", "CVE-2019-19769", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-25673", "CVE-2020-27170", "CVE-2020-27171", "CVE-2020-27815", "CVE-2020-35519", "CVE-2020-36310", "CVE-2020-36311", "CVE-2020-36312", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-28038", "CVE-2021-28375", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972", "CVE-2021-29154", "CVE-2021-29264", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-30002", "CVE-2021-3428", "CVE-2021-3444", "CVE-2021-3483"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:cluster-md-kmp-rt", "p-cpe:/a:novell:opensuse:cluster-md-kmp-rt-debuginfo", "p-cpe:/a:novell:opensuse:cluster-md-kmp-rt_debug", "p-cpe:/a:novell:opensuse:cluster-md-kmp-rt_debug-debuginfo", "p-cpe:/a:novell:opensuse:dlm-kmp-rt", "p-cpe:/a:novell:opensuse:dlm-kmp-rt-debuginfo", "p-cpe:/a:novell:opensuse:dlm-kmp-rt_debug", "p-cpe:/a:novell:opensuse:dlm-kmp-rt_debug-debuginfo", "p-cpe:/a:novell:opensuse:gfs2-kmp-rt", "p-cpe:/a:novell:opensuse:gfs2-kmp-rt-debuginfo", "p-cpe:/a:novell:opensuse:gfs2-kmp-rt_debug", "p-cpe:/a:novell:opensuse:gfs2-kmp-rt_debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel-rt", "p-cpe:/a:novell:opensuse:kernel-rt", "p-cpe:/a:novell:opensuse:kernel-rt-debuginfo", "p-cpe:/a:novell:opensuse:kernel-rt-debugsource", "p-cpe:/a:novell:opensuse:kernel-rt-devel", "p-cpe:/a:novell:opensuse:kernel-rt-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-rt-extra", "p-cpe:/a:novell:opensuse:kernel-rt-extra-debuginfo", "p-cpe:/a:novell:opensuse:kernel-rt_debug", "p-cpe:/a:novell:opensuse:kernel-rt_debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-rt_debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-rt_debug-devel", "p-cpe:/a:novell:opensuse:kernel-rt_debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-rt_debug-extra", "p-cpe:/a:novell:opensuse:kernel-rt_debug-extra-debuginfo", "p-cpe:/a:novell:opensuse:kernel-source-rt", "p-cpe:/a:novell:opensuse:kernel-syms-rt", "p-cpe:/a:novell:opensuse:kselftests-kmp-rt", "p-cpe:/a:novell:opensuse:kselftests-kmp-rt-debuginfo", "p-cpe:/a:novell:opensuse:kselftests-kmp-rt_debug", "p-cpe:/a:novell:opensuse:kselftests-kmp-rt_debug-debuginfo", "p-cpe:/a:novell:opensuse:ocfs2-kmp-rt", "p-cpe:/a:novell:opensuse:ocfs2-kmp-rt-debuginfo", "p-cpe:/a:novell:opensuse:ocfs2-kmp-rt_debug", "p-cpe:/a:novell:opensuse:ocfs2-kmp-rt_debug-debuginfo", "p-cpe:/a:novell:opensuse:reiserfs-kmp-rt", "p-cpe:/a:novell:opensuse:reiserfs-kmp-rt-debuginfo", "p-cpe:/a:novell:opensuse:reiserfs-kmp-rt_debug", "p-cpe:/a:novell:opensuse:reiserfs-kmp-rt_debug-debuginfo", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-758.NASL", "href": "https://www.tenable.com/plugins/nessus/149892", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-758.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149892);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2019-18814\",\n \"CVE-2019-19769\",\n \"CVE-2020-25670\",\n \"CVE-2020-25671\",\n \"CVE-2020-25672\",\n \"CVE-2020-25673\",\n \"CVE-2020-27170\",\n \"CVE-2020-27171\",\n \"CVE-2020-27815\",\n \"CVE-2020-35519\",\n \"CVE-2020-36310\",\n \"CVE-2020-36311\",\n \"CVE-2020-36312\",\n \"CVE-2021-3428\",\n \"CVE-2021-3444\",\n \"CVE-2021-3483\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\",\n \"CVE-2021-28038\",\n \"CVE-2021-28375\",\n \"CVE-2021-28660\",\n \"CVE-2021-28688\",\n \"CVE-2021-28950\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-28972\",\n \"CVE-2021-29154\",\n \"CVE-2021-29264\",\n \"CVE-2021-29265\",\n \"CVE-2021-29647\",\n \"CVE-2021-30002\"\n );\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2021-758)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP2 kernel RT was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2021-3444: Fixed an issue with the bpf verifier\n which did not properly handle mod32 destination register\n truncation when the source register was known to be 0\n leading to out of bounds read (bsc#1184170).\n\n - CVE-2021-3428: Fixed an integer overflow in\n ext4_es_cache_extent (bsc#1173485).\n\n - CVE-2021-29647: Fixed an issue in qrtr_recvmsg which\n could have allowed attackers to obtain sensitive\n information from kernel memory because of a partially\n uninitialized data structure (bsc#1184192 ).\n\n - CVE-2021-29265: Fixed an issue in usbip_sockfd_store\n which could have allowed attackers to cause a denial of\n service due to race conditions during an update of the\n local and shared status (bsc#1184167).\n\n - CVE-2021-29264: Fixed an issue in the Freescale Gianfar\n Ethernet driver which could have allowed attackers to\n cause a system crash due to a calculation of negative\n fragment size (bsc#1184168).\n\n - CVE-2021-28972: Fixed a user-tolerable buffer overflow\n when writing a new device name to the driver from\n userspace, allowing userspace to write data to the\n kernel stack frame directly (bsc#1184198).\n\n - CVE-2021-28971: Fixed an issue in\n intel_pmu_drain_pebs_nhm which could have caused a\n system crash because the PEBS status in a PEBS record\n was mishandled (bsc#1184196 ).\n\n - CVE-2021-28964: Fixed a race condition in get_old_root\n which could have allowed attackers to cause a denial of\n service (bsc#1184193).\n\n - CVE-2021-28688: Fixed an issue introduced by XSA-365\n (bsc#1183646).\n\n - CVE-2021-28660: Fixed an out of bounds write in\n rtw_wx_set_scan (bsc#1183593 ).\n\n - CVE-2021-28375: Fixed an issue in\n fastrpc_internal_invoke which did not prevent user\n applications from sending kernel RPC messages\n (bsc#1183596).\n\n - CVE-2021-28038: Fixed an issue with the netback driver\n which was lacking necessary treatment of errors such as\n failed memory allocations (bsc#1183022).\n\n - CVE-2021-27365: Fixed an issue where an unprivileged\n user can send a Netlink message that is associated with\n iSCSI, and has a length up to the maximum length of a\n Netlink message (bsc#1182715).\n\n - CVE-2021-27364: Fixed an issue where an attacker could\n craft Netlink messages (bsc#1182717).\n\n - CVE-2021-27363: Fixed a kernel pointer leak which could\n have been used to determine the address of the\n iscsi_transport structure (bsc#1182716).\n\n - CVE-2020-35519: Fixed an out-of-bounds memory access was\n found in x25_bind (bsc#1183696).\n\n - CVE-2020-27815: Fixed an issue in JFS filesystem where\n could have allowed an attacker to execute code\n (bsc#1179454).\n\n - CVE-2020-27171: Fixed an off-by-one error affecting\n out-of-bounds speculation on pointer arithmetic, leading\n to side-channel attacks that defeat Spectre mitigations\n and obtain sensitive information from kernel memory\n (bsc#1183775).\n\n - CVE-2020-27170: Fixed potential side-channel attacks\n that defeat Spectre mitigations and obtain sensitive\n information from kernel memory (bsc#1183686).\n\n - CVE-2019-19769: Fixed a use-after-free in the\n perf_trace_lock_acquire function (bsc#1159280 ).\n\n - CVE-2019-18814: Fixed a use-after-free when\n aa_label_parse() fails in aa_audit_rule_init()\n (bsc#1156256).\n\n - CVE-2020-25670, CVE-2020-25671, CVE-2020-25672,\n CVE-2020-25673: Fixed multiple bugs in NFC subsytem\n (bsc#1178181).\n\n - CVE-2020-36311: Fixed a denial of service (soft lockup)\n by triggering destruction of a large SEV VM\n (bsc#1184511).\n\n - CVE-2021-29154: Fixed incorrect computation of branch\n displacements, allowing arbitrary code execution\n (bsc#1184391).\n\n - CVE-2021-30002: Fixed a memory leak for large arguments\n in video_usercopy (bsc#1184120).\n\n - CVE-2021-3483: Fixed a use-after-free in nosy.c\n (bsc#1184393).\n\n - CVE-2020-36310: Fixed infinite loop for certain nested\n page faults (bsc#1184512).\n\n - CVE-2020-36312: Fixed a memory leak upon a kmalloc\n failure (bsc#1184509 ).\n\n - CVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h due\n to a retry loop continually was finding the same bad\n inode (bsc#1184194).\n\nThe following non-security bugs were fixed :\n\n -\n 0007-block-add-docs-for-gendisk-request_queue-refcount-h\n e.patch: (bsc#1171295, git fixes (block drivers)).\n\n -\n 0008-block-revert-back-to-synchronous-request_queue-remo\n v.patch: (bsc#1171295, git fixes (block drivers)).\n\n - 0009-blktrace-fix-debugfs-use-after-free.patch:\n (bsc#1171295, git fixes (block drivers)). \n\n - ACPI: bus: Constify is_acpi_node() and friends (part 2)\n (git-fixes).\n\n - ACPICA: Always create namespace nodes using\n acpi_ns_create_node() (git-fixes).\n\n - ACPICA: Enable sleep button on ACPI legacy wake\n (bsc#1181383).\n\n - ACPICA: Fix race in generic_serial_bus (I2C) and GPIO\n op_region parameter handling (git-fixes).\n\n - ACPI: scan: Rearrange memory allocation in\n acpi_device_add() (git-fixes).\n\n - ACPI: video: Add DMI quirk for GIGABYTE GB-BXBT-2807\n (git-fixes).\n\n - ACPI: video: Add missing callback back for Sony\n VPCEH3U1E (git-fixes).\n\n - ALSA: aloop: Fix initialization of controls (git-fixes).\n\n - ALSA: ctxfi: cthw20k2: fix mask on conf to allow 4 bits\n (git-fixes).\n\n - ALSA: hda: Avoid spurious unsol event handling during\n S3/S4 (git-fixes).\n\n - ALSA: hda: Drop the BATCH workaround for AMD controllers\n (git-fixes).\n\n - ALSA: hda: generic: Fix the micmute led init state\n (git-fixes).\n\n - ALSA: hda/hdmi: Cancel pending works before suspend\n (git-fixes).\n\n - ALSA: hda/realtek: Add quirk for Clevo NH55RZQ\n (git-fixes).\n\n - ALSA: hda/realtek: Add quirk for Intel NUC 10\n (git-fixes).\n\n - ALSA: hda/realtek: Apply dual codec quirks for MSI\n Godlike X570 board (git-fixes).\n\n - ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi\n Redmibook Air (git-fixes).\n\n - ALSA: hda/realtek: apply pin quirk for XiaomiNotebook\n Pro (git-fixes).\n\n - ALSA: hda/realtek: Enable headset mic of Acer SWIFT with\n ALC256 (git-fixes).\n\n - ALSA: hda/realtek: fix a determine_headset_type issue\n for a Dell AIO (git-fixes).\n\n - ALSA: hda/realtek: Fix speaker amp setup on Acer Aspire\n E1 (git-fixes).\n\n - ALSA: usb: Add Plantronics C320-M USB ctrl msg delay\n quirk (bsc#1182552).\n\n - ALSA: usb-audio: Allow modifying parameters with\n succeeding hw_params calls (bsc#1182552).\n\n - ALSA: usb-audio: Apply sample rate quirk to Logitech\n Connect (git-fixes).\n\n - ALSA: usb-audio: Apply the control quirk to Plantronics\n headsets (bsc#1182552).\n\n - ALSA: usb-audio: Disable USB autosuspend properly in\n setup_disable_autosuspend() (bsc#1182552).\n\n - ALSA: usb-audio: Do not abort even if the clock rate\n differs (bsc#1182552).\n\n - ALSA: usb-audio: Drop bogus dB range in too low level\n (bsc#1182552).\n\n - ALSA: usb-audio: Fix 'cannot get freq eq' errors on Dell\n AE515 sound bar (bsc#1182552).\n\n - ALSA: usb-audio: fix NULL ptr dereference in\n usb_audio_probe (bsc#1182552).\n\n - ALSA: usb-audio: Fix 'RANGE setting not yet supported'\n errors (git-fixes).\n\n - ALSA: usb-audio: fix use after free in\n usb_audio_disconnect (bsc#1182552).\n\n - ALSA: usb-audio: Skip the clock selector inquiry for\n single connections (git-fixes).\n\n - ALSA: usb: Use DIV_ROUND_UP() instead of open-coding it\n (git-fixes).\n\n - amd/amdgpu: Disable VCN DPG mode for Picasso\n (git-fixes).\n\n - apparmor: check/put label on\n apparmor_sk_clone_security() (git-fixes).\n\n - appletalk: Fix skb allocation size in loopback case\n (git-fixes).\n\n - arm64: make STACKPROTECTOR_PER_TASK configurable\n (bsc#1181862).\n\n - ASoC: ak4458: Add MODULE_DEVICE_TABLE (git-fixes).\n\n - ASoC: ak5558: Add MODULE_DEVICE_TABLE (git-fixes).\n\n - ASoC: cs42l42: Always wait at least 3ms after reset\n (git-fixes).\n\n - ASoC: cs42l42: Do not enable/disable regulator at Bias\n Level (git-fixes).\n\n - ASoC: cs42l42: Fix Bitclock polarity inversion\n (git-fixes).\n\n - ASoC: cs42l42: Fix channel width support (git-fixes).\n\n - ASoC: cs42l42: Fix mixer volume control (git-fixes).\n\n - ASoC: cygnus: fix for_each_child.cocci warnings\n (git-fixes).\n\n - ASoC: es8316: Simplify adc_pga_gain_tlv table\n (git-fixes).\n\n - ASoC: fsl_esai: Fix TDM slot setup for I2S mode\n (git-fixes).\n\n - ASoC: fsl_ssi: Fix TDM slot setup for I2S mode\n (git-fixes).\n\n - ASoC: Intel: Add DMI quirk table to\n soc_intel_is_byt_cr() (git-fixes).\n\n - ASoC: intel: atom: Remove 44100 sample-rate from the\n media and deep-buffer DAI descriptions (git-fixes).\n\n - ASoC: intel: atom: Stop advertising non working S24LE\n support (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for ARCHOS Cesium\n 140 (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for the Acer One\n S1002 tablet (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for the Estar\n Beauty HD MID 7316R tablet (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Add quirk for the Voyo Winpad\n A15 tablet (git-fixes).\n\n - ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX\n OVCD current threshold (git-fixes).\n\n - ASoC: Intel: bytcr_rt5651: Add quirk for the Jumper\n EZpad 7 tablet (git-fixes).\n\n - ASoC: max98373: Added 30ms turn on/off time delay\n (git-fixes).\n\n - ASoC: rt5640: Fix dac- and adc- vol-tlv values being off\n by a factor of 10 (git-fixes).\n\n - ASoC: rt5651: Fix dac- and adc- vol-tlv values being off\n by a factor of 10 (git-fixes).\n\n - ASoC: rt5670: Add emulated 'DAC1 Playback Switch'\n control (git-fixes).\n\n - ASoC: rt5670: Remove ADC vol-ctrl mute bits poking from\n Sto1 ADC mixer settings (git-fixes).\n\n - ASoC: rt5670: Remove 'HP Playback Switch' control\n (git-fixes).\n\n - ASoC: rt5670: Remove 'OUT Channel Switch' control\n (git-fixes).\n\n - ASoC: sgtl5000: set DAP_AVC_CTRL register to correct\n default value on probe (git-fixes).\n\n - ASoC: simple-card-utils: Do not handle device clock\n (git-fixes).\n\n - ASoC: sunxi: sun4i-codec: fill ASoC card owner\n (git-fixes).\n\n - ASoC: wm8960: Fix wrong bclk and lrclk with pll enabled\n for some chips (git-fixes).\n\n - ath10k: fix wmi mgmt tx queue full due to race condition\n (git-fixes).\n\n - ath10k: hold RCU lock when calling\n ieee80211_find_sta_by_ifaddr() (git-fixes).\n\n - ath9k: fix transmitting to stations in dynamic SMPS mode\n (git-fixes).\n\n - atl1c: fix error return code in atl1c_probe()\n (git-fixes).\n\n - atl1e: fix error return code in atl1e_probe()\n (git-fixes).\n\n - batman-adv: initialize 'struct\n batadv_tvlv_tt_vlan_data'->reserved field (git-fixes).\n\n - binfmt_misc: fix possible deadlock in bm_register_write\n (git-fixes).\n\n - binfmt_misc: fix possible deadlock in bm_register_write\n (git-fixes).\n\n -\n blktrace-annotate-required-lock-on-do_blk_trace_setu.pat\n ch: (bsc#1171295).\n\n -\n blktrace-Avoid-sparse-warnings-when-assigning-q-blk_.pat\n ch: (bsc#1171295).\n\n -\n blktrace-break-out-of-blktrace-setup-on-concurrent-c.pat\n ch: (bsc#1171295).\n\n -\n block-clarify-context-for-refcount-increment-helpers.pat\n ch: (bsc#1171295).\n\n - block: rsxx: fix error return code of rsxx_pci_probe()\n (git-fixes).\n\n - Bluetooth: Fix NULL pointer dereference in\n amp_read_loc_assoc_final_data (git-fixes).\n\n - Bluetooth: hci_h5: Set HCI_QUIRK_SIMULTANEOUS_DISCOVERY\n for btrtl (git-fixes).\n\n - bnxt_en: reliably allocate IRQ table on reset to avoid\n crash (jsc#SLE-8371 bsc#1153274).\n\n - bpf: Add sanity check for upper ptr_limit (bsc#1183686\n bsc#1183775).\n\n - bpf: Avoid warning when re-casting __bpf_call_base into\n __bpf_call_base_args (bsc#1155518).\n\n - bpf: Declare __bpf_free_used_maps() unconditionally\n (bsc#1155518).\n\n - bpf: Do not do bpf_cgroup_storage_set() for kuprobe/tp\n programs (bsc#1155518).\n\n - bpf: Fix 32 bit src register truncation on div/mod\n (bsc#1184170).\n\n - bpf_lru_list: Read double-checked variable once without\n lock (bsc#1155518).\n\n - bpf: Remove MTU check in __bpf_skb_max_len\n (bsc#1155518).\n\n - bpf: Simplify alu_limit masking for pointer arithmetic\n (bsc#1183686 bsc#1183775).\n\n - bpf,x64: Pad NOPs to make images converge more easily\n (bsc#1178163).\n\n - brcmfmac: Add DMI nvram filename quirk for Predia Basic\n tablet (git-fixes).\n\n - brcmfmac: Add DMI nvram filename quirk for Voyo winpad\n A15 tablet (git-fixes).\n\n - brcmfmac: clear EAP/association status bits on linkdown\n events (git-fixes).\n\n - btrfs: abort the transaction if we fail to inc ref in\n btrfs_copy_root (bsc#1184217).\n\n - btrfs: always pin deleted leaves when there are active\n tree mod log users (bsc#1184224).\n\n - btrfs: fix exhaustion of the system chunk array due to\n concurrent allocations (bsc#1183386).\n\n - btrfs: fix extent buffer leak on failure to copy root\n (bsc#1184218).\n\n - btrfs: fix race when cloning extent buffer during rewind\n of an old root (bsc#1184193).\n\n - btrfs: fix stale data exposure after cloning a hole with\n NO_HOLES enabled (bsc#1184220).\n\n - btrfs: fix subvolume/snapshot deletion not triggered on\n mount (bsc#1184219).\n\n - bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD\n (git-fixes).\n\n - bus: ti-sysc: Fix warning on unbind if reset is not\n deasserted (git-fixes).\n\n - can: c_can: move runtime PM enable/disable to\n c_can_platform (git-fixes).\n\n - can: c_can_pci: c_can_pci_remove(): fix use-after-free\n (git-fixes).\n\n - can: flexcan: assert FRZ bit in flexcan_chip_freeze()\n (git-fixes).\n\n - can: flexcan: enable RX FIFO after FRZ/HALT valid\n (git-fixes).\n\n - can: flexcan: flexcan_chip_freeze(): fix chip freeze for\n missing bitrate (git-fixes).\n\n - can: flexcan: invoke flexcan_chip_freeze() to enter\n freeze mode (git-fixes).\n\n - can: m_can: m_can_do_rx_poll(): fix extraneous msg loss\n warning (git-fixes).\n\n - can: peak_usb: add forgotten supported devices\n (git-fixes).\n\n - can: peak_usb: Revert 'can: peak_usb: add forgotten\n supported devices' (git-fixes).\n\n - can: skb: can_skb_set_owner(): fix ref counting if\n socket was closed before setting skb ownership\n (git-fixes).\n\n - cdc-acm: fix BREAK rx code path adding necessary calls\n (git-fixes).\n\n - certs: Fix blacklist flag type confusion (git-fixes).\n\n - cifs: change noisy error message to FYI (bsc#1181507).\n\n - cifs: check pointer before freeing (bsc#1183534).\n\n - cifs_debug: use %pd instead of messing with ->d_name\n (bsc#1181507).\n\n - cifs: do not send close in compound create+close\n requests (bsc#1181507).\n\n - cifs: New optype for session operations (bsc#1181507).\n\n - cifs: print MIDs in decimal notation (bsc#1181507).\n\n - cifs: return proper error code in statfs(2)\n (bsc#1181507).\n\n - cifs: Tracepoints and logs for tracing credit changes\n (bsc#1181507).\n\n - clk: fix invalid usage of list cursor in register\n (git-fixes).\n\n - clk: fix invalid usage of list cursor in unregister\n (git-fixes).\n\n - clk: socfpga: fix iomem pointer cast on 64-bit\n (git-fixes).\n\n - completion: Drop init_completion define (git-fixes).\n\n - configfs: fix a use-after-free in __configfs_open_file\n (git-fixes).\n\n - config: net: freescale: change xgmac-mdio to built-in\n References: bsc#1183015,bsc#1182595\n\n - crypto: aesni - prevent misaligned buffers on the stack\n (git-fixes).\n\n - crypto: arm64/sha - add missing module aliases\n (git-fixes).\n\n - crypto: bcm - Rename struct device_private to\n bcm_device_private (git-fixes).\n\n - crypto: Kconfig - CRYPTO_MANAGER_EXTRA_TESTS requires\n the manager (git-fixes).\n\n - crypto: tcrypt - avoid signed overflow in byte count\n (git-fixes).\n\n - Delete\n patches.suse/sched-Reenable-interrupts-in-do_sched_yield\n .patch (bsc#1183530) \n\n - drivers/misc/vmw_vmci: restrict too big queue size in\n qp_host_alloc_queue (git-fixes).\n\n - drivers: video: fbcon: fix NULL dereference in\n fbcon_cursor() (git-fixes).\n\n - drm/amd/display: Guard against NULL pointer deref when\n get_i2c_info fails (git-fixes).\n\n - drm/amdgpu: Add check to prevent IH overflow\n (git-fixes).\n\n - drm/amdgpu: check alignment on CPU page for bo map\n (git-fixes).\n\n - drm/amdgpu: fix offset calculation in\n amdgpu_vm_bo_clear_mappings() (git-fixes).\n\n - drm/amdgpu: fix parameter error of RREG32_PCIE() in\n amdgpu_regs_pcie (git-fixes).\n\n - drm/amdkfd: Put ACPI table after using it (bsc#1152489)\n Backporting notes: &#9;* context changes\n\n - drm/amd/powerplay: fix spelling mistake\n 'smu_state_memroy_block' -> (bsc#1152489) Backporting\n notes: &#9;* rename amd/pm to amd/powerplay &#9;*\n context changes\n\n - drm/compat: Clear bounce structures (git-fixes).\n\n - drm/hisilicon: Fix use-after-free (git-fixes).\n\n - drm/i915: Fix invalid access to ACPI _DSM objects\n (bsc#1184074).\n\n - drm/i915: Reject 446-480MHz HDMI clock on GLK\n (git-fixes).\n\n - drm/mediatek: Fix aal size config (bsc#1152489) \n\n - drm: meson_drv add shutdown function (git-fixes).\n\n - drm/msm/a5xx: Remove overwriting A5XX_PC_DBG_ECO_CNTL\n register (git-fixes).\n\n - drm/msm/adreno: a5xx_power: Do not apply A540 lm_setup\n to other GPUs (git-fixes).\n\n - drm/msm/dsi: Correct io_start for MSM8994 (20nm PHY)\n (git-fixes).\n\n - drm/msm: Fix races managing the OOB state for timestamp\n vs (bsc#1152489) \n\n - drm/msm: fix shutdown hook in case GPU components failed\n to bind (git-fixes).\n\n - drm/msm: Fix use-after-free in msm_gem with carveout\n (bsc#1152489) \n\n - drm/msm: Fix WARN_ON() splat in _free_object()\n (bsc#1152489) \n\n - drm/msm/gem: Add obj->lock wrappers (bsc#1152489) \n\n - drm/msm: Ratelimit invalid-fence message (git-fixes).\n\n - drm/msm: Set drvdata to NULL when msm_drm_init() fails\n (git-fixes).\n\n - drm/nouveau: bail out of nouveau_channel_new if channel\n init fails (bsc#1152489) \n\n - drm/nouveau/kms: handle mDP connectors (git-fixes).\n\n - drm/panfrost: Do not corrupt the queue mutex on\n open/close (bsc#1152472) \n\n - drm/panfrost: Fix job timeout handling (bsc#1152472) \n\n - drm/panfrost: Remove unused variables in\n panfrost_job_close() (bsc#1152472)\n\n - drm/radeon: fix AGP dependency (git-fixes).\n\n - drm: rcar-du: Fix crash when using LVDS1 clock for CRTC\n (bsc#1152489) \n\n - drm/sched: Cancel and flush all outstanding jobs before\n finish (git-fixes).\n\n - drm/sun4i: tcon: fix inverted DCLK polarity\n (bsc#1152489) \n\n - drm/tegra: sor: Grab runtime PM reference across reset\n (git-fixes).\n\n - drm/vc4: hdmi: Restore cec physical address on reconnect\n (bsc#1152472) \n\n - efi: use 32-bit alignment for efi_guid_t literals\n (git-fixes).\n\n - enetc: Fix reporting of h/w packet counters (git-fixes).\n\n - epoll: check for events when removing a timed out thread\n from the wait queue (git-fixes).\n\n - ethernet: alx: fix order of calls on resume (git-fixes).\n\n - exec: Move would_dump into flush_old_exec (git-fixes).\n\n - exfat: add missing MODULE_ALIAS_FS() (bsc#1182989).\n\n - exfat: add the dummy mount options to be backward\n compatible with staging/exfat (bsc#1182989).\n\n - extcon: Add stubs for extcon_register_notifier_all()\n functions (git-fixes).\n\n - extcon: Fix error handling in extcon_dev_register\n (git-fixes).\n\n - fbdev: aty: SPARC64 requires FB_ATY_CT (git-fixes).\n\n - firmware/efi: Fix a use after bug in\n efi_mem_reserve_persistent (git-fixes).\n\n - flow_dissector: fix byteorder of dissected ICMP ID\n (bsc#1154353).\n\n - fsl/fman: check dereferencing NULL pointer (git-fixes).\n\n - fsl/fman: fix dereference null return value (git-fixes).\n\n - fsl/fman: fix eth hash table allocation (git-fixes).\n\n - fsl/fman: fix unreachable code (git-fixes).\n\n - fsl/fman: use 32-bit unsigned integer (git-fixes).\n\n - fuse: fix bad inode (bsc#1184211).\n\n - fuse: fix live lock in fuse_iget() (bsc#1184211).\n\n - fuse: verify write return (git-fixes).\n\n - gcc-plugins: drop support for GCC <= 4.7 (bcs#1181862).\n\n - gcc-plugins: make it possible to disable\n CONFIG_GCC_PLUGINS again (bcs#1181862).\n\n - gcc-plugins: simplify GCC plugin-dev capability test\n (bsc#1181862).\n\n - gianfar: Account for Tx PTP timestamp in the skb\n headroom (git-fixes).\n\n - gianfar: Fix TX timestamping with a stacked DSA driver\n (git-fixes).\n\n - gianfar: Handle error code at MAC address change\n (git-fixes).\n\n - gianfar: Replace skb_realloc_headroom with skb_cow_head\n for PTP (git-fixes).\n\n - Goodix Fingerprint device is not a modem (git-fixes).\n\n - gpiolib: acpi: Add missing IRQF_ONESHOT (git-fixes).\n\n - gpio: pca953x: Set IRQ type when handle Intel Galileo\n Gen 2 (git-fixes).\n\n - gpio: zynq: fix reference leak in zynq_gpio functions\n (git-fixes).\n\n - HID: i2c-hid: Add I2C_HID_QUIRK_NO_IRQ_AFTER_RESET for\n ITE8568 EC on Voyo Winpad A15 (git-fixes).\n\n - HID: mf: add support for 0079:1846 Mayflash/Dragonrise\n USB Gamecube Adapter (git-fixes).\n\n - HSI: Fix PM usage counter unbalance in ssi_hw_init\n (git-fixes).\n\n - hwmon: (ina3221) Fix PM usage counter unbalance in\n ina3221_write_enable (git-fixes).\n\n - i2c: rcar: faster irq code to minimize HW race condition\n (git-fixes).\n\n - i2c: rcar: optimize cacheline to minimize HW race\n condition (git-fixes).\n\n - i40e: Fix parameters in aq_get_phy_register()\n (jsc#SLE-8025).\n\n - i40e: Fix sparse error: 'vsi->netdev' could be null\n (jsc#SLE-8025).\n\n - iavf: Fix incorrect adapter get in iavf_resume\n (git-fixes).\n\n - iavf: use generic power management (git-fixes).\n\n - ibmvnic: add comments for spinlock_t definitions\n (bsc#1183871 ltc#192139).\n\n - ibmvnic: always store valid MAC address (bsc#1182011\n ltc#191844).\n\n - ibmvnic: avoid multiple line dereference (bsc#1183871\n ltc#192139).\n\n - ibmvnic: fix block comments (bsc#1183871 ltc#192139).\n\n - ibmvnic: fix braces (bsc#1183871 ltc#192139).\n\n - ibmvnic: fix miscellaneous checks (bsc#1183871\n ltc#192139).\n\n - ibmvnic: Fix possibly uninitialized old_num_tx_queues\n variable warning (jsc#SLE-17268).\n\n - ibmvnic: merge do_change_param_reset into do_reset\n (bsc#1183871 ltc#192139).\n\n - ibmvnic: prefer strscpy over strlcpy (bsc#1183871\n ltc#192139).\n\n - ibmvnic: prefer 'unsigned long' over 'unsigned long int'\n (bsc#1183871 ltc#192139).\n\n - ibmvnic: remove excessive irqsave (bsc#1182485\n ltc#191591).\n\n - ibmvnic: remove unnecessary rmb() inside ibmvnic_poll\n (bsc#1183871 ltc#192139).\n\n - ibmvnic: remove unused spinlock_t stats_lock definition\n (bsc#1183871 ltc#192139).\n\n - ibmvnic: rework to ensure SCRQ entry reads are properly\n ordered (bsc#1183871 ltc#192139).\n\n - ibmvnic: simplify reset_long_term_buff function\n (bsc#1183023 ltc#191791).\n\n - ibmvnic: substitute mb() with dma_wmb() for send_*crq*\n functions (bsc#1183023 ltc#191791).\n\n - ice: fix memory leak if register_netdev_fails\n (git-fixes).\n\n - ice: fix memory leak in ice_vsi_setup (git-fixes).\n\n - ice: Fix state bits on LLDP mode switch (jsc#SLE-7926).\n\n - ice: remove DCBNL_DEVRESET bit from PF state\n (jsc#SLE-7926).\n\n - ice: renegotiate link after FW DCB on (jsc#SLE-8464).\n\n - ice: report correct max number of TCs (jsc#SLE-7926).\n\n - ice: update the number of available RSS queues\n (jsc#SLE-7926).\n\n - igc: Fix igc_ptp_rx_pktstamp() (bsc#1160634).\n\n - iio: adc: ad7949: fix wrong ADC result due to incorrect\n bit mask (git-fixes).\n\n - iio:adc:qcom-spmi-vadc: add default scale to\n LR_MUX2_BAT_ID channel (git-fixes).\n\n - iio: adis16400: Fix an error code in\n adis16400_initial_setup() (git-fixes).\n\n - iio: gyro: mpu3050: Fix error handling in\n mpu3050_trigger_handler (git-fixes).\n\n - iio: hid-sensor-humidity: Fix alignment issue of\n timestamp channel (git-fixes).\n\n - iio: hid-sensor-prox: Fix scale not correct issue\n (git-fixes).\n\n - iio: hid-sensor-temperature: Fix issues of timestamp\n channel (git-fixes).\n\n - include/linux/sched/mm.h: use rcu_dereference in\n in_vfork() (git-fixes).\n\n - Input: applespi - do not wait for responses to commands\n indefinitely (git-fixes).\n\n - Input: elantech - fix protocol errors for some\n trackpoints in SMBus mode (git-fixes).\n\n - Input: i8042 - add ASUS Zenbook Flip to noselftest list\n (git-fixes).\n\n - Input: raydium_ts_i2c - do not send zero length\n (git-fixes).\n\n - Input: xpad - add support for PowerA Enhanced Wired\n Controller for Xbox Series X|S (git-fixes).\n\n - iommu/amd: Fix sleeping in atomic in\n increase_address_space() (bsc#1183277).\n\n - iommu/intel: Fix memleak in intel_irq_remapping_alloc\n (bsc#1183278).\n\n - iommu/qcom: add missing put_device() call in\n qcom_iommu_of_xlate() (bsc#1183637).\n\n - iommu/vt-d: Add get_domain_info() helper (bsc#1183279).\n\n - iommu/vt-d: Avoid panic if iommu init fails in tboot\n system (bsc#1183280).\n\n - iommu/vt-d: Correctly check addr alignment in\n qi_flush_dev_iotlb_pasid() (bsc#1183281).\n\n - iommu/vt-d: Do not use flush-queue when caching-mode is\n on (bsc#1183282).\n\n - iommu/vt-d: Fix general protection fault in\n aux_detach_device() (bsc#1183283).\n\n - iommu/vt-d: Fix ineffective devTLB invalidation for\n subdevices (bsc#1183284).\n\n - iommu/vt-d: Fix unaligned addresses for\n intel_flush_svm_range_dev() (bsc#1183285).\n\n - iommu/vt-d: Move intel_iommu info from struct intel_svm\n to struct intel_svm_dev (bsc#1183286).\n\n - ionic: linearize tso skb with too many frags\n (bsc#1167773).\n\n - kABI: powerpc/pmem: Include pmem prototypes (bsc#1113295\n git-fixes).\n\n - kbuild: add dummy toolchains to enable all cc-option\n etc. in Kconfig (bcs#1181862).\n\n - kbuild: change *FLAGS_<basetarget>.o to take the path\n relative to $(obj) (bcs#1181862).\n\n - kbuild: dummy-tools, fix inverted tests for gcc\n (bcs#1181862).\n\n - kbuild: dummy-tools, support MPROFILE_KERNEL checks for\n ppc (bsc#1181862).\n\n - kbuild: Fail if gold linker is detected (bcs#1181862).\n\n - kbuild: improve cc-option to clean up all temporary\n files (bsc#1178330).\n\n - kbuild: include scripts/Makefile.* only when relevant\n CONFIG is enabled (bcs#1181862).\n\n - kbuild: simplify GCC_PLUGINS enablement in\n dummy-tools/gcc (bcs#1181862).\n\n - kbuild: stop filtering out $(GCC_PLUGINS_CFLAGS) from\n cc-option base (bcs#1181862).\n\n - kbuild: use -S instead of -E for precise cc-option test\n in Kconfig (bsc#1178330).\n\n - kconfig: introduce m32-flag and m64-flag (bcs#1181862).\n\n - KVM: nVMX: Properly handle userspace interrupt window\n request (bsc#1183427).\n\n - KVM: SVM: Clear the CR4 register on reset (bsc#1183252).\n\n - KVM: x86: Add helpers to perform CPUID-based guest\n vendor check (bsc#1183445). \n\n - KVM: x86: Add RIP to the kvm_entry, i.e. VM-Enter,\n tracepoint Needed as a dependency of 0b40723a827 ('kvm:\n tracing: Fix unmatched kvm_entry and kvm_exit events',\n bsc#1182770).\n\n - KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if\n tsx=off (bsc#1183287).\n\n - KVM: x86: do not reset microcode version on INIT or\n RESET (bsc#1183412).\n\n - KVM x86: Extend AMD specific guest behavior to Hygon\n virtual CPUs (bsc#1183447).\n\n - KVM: x86: list MSR_IA32_UCODE_REV as an emulated MSR\n (bsc#1183369).\n\n - KVM: x86: Return -E2BIG when KVM_GET_SUPPORTED_CPUID\n hits max entries (bsc#1183428).\n\n - KVM: x86: Set so called 'reserved CR3 bits in LM mask'\n at vCPU reset (bsc#1183288).\n\n - libbpf: Clear map_info before each\n bpf_obj_get_info_by_fd (bsc#1155518).\n\n - libbpf: Fix BTF dump of pointer-to-array-of-struct\n (bsc#1155518).\n\n - libbpf: Fix INSTALL flag order (bsc#1155518).\n\n - libbpf: Use SOCK_CLOEXEC when opening the netlink socket\n (bsc#1155518).\n\n - lib/syscall: fix syscall registers retrieval on 32-bit\n platforms (git-fixes).\n\n - locking/mutex: Fix non debug version of\n mutex_lock_io_nested() (git-fixes).\n\n -\n loop-be-paranoid-on-exit-and-prevent-new-additions-r.pat\n ch: (bsc#1171295).\n\n - mac80211: choose first enabled channel for monitor\n (git-fixes).\n\n - mac80211: fix double free in ibss_leave (git-fixes).\n\n - mac80211: fix rate mask reset (git-fixes).\n\n - mac80211: fix TXQ AC confusion (git-fixes).\n\n - mdio: fix mdio-thunder.c dependency & build error\n (git-fixes).\n\n - media: cros-ec-cec: do not bail on device_init_wakeup\n failure (git-fixes).\n\n - media: cx23885: add more quirks for reset DMA on some\n AMD IOMMU (git-fixes).\n\n - media: mceusb: Fix potential out-of-bounds shift\n (git-fixes).\n\n - media: mceusb: sanity check for prescaler value\n (git-fixes).\n\n - media: rc: compile rc-cec.c into rc-core (git-fixes).\n\n - media: usbtv: Fix deadlock on suspend (git-fixes).\n\n - media: uvcvideo: Allow entities with no pads\n (git-fixes).\n\n - media: v4l2-ctrls.c: fix shift-out-of-bounds in\n std_validate (git-fixes).\n\n - media: v4l: vsp1: Fix bru NULL pointer access\n (git-fixes).\n\n - media: v4l: vsp1: Fix uif NULL pointer access\n (git-fixes).\n\n - media: vicodec: add missing v4l2_ctrl_request_hdl_put()\n (git-fixes).\n\n - misc: eeprom_93xx46: Add quirk to support Microchip\n 93LC46B eeprom (git-fixes).\n\n - misc: fastrpc: restrict user apps from sending kernel\n RPC messages (git-fixes).\n\n - misc/pvpanic: Export module FDT device table\n (git-fixes).\n\n - misc: rtsx: init of rts522a add OCP power off when no\n card is present (git-fixes).\n\n - mISDN: fix crash in fritzpci (git-fixes).\n\n - mmc: core: Fix partition switch time for eMMC\n (git-fixes).\n\n - mmc: cqhci: Fix random crash when remove mmc module/card\n (git-fixes).\n\n - mmc: mxs-mmc: Fix a resource leak in an error handling\n path in 'mxs_mmc_probe()' (git-fixes).\n\n - mmc: sdhci-esdhc-imx: fix kernel panic when remove\n module (git-fixes).\n\n - mmc: sdhci-of-dwcmshc: set\n SDHCI_QUIRK2_PRESET_VALUE_BROKEN (git-fixes).\n\n - mm: hugetlbfs: fix cannot migrate the fallocated HugeTLB\n page (git-fixes).\n\n - mm, numa: fix bad pmd by atomically check for\n pmd_trans_huge when marking page tables prot_numa\n (bsc#1168777).\n\n - mount: fix mounting of detached mounts onto targets that\n reside on shared mounts (git-fixes).\n\n - mt76: dma: do not report truncated frames to mac80211\n (git-fixes).\n\n - mwifiex: pcie: skip cancel_work_sync() on reset failure\n path (git-fixes).\n\n - net: arc_emac: Fix memleak in arc_mdio_probe\n (git-fixes).\n\n - net: atheros: switch from 'pci_' to 'dma_' API\n (git-fixes).\n\n - net: b44: fix error return code in b44_init_one()\n (git-fixes).\n\n - net: bonding: fix error return code of bond_neigh_init()\n (bsc#1154353).\n\n - net: cdc-phonet: fix data-interface release on probe\n failure (git-fixes).\n\n - net: core: introduce __netdev_notify_peers (bsc#1183871\n ltc#192139).\n\n - netdevsim: init u64 stats for 32bit hardware\n (git-fixes).\n\n - net: dsa: rtl8366: Fix VLAN semantics (git-fixes).\n\n - net: dsa: rtl8366: Fix VLAN set-up (git-fixes).\n\n - net: dsa: rtl8366rb: Support all 4096 VLANs (git-fixes).\n\n - net: enic: Cure the enic api locking trainwreck\n (git-fixes).\n\n - net: ethernet: aquantia: Fix wrong return value\n (git-fixes).\n\n - net: ethernet: cavium: octeon_mgmt: use phy_start and\n phy_stop (git-fixes).\n\n - net: ethernet: ibm: ibmvnic: Fix some kernel-doc\n misdemeanours (bsc#1183871 ltc#192139).\n\n - net: ethernet: ti: cpsw: fix clean up of vlan mc entries\n for host port (git-fixes).\n\n - net: ethernet: ti: cpsw: fix error return code in\n cpsw_probe() (git-fixes).\n\n - net: fec: Fix phy_device lookup for\n phy_reset_after_clk_enable() (git-fixes).\n\n - net: fec: Fix PHY init after\n phy_reset_after_clk_enable() (git-fixes).\n\n - net: fec: Fix reference count leak in fec series ops\n (git-fixes).\n\n - net: gemini: Fix another missing clk_disable_unprepare()\n in probe (git-fixes).\n\n - net: gemini: Fix missing free_netdev() in error path of\n gemini_ethernet_port_probe() (git-fixes).\n\n - net: gianfar: Add of_node_put() before goto statement\n (git-fixes).\n\n - net: hdlc: In hdlc_rcv, check to make sure dev is an\n HDLC device (git-fixes).\n\n - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag\n after calling ether_setup (git-fixes).\n\n - net: hns3: Remove the left over redundant check &\n assignment (bsc#1154353).\n\n - net: korina: cast KSEG0 address to pointer in kfree\n (git-fixes).\n\n - net: korina: fix kfree of rx/tx descriptor array\n (git-fixes).\n\n - net: lantiq: Wait for the GPHY firmware to be ready\n (git-fixes).\n\n - net/mlx5: Disable devlink reload for lag devices\n (jsc#SLE-8464).\n\n - net/mlx5: Disable devlink reload for multi port slave\n device (jsc#SLE-8464).\n\n - net/mlx5: Disallow RoCE on lag device (jsc#SLE-8464).\n\n - net/mlx5: Disallow RoCE on multi port slave device\n (jsc#SLE-8464).\n\n - net/mlx5e: E-switch, Fix rate calculation division\n (jsc#SLE-8464).\n\n - net/mlx5e: E-switch, Fix rate calculation for overflow\n (jsc#SLE-8464).\n\n - net/mlx5: Fix PPLM register mapping (jsc#SLE-8464).\n\n - net: mvneta: fix double free of txq->buf (git-fixes).\n\n - net: mvneta: make tx buffer array agnostic (git-fixes).\n\n - net: pasemi: fix error return code in pasemi_mac_open()\n (git-fixes).\n\n - net: phy: broadcom: Only advertise EEE for supported\n modes (git-fixes).\n\n - net: qcom/emac: add missed clk_disable_unprepare in\n error path of emac_clks_phase1_init (git-fixes).\n\n - net: qualcomm: rmnet: Fix incorrect receive packet\n handling during cleanup (git-fixes).\n\n - net: sched: disable TCQ_F_NOLOCK for pfifo_fast\n (bsc#1183405)\n\n - netsec: restore phy power state after controller reset\n (bsc#1183757).\n\n - net: spider_net: Fix the size used in a\n 'dma_free_coherent()' call (git-fixes).\n\n - net: stmmac: Fix incorrect location to set\n real_num_rx|tx_queues (git-fixes).\n\n - net: stmmac: removed enabling eee in EEE set callback\n (git-fixes).\n\n - net: stmmac: use netif_tx_start|stop_all_queues()\n function (git-fixes).\n\n - net: stmmac: Use rtnl_lock/unlock on\n netif_set_real_num_rx_queues() call (git-fixes).\n\n - net: usb: ax88179_178a: fix missing stop entry in\n driver_info (git-fixes).\n\n - net: usb: qmi_wwan: allow qmimux add/del with master up\n (git-fixes).\n\n - net: usb: qmi_wwan: support ZTE P685M modem (git-fixes).\n\n - net: wan/lmc: unregister device when no matching device\n is found (git-fixes).\n\n - nfp: flower: fix pre_tun mask id allocation\n (bsc#1154353).\n\n - nvme: allocate the keep alive request using\n BLK_MQ_REQ_NOWAIT (bsc#1182077).\n\n - nvme-fabrics: fix kato initialization (bsc#1182591).\n\n - nvme-fabrics: only reserve a single tag (bsc#1182077).\n\n - nvme-fc: fix racing controller reset and create\n association (bsc#1183048).\n\n - nvme-hwmon: Return error code when registration fails\n (bsc#1177326).\n\n - nvme: merge nvme_keep_alive into nvme_keep_alive_work\n (bsc#1182077).\n\n - nvme: return an error if nvme_set_queue_count() fails\n (bsc#1180197).\n\n - nvmet-rdma: Fix list_del corruption on queue\n establishment failure (bsc#1183501).\n\n - objtool: Fix '.cold' section suffix check for newer\n versions of GCC (bsc#1169514).\n\n - objtool: Fix error handling for STD/CLD warnings\n (bsc#1169514).\n\n - objtool: Fix retpoline detection in asm code\n (bsc#1169514).\n\n - ovl: fix dentry leak in ovl_get_redirect (bsc#1184176).\n\n - ovl: fix out of date comment and unreachable code\n (bsc#1184176).\n\n - ovl: fix regression with re-formatted lower squashfs\n (bsc#1184176).\n\n - ovl: fix unneeded call to ovl_change_flags()\n (bsc#1184176).\n\n - ovl: fix value of i_ino for lower hardlink corner case\n (bsc#1184176).\n\n - ovl: initialize error in ovl_copy_xattr (bsc#1184176).\n\n - ovl: relax WARN_ON() when decoding lower directory file\n handle (bsc#1184176).\n\n - PCI: Add a REBAR size quirk for Sapphire RX 5600 XT\n Pulse (git-fixes).\n\n - PCI: Add function 1 DMA alias quirk for Marvell 9215\n SATA controller (git-fixes).\n\n - PCI: Align checking of syscall user config accessors\n (git-fixes).\n\n - PCI: Decline to resize resources if boot config must be\n preserved (git-fixes).\n\n - PCI: Fix pci_register_io_range() memory leak\n (git-fixes).\n\n - PCI: mediatek: Add missing of_node_put() to fix\n reference leak (git-fixes).\n\n - PCI: qcom: Use PHY_REFCLK_USE_PAD only for ipq8064\n (git-fixes).\n\n - PCI: xgene-msi: Fix race in installing chained irq\n handler (git-fixes).\n\n - pinctrl: rockchip: fix restore error in resume\n (git-fixes).\n\n - Platform: OLPC: Fix probe error handling (git-fixes).\n\n - platform/x86: acer-wmi: Add ACER_CAP_KBD_DOCK quirk for\n the Aspire Switch 10E SW3-016 (git-fixes).\n\n - platform/x86: acer-wmi: Add ACER_CAP_SET_FUNCTION_MODE\n capability flag (git-fixes).\n\n - platform/x86: acer-wmi: Add new force_caps module\n parameter (git-fixes).\n\n - platform/x86: acer-wmi: Add support for SW_TABLET_MODE\n on Switch devices (git-fixes).\n\n - platform/x86: acer-wmi: Cleanup accelerometer device\n handling (git-fixes).\n\n - platform/x86: acer-wmi: Cleanup ACER_CAP_FOO defines\n (git-fixes).\n\n - platform/x86: intel-hid: Support Lenovo ThinkPad X1\n Tablet Gen 2 (git-fixes).\n\n - platform/x86: intel-vbtn: Stop reporting SW_DOCK events\n (git-fixes).\n\n - platform/x86: thinkpad_acpi: Allow the FnLock LED to\n change state (git-fixes).\n\n - PM: EM: postpone creating the debugfs dir till\n fs_initcall (git-fixes).\n\n - PM: runtime: Add pm_runtime_resume_and_get to deal with\n usage counter (bsc#1183366).\n\n - PM: runtime: Fix ordering in pm_runtime_get_suppliers()\n (git-fixes).\n\n - PM: runtime: Fix race getting/putting suppliers at probe\n (git-fixes).\n\n - post.sh: Return an error when module update fails\n (bsc#1047233 bsc#1184388).\n\n - powerpc/64s: Fix instruction encoding for lis in\n ppc_function_entry() (bsc#1065729).\n\n - powerpc/book3s64/radix: Remove WARN_ON in\n destroy_context() (bsc#1183692 ltc#191963).\n\n - powerpc/pmem: Include pmem prototypes (bsc#1113295\n git-fixes).\n\n - powerpc/pseries/mobility: handle premature return from\n H_JOIN (bsc#1181674 ltc#189159 git-fixes bsc#1183662\n ltc#191922).\n\n - powerpc/pseries/mobility: use struct for shared state\n (bsc#1181674 ltc#189159 git-fixes bsc#1183662\n ltc#191922).\n\n - powerpc/pseries/ras: Remove unused variable 'status'\n (bsc#1065729).\n\n - powerpc/sstep: Check instruction validity against ISA\n version before emulation (bsc#1156395).\n\n - powerpc/sstep: Fix darn emulation (bsc#1156395).\n\n - powerpc/sstep: Fix incorrect return from analyze_instr()\n (bsc#1156395).\n\n - powerpc/sstep: Fix load-store and update emulation\n (bsc#1156395).\n\n - printk: fix deadlock when kernel panic (bsc#1183018).\n\n - proc: fix lookup in /proc/net subdirectories after\n setns(2) (git-fixes).\n\n - pwm: rockchip: rockchip_pwm_probe(): Remove superfluous\n clk_unprepare() (git-fixes).\n\n - qlcnic: fix error return code in\n qlcnic_83xx_restart_hw() (git-fixes).\n\n - qxl: Fix uninitialised struct field head.surface_id\n (git-fixes).\n\n - random: fix the RNDRESEEDCRNG ioctl (git-fixes).\n\n - RAS/CEC: Correct ce_add_elem()'s returned values\n (bsc#1152489).\n\n - RDMA/hns: Disable RQ inline by default (jsc#SLE-8449).\n\n - RDMA/hns: Fix type of sq_signal_bits (jsc#SLE-8449).\n\n - RDMA/srp: Fix support for unpopulated and unbalanced\n NUMA nodes (bsc#1169709)\n\n - regulator: bd9571mwv: Fix AVS and DVFS voltage range\n (git-fixes).\n\n - Revert 'net: bonding: fix error return code of\n bond_neigh_init()' (bsc#1154353).\n\n - rpadlpar: fix potential drc_name corruption in store\n functions (bsc#1183416 ltc#191079).\n\n - rpm/check-for-config-changes: add -mrecord-mcount ignore\n Added by 3b15cdc15956 (tracing: move function tracer\n options to Kconfig) upstream.\n\n - rpm/check-for-config-changes: Also ignore AS_VERSION\n added in 5.12.\n\n - rpm/check-for-config-changes: comment on the list To\n explain what it actually is.\n\n - rpm/check-for-config-changes: declare sed args as an\n array So that we can reuse it in both seds. This also\n introduces IGNORED_CONFIGS_RE array which can be easily\n extended.\n\n - rpm/check-for-config-changes: define ignores more\n strictly * search for whole words, so make wildcards\n explicit * use ' for quoting * prepend CONFIG_\n dynamically, so it need not be in the list\n\n - rpm/check-for-config-changes: sort the ignores They are\n growing so to make them searchable by humans.\n\n - rpm/kernel-binary.spec.in: Fix dependency of\n kernel-*-devel package (bsc#1184514) The devel package\n requires the kernel binary package itself for building\n modules externally.\n\n - rsi: Fix TX EAPOL packet handling against iwlwifi AP\n (git-fixes).\n\n - rsi: Move card interrupt handling to RX thread\n (git-fixes).\n\n - rsxx: Return -EFAULT if copy_to_user() fails\n (git-fixes).\n\n - s390/cio: return -EFAULT if copy_to_user() fails\n (git-fixes).\n\n - s390/cio: return -EFAULT if copy_to_user() fails\n (git-fixes).\n\n - s390/crypto: return -EFAULT if copy_to_user() fails\n (git-fixes).\n\n - s390/dasd: fix hanging IO request during DASD driver\n unbind (git-fixes).\n\n - s390/qeth: fix memory leak after failed TX Buffer\n allocation (git-fixes).\n\n - s390/qeth: fix notification for pending buffers during\n teardown (git-fixes).\n\n - s390/qeth: improve completion of pending TX buffers\n (git-fixes).\n\n - s390/qeth: schedule TX NAPI on QAOB completion\n (git-fixes).\n\n - s390/vtime: fix increased steal time accounting\n (bsc#1183859).\n\n - samples, bpf: Add missing munmap in xdpsock\n (bsc#1155518).\n\n - scsi: ibmvfc: Fix invalid state machine BUG_ON()\n (bsc#1184647 ltc#191231).\n\n - scsi: lpfc: Change wording of invalid pci reset log\n message (bsc#1182574).\n\n - scsi: lpfc: Correct function header comments related to\n ndlp reference counting (bsc#1182574).\n\n - scsi: lpfc: Fix ADISC handling that never frees nodes\n (bsc#1182574).\n\n - scsi: lpfc: Fix crash caused by switch reboot\n (bsc#1182574).\n\n - scsi: lpfc: Fix dropped FLOGI during pt2pt discovery\n recovery (bsc#1182574).\n\n - scsi: lpfc: Fix FLOGI failure due to accessing a freed\n node (bsc#1182574).\n\n - scsi: lpfc: Fix incorrect dbde assignment when building\n target abts wqe (bsc#1182574).\n\n - scsi: lpfc: Fix lpfc_els_retry() possible NULL pointer\n dereference (bsc#1182574).\n\n - scsi: lpfc: Fix nodeinfo debugfs output (bsc#1182574).\n\n - scsi: lpfc: Fix NULL pointer dereference in\n lpfc_prep_els_iocb() (bsc#1182574).\n\n - scsi: lpfc: Fix PLOGI ACC to be transmit after REG_LOGIN\n (bsc#1182574).\n\n - scsi: lpfc: Fix pt2pt connection does not recover after\n LOGO (bsc#1182574).\n\n - scsi: lpfc: Fix pt2pt state transition causing rmmod\n hang (bsc#1182574).\n\n - scsi: lpfc: Fix reftag generation sizing errors\n (bsc#1182574).\n\n - scsi: lpfc: Fix stale node accesses on stale RRQ request\n (bsc#1182574).\n\n - scsi: lpfc: Fix status returned in lpfc_els_retry()\n error exit path (bsc#1182574).\n\n - scsi: lpfc: Fix unnecessary null check in\n lpfc_release_scsi_buf (bsc#1182574).\n\n - scsi: lpfc: Fix use after free in lpfc_els_free_iocb\n (bsc#1182574).\n\n - scsi: lpfc: Fix vport indices in\n lpfc_find_vport_by_vpid() (bsc#1182574).\n\n - scsi: lpfc: Reduce LOG_TRACE_EVENT logging for vports\n (bsc#1182574).\n\n - scsi: lpfc: Update copyrights for 12.8.0.7 and 12.8.0.8\n changes (bsc#1182574).\n\n - scsi: lpfc: Update lpfc version to 12.8.0.8\n (bsc#1182574).\n\n - scsi: target: pscsi: Avoid OOM in pscsi_map_sg()\n (bsc#1183843).\n\n - scsi: target: pscsi: Clean up after failure in\n pscsi_map_sg() (bsc#1183843).\n\n - selftests/bpf: Mask bpf_csum_diff() return value to 16\n bits in test_verifier (bsc#1155518).\n\n - selftests/bpf: No need to drop the packet when there is\n no geneve opt (bsc#1155518).\n\n - selftests/bpf: Set gopt opt_class to 0 if get tunnel opt\n failed (bsc#1155518).\n\n - selinux: fix error initialization in\n inode_doinit_with_dentry() (git-fixes).\n\n - selinux: Fix error return code in sel_ib_pkey_sid_slow()\n (git-fixes).\n\n - selinux: fix inode_doinit_with_dentry() LABEL_INVALID\n error handling (git-fixes).\n\n - smb3: add dynamic trace point to trace when credits\n obtained (bsc#1181507).\n\n - smb3: fix crediting for compounding when only one\n request in flight (bsc#1181507).\n\n - smb3: Fix out-of-bounds bug in SMB2_negotiate()\n (bsc#1183540).\n\n - soc/fsl: qbman: fix conflicting alignment attributes\n (git-fixes).\n\n - software node: Fix node registration (git-fixes).\n\n - spi: stm32: make spurious and overrun interrupts visible\n (git-fixes).\n\n - squashfs: fix inode lookup sanity checks (bsc#1183750).\n\n - squashfs: fix xattr id and id lookup sanity checks\n (bsc#1183750).\n\n - stop_machine: mark helpers __always_inline (git-fixes).\n\n - thermal/core: Add NULL pointer check before using\n cooling device stats (git-fixes).\n\n - udlfb: Fix memory leak in dlfb_usb_probe (git-fixes).\n\n - Update bug reference for USB-audio fixes (bsc#1182552\n bsc#1183598)\n\n - USB: cdc-acm: downgrade message to debug (git-fixes).\n\n - USB: cdc-acm: fix double free on probe failure\n (git-fixes).\n\n - USB: cdc-acm: fix use-after-free after probe failure\n (git-fixes).\n\n - USB: cdc-acm: untangle a circular dependency between\n callback and softint (git-fixes).\n\n - USB: dwc2: Fix HPRT0.PrtSusp bit setting for HiKey 960\n board (git-fixes).\n\n - USB: dwc2: Prevent core suspend when port connection\n flag is 0 (git-fixes).\n\n - USB: dwc3: gadget: Fix dep->interval for fullspeed\n interrupt (git-fixes).\n\n - USB: dwc3: gadget: Fix setting of DEPCFG.bInterval_m1\n (git-fixes).\n\n - USB: dwc3: qcom: Add missing DWC3 OF node refcount\n decrement (git-fixes).\n\n - USB: dwc3: qcom: Honor wakeup enabled/disabled state\n (git-fixes).\n\n - USB: gadget: configfs: Fix KASAN use-after-free\n (git-fixes).\n\n - USB: gadget: f_uac1: stop playback on function disable\n (git-fixes).\n\n - USB: gadget: f_uac2: always increase endpoint\n max_packet_size by one audio slot (git-fixes).\n\n - USB: gadget: udc: amd5536udc_pci fix\n null-ptr-dereference (git-fixes).\n\n - USB: gadget: u_ether: Fix a configfs return code\n (git-fixes).\n\n - USBip: Fix incorrect double assignment to udc->ud.tcp_rx\n (git-fixes).\n\n - USBip: fix stub_dev to check for stream socket\n (git-fixes).\n\n - USBip: fix stub_dev usbip_sockfd_store() races leading\n to gpf (git-fixes).\n\n - USBip: fix vhci_hcd attach_store() races leading to gpf\n (git-fixes).\n\n - USBip: fix vhci_hcd to check for stream socket\n (git-fixes).\n\n - USBip: fix vudc to check for stream socket (git-fixes).\n\n - USBip: fix vudc usbip_sockfd_store races leading to gpf\n (git-fixes).\n\n - USBip: tools: fix build error for multiple definition\n (git-fixes).\n\n - USBip: vhci_hcd fix shift out-of-bounds in\n vhci_hub_control() (git-fixes).\n\n - USB: musb: Fix suspend with devices connected for a64\n (git-fixes).\n\n - USB: quirks: ignore remote wake-up on Fibocom L850-GL\n LTE modem (git-fixes).\n\n - USB: renesas_usbhs: Clear PIPECFG for re-enabling pipe\n with other EPNUM (git-fixes).\n\n - USB: replace hardcode maximum usb string length by\n definition (git-fixes).\n\n - USB: serial: ch341: add new Product ID (git-fixes).\n\n - USB: serial: cp210x: add ID for Acuity Brands nLight Air\n Adapter (git-fixes).\n\n - USB: serial: cp210x: add some more GE USB IDs\n (git-fixes).\n\n - USB: serial: ftdi_sio: fix FTX sub-integer prescaler\n (git-fixes).\n\n - USB: serial: io_edgeport: fix memory leak in\n edge_startup (git-fixes).\n\n - USB-storage: Add quirk to defeat Kindle's automatic\n unload (git-fixes).\n\n - USB: typec: tcpm: Invoke power_supply_changed for\n tcpm-source-psy- (git-fixes).\n\n - USB: usblp: fix a hang in poll() if disconnected\n (git-fixes).\n\n - USB: xhci: do not perform Soft Retry for some xHCI hosts\n (git-fixes).\n\n - USB: xhci: Fix ASMedia ASM1042A and ASM3242 DMA\n addressing (git-fixes).\n\n - USB: xhci-mtk: fix broken streams issue on 0.96 xHCI\n (git-fixes).\n\n - use __netdev_notify_peers in ibmvnic (bsc#1183871\n ltc#192139).\n\n - video: fbdev: acornfb: remove free_unused_pages()\n (bsc#1152489)\n\n - video: hyperv_fb: Fix a double free in hvfb_probe\n (git-fixes).\n\n - VMCI: Use set_page_dirty_lock() when unregistering guest\n memory (git-fixes).\n\n - vt/consolemap: do font sum unsigned (git-fixes).\n\n - watchdog: mei_wdt: request stop on unregister\n (git-fixes).\n\n - wireguard: device: do not generate ICMP for non-IP\n packets (git-fixes).\n\n - wireguard: kconfig: use arm chacha even with no neon\n (git-fixes).\n\n - wireguard: selftests: test multiple parallel streams\n (git-fixes).\n\n - wlcore: Fix command execute failure 19 for wl12xx\n (git-fixes).\n\n - x86/fsgsbase/64: Fix NULL deref in 86_fsgsbase_read_task\n (bsc#1152489).\n\n - x86: Introduce TS_COMPAT_RESTART to fix\n get_nr_restart_syscall() (bsc#1152489).\n\n - x86/ioapic: Ignore IRQ2 again (bsc#1152489).\n\n - x86/mem_encrypt: Correct physical address calculation in\n __set_clr_pte_enc() (bsc#1152489).\n\n - xen/events: avoid handling the same event on two cpus at\n the same time (git-fixes).\n\n - xen/events: do not unmask an event channel when an eoi\n is pending (git-fixes).\n\n - xen/events: fix setting irq affinity (bsc#1184583).\n\n - xen/events: reset affinity of 2-level event when tearing\n it down (git-fixes).\n\n - xen/gnttab: handle p2m update errors on a per-slot basis\n (bsc#1183022 XSA-367).\n\n - xen-netback: respect gnttab_map_refs()'s return value\n (bsc#1183022 XSA-367).\n\n - xfs: group quota should return EDQUOT when prj quota\n enabled (bsc#1180980).\n\n - xhci: Fix repeated xhci wake after suspend due to\n uncleared internal wake state (git-fixes).\n\n - xhci: Improve detection of device initiated wake signal\n (git-fixes).\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update\nproject.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1047233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1113295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1153274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1155518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1156256\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1159280\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1160634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1167773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1168777\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177326\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178181\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1180197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1180980\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181383\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181862\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182077\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182552\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182712\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182989\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183277\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183280\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183281\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183287\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183288\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183366\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183369\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183412\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183416\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183501\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183530\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183750\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183757\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183859\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1183871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184176\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184194\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184218\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184219\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184220\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184224\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184583\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1184647\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected the Linux Kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28660\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-18814\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cluster-md-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cluster-md-kmp-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cluster-md-kmp-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dlm-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dlm-kmp-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dlm-kmp-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gfs2-kmp-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gfs2-kmp-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt_debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt_debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt_debug-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-rt_debug-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ocfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ocfs2-kmp-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ocfs2-kmp-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:reiserfs-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:reiserfs-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:reiserfs-kmp-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:reiserfs-kmp-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"cluster-md-kmp-rt-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"cluster-md-kmp-rt-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"cluster-md-kmp-rt_debug-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"cluster-md-kmp-rt_debug-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"dlm-kmp-rt-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"dlm-kmp-rt-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"dlm-kmp-rt_debug-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"dlm-kmp-rt_debug-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"gfs2-kmp-rt-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"gfs2-kmp-rt-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"gfs2-kmp-rt_debug-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"gfs2-kmp-rt_debug-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-devel-rt-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt-debugsource-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt-devel-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt-devel-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt-extra-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt-extra-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt_debug-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt_debug-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt_debug-debugsource-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt_debug-devel-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt_debug-devel-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt_debug-extra-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-rt_debug-extra-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-source-rt-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-syms-rt-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kselftests-kmp-rt-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kselftests-kmp-rt-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kselftests-kmp-rt_debug-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kselftests-kmp-rt_debug-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ocfs2-kmp-rt-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ocfs2-kmp-rt-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ocfs2-kmp-rt_debug-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ocfs2-kmp-rt_debug-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"reiserfs-kmp-rt-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"reiserfs-kmp-rt-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"reiserfs-kmp-rt_debug-5.3.18-lp152.3.8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"reiserfs-kmp-rt_debug-debuginfo-5.3.18-lp152.3.8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cluster-md-kmp-rt / cluster-md-kmp-rt-debuginfo / dlm-kmp-rt / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-23T15:27:59", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service, or information leaks.\n\nThis update is not yet available for the armel (ARM EABI soft-float) architecture.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including Linux's mac80211, did not correctly implement reassembly of fragmented packets. In some circumstances, an attacker within range of a network could exploit these flaws to forge arbitrary packets and/or to access sensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including Linux's mac80211, did not authenticate the 'is aggregated' packet header flag. An attacker within range of a network could exploit this to forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (&#x5C39;&#x4EAE;) of TenCent discovered several reference counting bugs in the NFC LLCP implementation which could lead to use-after-free. A local user could exploit these for denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered that the original fixes for these introduced a new bug that could result in use-after-free and double-free. This has also been fixed.\n\nCVE-2020-25672\n\nkiyin (&#x5C39;&#x4EAE;) of TenCent discovered a memory leak in the NFC LLCP implementation. A local user could exploit this for denial of service (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations, including Linux's mac80211. When operating in AP mode, they would forward EAPOL frames from one client to another while the sender was not yet authenticated. An attacker within range of a network could use this for denial of service or as an aid to exploiting other vulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth Passkey authentication method, and in Linux's implementation of it. An attacker within range of two Bluetooth devices while they pair using Passkey authentication could exploit this to obtain the shared secret (Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory management. A parent and child process initially share all their memory, but when either writes to a shared page, the page is duplicated and unshared (copy-on-write). However, in case an operation such as vmsplice() required the kernel to take an additional reference to a shared page, and a copy-on-write occurs during this operation, the kernel might have accessed the wrong process's memory. For some programs, this could lead to an information leak or data corruption.\n\nCVE-2020-36322, CVE-2021-28950\n\nThe syzbot tool found that the FUSE (filesystem-in-user-space) implementation did not correctly handle a FUSE server returning invalid attributes for a file. A local user permitted to run a FUSE server could use this to cause a denial of service (crash).\n\nThe original fix for this introduced a different potential denial of service (infinite loop in kernel space), which has also been fixed.\n\nCVE-2021-3428\n\nWolfgang Frisch reported a potential integer overflow in the ext4 filesystem driver. A user permitted to mount arbitrary filesystem images could use this to cause a denial of service (crash).\n\nCVE-2021-3483\n\n&#x9A6C;&#x54F2;&#x5B87; (Zheyu Ma) reported a bug in the 'nosy' driver for TI PCILynx FireWire controllers, which could lead to list corruption and a use-after-free. On a system that uses this driver, local users granted access to /dev/nosy could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth subsystem that could lead to a use-after-free or double-free. A local user could exploit these to caue a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer dereference in the NFC LLCP implementation. A local user could use this to cause a denial of service (crash).\n\nCVE-2021-20292\n\nIt was discovered that the TTM buffer allocation API used by GPU drivers did not handle allocation failures in the way that most drivers expected, resulting in a double-free on failure. A local user on a system using one of these drivers could possibly exploit this to cause a denial of service (crash or memory corruption) or for privilege escalation. The API has been changed to match driver expectations.\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP implementation, which can lead to list corruption. A local user could exploit this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-28660\n\nIt was discovered that the rtl8188eu WiFi driver did not correctly limit the length of SSIDs copied into scan results. An attacker within WiFi range could use this to cause a denial of service (crash or memory corruption) or possibly to execute code on a vulnerable system.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365) introduced a potential resource leak. A malicious guest could presumably exploit this to cause a denial of service (resource exhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can lead to an assertion failure. On systems using Btrfs, a local user could exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel PEBS. A workaround for a hardware bug on Intel CPUs codenamed 'Haswell' and earlier could lead to a NULL pointer dereference. On systems with the affected CPUs, if users are permitted to access performance events, a local user may exploit this to cause a denial of service (crash).\n\nBy default, unprivileged users do not have access to performance events, which mitigates this issue. This is controlled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64 generated incorrect branch instructions in some cases. On systems where eBPF JIT is enabled, users could exploit this to execute arbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29265\n\nThe syzbot tool found a race condition in the USB/IP host (server) implementation which can lead to a NULL pointer dereference. On a system acting as a USB/IP host, a client can exploit this to cause a denial of service (crash).\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router (qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel configurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could lead to a NULL pointer dereference during replacement of a table. A local user with CAP_NET_ADMIN capability in any user namespace could use this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user namespaces, which mitigates this issue. This is controlled by the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-30002\n\nArnd Bergmann and the syzbot tool found a memory leak in the Video4Linux (v4l) subsystem. A local user permitted to access video devices (by default, any member of the 'video' group) could exploit this to cause a denial of service (memory exhaustion).\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the device-mapper (dm) subsystem, which could lead to a heap buffer overrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any security impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead to a use-after-free. A local user could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nFor Debian 9 stretch, these problems have been fixed in version 4.9.272-1. This update additionally includes many more bug fixes from stable updates 4.9.259-4.9.272 inclusive.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-06-24T00:00:00", "type": "nessus", "title": "Debian DLA-2689-1 : linux security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-26139", "CVE-2020-26147", "CVE-2020-26558", "CVE-2020-29374", "CVE-2020-36322", "CVE-2021-0129", "CVE-2021-20292", "CVE-2021-23133", "CVE-2021-23134", "CVE-2021-26930", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-29154", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-29650", "CVE-2021-30002", "CVE-2021-31916", "CVE-2021-32399", "CVE-2021-33034", "CVE-2021-3428", "CVE-2021-3483", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3587"], "modified": "2023-01-05T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:hyperv-daemons", "p-cpe:/a:debian:debian_linux:libcpupower-dev", "p-cpe:/a:debian:debian_linux:libcpupower1", "p-cpe:/a:debian:debian_linux:libusbip-dev", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-arm", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-s390", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-x86", "p-cpe:/a:debian:debian_linux:linux-cpupower", "p-cpe:/a:debian:debian_linux:linux-doc-4.9", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips64el", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mipsel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-ppc64el", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-s390x", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-loongson-3", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-marvell", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-octeon", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-s390x", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x-dbg", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.9", "p-cpe:/a:debian:debian_linux:linux-libc-dev", "p-cpe:/a:debian:debian_linux:linux-manual-4.9", "p-cpe:/a:debian:debian_linux:linux-perf-4.9", "p-cpe:/a:debian:debian_linux:linux-source-4.9", "p-cpe:/a:debian:debian_linux:linux-support-4.9.0-9", "p-cpe:/a:debian:debian_linux:usbip", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2689.NASL", "href": "https://www.tenable.com/plugins/nessus/150985", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2689-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(150985);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/05\");\n\n script_cve_id(\"CVE-2020-24586\", \"CVE-2020-24587\", \"CVE-2020-24588\", \"CVE-2020-25670\", \"CVE-2020-25671\", \"CVE-2020-25672\", \"CVE-2020-26139\", \"CVE-2020-26147\", \"CVE-2020-26558\", \"CVE-2020-29374\", \"CVE-2020-36322\", \"CVE-2021-0129\", \"CVE-2021-20292\", \"CVE-2021-23133\", \"CVE-2021-23134\", \"CVE-2021-28660\", \"CVE-2021-28688\", \"CVE-2021-28950\", \"CVE-2021-28964\", \"CVE-2021-28971\", \"CVE-2021-29154\", \"CVE-2021-29265\", \"CVE-2021-29647\", \"CVE-2021-29650\", \"CVE-2021-30002\", \"CVE-2021-31916\", \"CVE-2021-32399\", \"CVE-2021-33034\", \"CVE-2021-3428\", \"CVE-2021-3483\", \"CVE-2021-3564\", \"CVE-2021-3573\", \"CVE-2021-3587\");\n\n script_name(english:\"Debian DLA-2689-1 : linux security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service, or information leaks.\n\nThis update is not yet available for the armel (ARM EABI soft-float)\narchitecture.\n\nCVE-2020-24586, CVE-2020-24587, CVE-2020-26147\n\nMathy Vanhoef discovered that many Wi-Fi implementations, including\nLinux's mac80211, did not correctly implement reassembly of fragmented\npackets. In some circumstances, an attacker within range of a network\ncould exploit these flaws to forge arbitrary packets and/or to access\nsensitive data on that network.\n\nCVE-2020-24588\n\nMathy Vanhoef discovered that most Wi-Fi implementations, including\nLinux's mac80211, did not authenticate the 'is aggregated' packet\nheader flag. An attacker within range of a network could exploit this\nto forge arbitrary packets on that network.\n\nCVE-2020-25670, CVE-2020-25671, CVE-2021-23134\n\nkiyin (&#x5C39;&#x4EAE;) of TenCent discovered several reference\ncounting bugs in the NFC LLCP implementation which could lead to\nuse-after-free. A local user could exploit these for denial of service\n(crash or memory corruption) or possibly for privilege escalation.\n\nNadav Markus and Or Cohen of Palo Alto Networks discovered\nthat the original fixes for these introduced a new bug that\ncould result in use-after-free and double-free. This has\nalso been fixed.\n\nCVE-2020-25672\n\nkiyin (&#x5C39;&#x4EAE;) of TenCent discovered a memory leak in the\nNFC LLCP implementation. A local user could exploit this for denial of\nservice (memory exhaustion).\n\nCVE-2020-26139\n\nMathy Vanhoef discovered that a bug in some Wi-Fi implementations,\nincluding Linux's mac80211. When operating in AP mode, they would\nforward EAPOL frames from one client to another while the sender was\nnot yet authenticated. An attacker within range of a network could use\nthis for denial of service or as an aid to exploiting other\nvulnerabilities.\n\nCVE-2020-26558, CVE-2021-0129\n\nResearchers at ANSSI discovered vulnerabilities in the Bluetooth\nPasskey authentication method, and in Linux's implementation of it. An\nattacker within range of two Bluetooth devices while they pair using\nPasskey authentication could exploit this to obtain the shared secret\n(Passkey) and then impersonate either of the devices to each other.\n\nCVE-2020-29374\n\nJann Horn of Google reported a flaw in Linux's virtual memory\nmanagement. A parent and child process initially share all their\nmemory, but when either writes to a shared page, the page is\nduplicated and unshared (copy-on-write). However, in case an operation\nsuch as vmsplice() required the kernel to take an additional reference\nto a shared page, and a copy-on-write occurs during this operation,\nthe kernel might have accessed the wrong process's memory. For some\nprograms, this could lead to an information leak or data corruption.\n\nCVE-2020-36322, CVE-2021-28950\n\nThe syzbot tool found that the FUSE (filesystem-in-user-space)\nimplementation did not correctly handle a FUSE server returning\ninvalid attributes for a file. A local user permitted to run a FUSE\nserver could use this to cause a denial of service (crash).\n\nThe original fix for this introduced a different potential\ndenial of service (infinite loop in kernel space), which has\nalso been fixed.\n\nCVE-2021-3428\n\nWolfgang Frisch reported a potential integer overflow in the ext4\nfilesystem driver. A user permitted to mount arbitrary filesystem\nimages could use this to cause a denial of service (crash).\n\nCVE-2021-3483\n\n&#x9A6C;&#x54F2;&#x5B87; (Zheyu Ma) reported a bug in the 'nosy'\ndriver for TI PCILynx FireWire controllers, which could lead to list\ncorruption and a use-after-free. On a system that uses this driver,\nlocal users granted access to /dev/nosy could exploit this to cause a\ndenial of service (crash or memory corruption) or possibly for\nprivilege escalation.\n\nCVE-2021-3564, CVE-2021-3573, CVE-2021-32399\n\nThe BlockSec team discovered several race conditions in the Bluetooth\nsubsystem that could lead to a use-after-free or double-free. A local\nuser could exploit these to caue a denial of service (crash or memory\ncorruption) or possibly for privilege escalation.\n\nCVE-2021-3587\n\nActive Defense Lab of Venustech discovered a potential NULL pointer\ndereference in the NFC LLCP implementation. A local user could use\nthis to cause a denial of service (crash).\n\nCVE-2021-20292\n\nIt was discovered that the TTM buffer allocation API used by GPU\ndrivers did not handle allocation failures in the way that most\ndrivers expected, resulting in a double-free on failure. A local user\non a system using one of these drivers could possibly exploit this to\ncause a denial of service (crash or memory corruption) or for\nprivilege escalation. The API has been changed to match driver\nexpectations.\n\nCVE-2021-23133\n\nOr Cohen of Palo Alto Networks discovered a race condition in the SCTP\nimplementation, which can lead to list corruption. A local user could\nexploit this to cause a denial of service (crash or memory corruption)\nor possibly for privilege escalation.\n\nCVE-2021-28660\n\nIt was discovered that the rtl8188eu WiFi driver did not correctly\nlimit the length of SSIDs copied into scan results. An attacker within\nWiFi range could use this to cause a denial of service (crash or\nmemory corruption) or possibly to execute code on a vulnerable system.\n\nCVE-2021-28688 (XSA-371)\n\nIt was discovered that the original fix for CVE-2021-26930 (XSA-365)\nintroduced a potential resource leak. A malicious guest could\npresumably exploit this to cause a denial of service (resource\nexhaustion) within the host.\n\nCVE-2021-28964\n\nZygo Blaxell reported a race condition in the Btrfs driver which can\nlead to an assertion failure. On systems using Btrfs, a local user\ncould exploit this to cause a denial of service (crash).\n\nCVE-2021-28971\n\nVince Weaver reported a bug in the performance event handler for Intel\nPEBS. A workaround for a hardware bug on Intel CPUs codenamed\n'Haswell' and earlier could lead to a NULL pointer dereference. On\nsystems with the affected CPUs, if users are permitted to access\nperformance events, a local user may exploit this to cause a denial of\nservice (crash).\n\nBy default, unprivileged users do not have access to\nperformance events, which mitigates this issue. This is\ncontrolled by the kernel.perf_event_paranoid sysctl.\n\nCVE-2021-29154\n\nIt was discovered that the Extended BPF (eBPF) JIT compiler for x86_64\ngenerated incorrect branch instructions in some cases. On systems\nwhere eBPF JIT is enabled, users could exploit this to execute\narbitrary code in the kernel.\n\nBy default, eBPF JIT is disabled, mitigating this issue.\nThis is controlled by the net.core.bpf_jit_enable sysctl.\n\nCVE-2021-29265\n\nThe syzbot tool found a race condition in the USB/IP host (server)\nimplementation which can lead to a NULL pointer dereference. On a\nsystem acting as a USB/IP host, a client can exploit this to cause a\ndenial of service (crash).\n\nCVE-2021-29647\n\nThe syzbot tool found an information leak in the Qualcomm IPC Router\n(qrtr) implementation.\n\nThis protocol is not enabled in Debian's official kernel\nconfigurations.\n\nCVE-2021-29650\n\nIt was discovered that a data race in the netfilter subsystem could\nlead to a NULL pointer dereference during replacement of a table. A\nlocal user with CAP_NET_ADMIN capability in any user namespace could\nuse this to cause a denial of service (crash).\n\nBy default, unprivileged users cannot create user\nnamespaces, which mitigates this issue. This is controlled\nby the kernel.unprivileged_userns_clone sysctl.\n\nCVE-2021-30002\n\nArnd Bergmann and the syzbot tool found a memory leak in the\nVideo4Linux (v4l) subsystem. A local user permitted to access video\ndevices (by default, any member of the 'video' group) could exploit\nthis to cause a denial of service (memory exhaustion).\n\nCVE-2021-31916\n\nDan Carpenter reported incorrect parameter validation in the\ndevice-mapper (dm) subsystem, which could lead to a heap buffer\noverrun. However, only users with CAP_SYS_ADMIN capability (i.e.\nroot-equivalent) could trigger this bug, so it did not have any\nsecurity impact in this kernel version.\n\nCVE-2021-33034\n\nThe syzbot tool found a bug in the Bluetooth subsystem that could lead\nto a use-after-free. A local user could use this to cause a denial of\nservice (crash or memory corruption) or possibly for privilege\nescalation.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.9.272-1. This update additionally includes many more bug fixes from\nstable updates 4.9.259-4.9.272 inclusive.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security\ntracker page at: https://security-tracker.debian.org/tracker/linux\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28660\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:hyperv-daemons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libusbip-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-cpupower\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips64el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mipsel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-ppc64el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-manual-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.9.0-9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usbip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/06/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"hyperv-daemons\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower1\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libusbip-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-arm\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-s390\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-x86\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-cpupower\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-4kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-5kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armel\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armhf\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-i386\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips64el\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mipsel\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-ppc64el\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp-lpae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common-rt\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-loongson-3\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-marvell\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-octeon\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-powerpc64le\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x-dbg\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-libc-dev\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-manual-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.9.0-9\", reference:\"4.9.272-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"usbip\", reference:\"4.9.272-1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-24T15:16:32", "description": "The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509).\n\nCVE-2021-29650: Fixed an issue inside the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208).\n\nCVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations (bnc#1184942).\n\nCVE-2020-36310: Fixed an issue in arch/x86/kvm/svm/svm.c that allowed a set_memory_region_test infinite loop for certain nested page faults (bnc#1184512).\n\nCVE-2020-27673: Fixed an issue in Xen where a guest OS users could have caused a denial of service (host OS hang) via a high rate of events to dom0 (bnc#1177411, bnc#1184583).\n\nCVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bnc#1184391).\n\nCVE-2020-25673: Fixed NFC endless loops caused by repeated llcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind() (bsc#1178181).\n\nCVE-2020-36311: Fixed an issue in arch/x86/kvm/svm/sev.c that allowed attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions) (bnc#1184511).\n\nCVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a 'stall on CPU' could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211).\n\nCVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211).\n\nCVE-2021-30002: Fixed a memory leak issue when a webcam device exists (bnc#1184120).\n\nCVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl() (bsc#1184393).\n\nCVE-2021-20219: Fixed a denial of service vulnerability in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could have delayed the loop and cause a threat to the system availability (bnc#1184397).\n\nCVE-2021-28964: Fixed a race condition in fs/btrfs/ctree.c that could have caused a denial of service because of a lack of locking on an extent buffer before a cloning operation (bnc#1184193).\n\nCVE-2021-3444: Fixed the bpf verifier as it did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution (bnc#1184170).\n\nCVE-2021-28971: Fixed a potential local denial of service in intel_pmu_drain_pebs_nhm where userspace applications can cause a system crash because the PEBS status in a PEBS record is mishandled (bnc#1184196).\n\nCVE-2021-28688: Fixed XSA-365 that includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up.\nThe lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains (bnc#1183646).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store in drivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status (bnc#1184167).\n\nCVE-2021-29264: Fixed an issue in drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver that allowed attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled (bnc#1184168).\n\nCVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c where the RPA PCI Hotplug driver had a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\\0' termination (bnc#1184198).\n\nCVE-2021-29647: Fixed an issue in kernel qrtr_recvmsg in net/qrtr/qrtr.c that allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bnc#1184192).\n\nCVE-2020-27171: Fixed an issue in kernel/bpf/verifier.c that had an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bnc#1183686, bnc#1183775).\n\nCVE-2020-27170: Fixed an issue in kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. This affects pointer types that do not define a ptr_limit (bnc#1183686 bnc#1183775).\n\nCVE-2021-28660: Fixed rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing beyond the end of the ssid array (bnc#1183593).\n\nCVE-2020-35519: Update patch reference for x25 fix (bsc#1183696).\n\nCVE-2021-3428: Fixed ext4 integer overflow in ext4_es_cache_extent (bsc#1173485, bsc#1183509).\n\nCVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where a possible use after free due to improper locking could have happened.\nThis could have led to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176720).\n\nCVE-2021-28038: Fixed an issue with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931 (bnc#1183022, bnc#1183069).\n\nCVE-2020-27815: Fixed jfs array index bounds check in dbAdjTree (bsc#1179454).\n\nCVE-2021-27365: Fixed an issue inside the iSCSI data structures that does not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bnc#1182715).\n\nCVE-2021-27363: Fixed an issue with a kernel pointer leak that could have been used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables (bnc#1182716).\n\nCVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c where an unprivileged user can craft Netlink messages (bnc#1182717).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-05-14T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1596-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0433", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-25673", "CVE-2020-27170", "CVE-2020-27171", "CVE-2020-27673", "CVE-2020-27815", "CVE-2020-35519", "CVE-2020-36310", "CVE-2020-36311", "CVE-2020-36312", "CVE-2020-36322", "CVE-2021-20219", "CVE-2021-26931", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-28038", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972", "CVE-2021-29154", "CVE-2021-29155", "CVE-2021-29264", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-29650", "CVE-2021-30002", "CVE-2021-3428", "CVE-2021-3444", "CVE-2021-3483"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-1596-1.NASL", "href": "https://www.tenable.com/plugins/nessus/149491", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:1596-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149491);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2020-0433\",\n \"CVE-2020-25670\",\n \"CVE-2020-25671\",\n \"CVE-2020-25672\",\n \"CVE-2020-25673\",\n \"CVE-2020-27170\",\n \"CVE-2020-27171\",\n \"CVE-2020-27673\",\n \"CVE-2020-27815\",\n \"CVE-2020-35519\",\n \"CVE-2020-36310\",\n \"CVE-2020-36311\",\n \"CVE-2020-36312\",\n \"CVE-2020-36322\",\n \"CVE-2021-3428\",\n \"CVE-2021-3444\",\n \"CVE-2021-3483\",\n \"CVE-2021-20219\",\n \"CVE-2021-26931\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\",\n \"CVE-2021-28038\",\n \"CVE-2021-28660\",\n \"CVE-2021-28688\",\n \"CVE-2021-28950\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-28972\",\n \"CVE-2021-29154\",\n \"CVE-2021-29155\",\n \"CVE-2021-29264\",\n \"CVE-2021-29265\",\n \"CVE-2021-29647\",\n \"CVE-2021-29650\",\n \"CVE-2021-30002\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1596-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP4 LTSS kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a\nkvm_io_bus_unregister_dev memory leak upon a kmalloc failure\n(bnc#1184509).\n\nCVE-2021-29650: Fixed an issue inside the netfilter subsystem that\nallowed attackers to cause a denial of service (panic) because\nnet/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a\nfull memory barrier upon the assignment of a new table value\n(bnc#1184208).\n\nCVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that\nperformed undesirable out-of-bounds speculation on pointer arithmetic,\nleading to side-channel attacks that defeat Spectre mitigations and\nobtain sensitive information from kernel memory. Specifically, for\nsequences of pointer arithmetic operations, the pointer modification\nperformed by the first operation is not correctly accounted for when\nrestricting subsequent operations (bnc#1184942).\n\nCVE-2020-36310: Fixed an issue in arch/x86/kvm/svm/svm.c that allowed\na set_memory_region_test infinite loop for certain nested page faults\n(bnc#1184512).\n\nCVE-2020-27673: Fixed an issue in Xen where a guest OS users could\nhave caused a denial of service (host OS hang) via a high rate of\nevents to dom0 (bnc#1177411, bnc#1184583).\n\nCVE-2021-29154: Fixed BPF JIT compilers that allowed to execute\narbitrary code within the kernel context (bnc#1184391).\n\nCVE-2020-25673: Fixed NFC endless loops caused by repeated\nllcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect()\n(bsc#1178181).\n\nCVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect()\n(bsc#1178181).\n\nCVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind()\n(bsc#1178181).\n\nCVE-2020-36311: Fixed an issue in arch/x86/kvm/svm/sev.c that allowed\nattackers to cause a denial of service (soft lockup) by triggering\ndestruction of a large SEV VM (which requires unregistering many\nencrypted regions) (bnc#1184511).\n\nCVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a 'stall on\nCPU' could have occured because a retry loop continually finds the\nsame bad inode (bnc#1184194, bnc#1184211).\n\nCVE-2020-36322: Fixed an issue inside the FUSE filesystem\nimplementation where fuse_do_getattr() calls make_bad_inode() in\ninappropriate situations, could have caused a system crash. NOTE: the\noriginal fix for this vulnerability was incomplete, and its\nincompleteness is tracked as CVE-2021-28950 (bnc#1184211).\n\nCVE-2021-30002: Fixed a memory leak issue when a webcam device exists\n(bnc#1184120).\n\nCVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl()\n(bsc#1184393).\n\nCVE-2021-20219: Fixed a denial of service vulnerability in\ndrivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker\nwith a normal user privilege could have delayed the loop and cause a\nthreat to the system availability (bnc#1184397).\n\nCVE-2021-28964: Fixed a race condition in fs/btrfs/ctree.c that could\nhave caused a denial of service because of a lack of locking on an\nextent buffer before a cloning operation (bnc#1184193).\n\nCVE-2021-3444: Fixed the bpf verifier as it did not properly handle\nmod32 destination register truncation when the source register was\nknown to be 0. A local attacker with the ability to load bpf programs\ncould use this gain out-of-bounds reads in kernel memory leading to\ninformation disclosure (kernel memory), and possibly out-of-bounds\nwrites that could potentially lead to code execution (bnc#1184170).\n\nCVE-2021-28971: Fixed a potential local denial of service in\nintel_pmu_drain_pebs_nhm where userspace applications can cause a\nsystem crash because the PEBS status in a PEBS record is mishandled\n(bnc#1184196).\n\nCVE-2021-28688: Fixed XSA-365 that includes initialization of pointers\nsuch that subsequent cleanup code wouldn't use uninitialized or stale\nvalues. This initialization went too far and may under certain\nconditions also overwrite pointers which are in need of cleaning up.\nThe lack of cleanup would result in leaking persistent grants. The\nleak in turn would prevent fully cleaning up after a respective guest\nhas died, leaving around zombie domains (bnc#1183646).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store in\ndrivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial\nof service (GPF) because the stub-up sequence has race conditions\nduring an update of the local and shared status (bnc#1184167).\n\nCVE-2021-29264: Fixed an issue in\ndrivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar\nEthernet driver that allowed attackers to cause a system crash because\na negative fragment size is calculated in situations involving an rx\nqueue overrun when jumbo packets are used and NAPI is enabled\n(bnc#1184168).\n\nCVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c\nwhere the RPA PCI Hotplug driver had a user-tolerable buffer overflow\nwhen writing a new device name to the driver from userspace, allowing\nuserspace to write data to the kernel stack frame directly. This\noccurs because add_slot_store and remove_slot_store mishandle drc_name\n'\\0' termination (bnc#1184198).\n\nCVE-2021-29647: Fixed an issue in kernel qrtr_recvmsg in\nnet/qrtr/qrtr.c that allowed attackers to obtain sensitive information\nfrom kernel memory because of a partially uninitialized data structure\n(bnc#1184192).\n\nCVE-2020-27171: Fixed an issue in kernel/bpf/verifier.c that had an\noff-by-one error (with a resultant integer underflow) affecting\nout-of-bounds speculation on pointer arithmetic, leading to\nside-channel attacks that defeat Spectre mitigations and obtain\nsensitive information from kernel memory (bnc#1183686, bnc#1183775).\n\nCVE-2020-27170: Fixed an issue in kernel/bpf/verifier.c that performed\nundesirable out-of-bounds speculation on pointer arithmetic, leading\nto side-channel attacks that defeat Spectre mitigations and obtain\nsensitive information from kernel memory. This affects pointer types\nthat do not define a ptr_limit (bnc#1183686 bnc#1183775).\n\nCVE-2021-28660: Fixed rtw_wx_set_scan in\ndrivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing\nbeyond the end of the ssid array (bnc#1183593).\n\nCVE-2020-35519: Update patch reference for x25 fix (bsc#1183696).\n\nCVE-2021-3428: Fixed ext4 integer overflow in ext4_es_cache_extent\n(bsc#1173485, bsc#1183509).\n\nCVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where\na possible use after free due to improper locking could have happened.\nThis could have led to local escalation of privilege with no\nadditional execution privileges needed. User interaction is not needed\nfor exploitation (bnc#1176720).\n\nCVE-2021-28038: Fixed an issue with Xen PV. A certain part of the\nnetback driver lacks necessary treatment of errors such as failed\nmemory allocations (as a result of changes to the handling of grant\nmapping errors). A host OS denial of service may occur during\nmisbehavior of a networking frontend driver. NOTE: this issue exists\nbecause of an incomplete fix for CVE-2021-26931 (bnc#1183022,\nbnc#1183069).\n\nCVE-2020-27815: Fixed jfs array index bounds check in dbAdjTree\n(bsc#1179454).\n\nCVE-2021-27365: Fixed an issue inside the iSCSI data structures that\ndoes not have appropriate length constraints or checks, and can exceed\nthe PAGE_SIZE value. An unprivileged user can send a Netlink message\nthat is associated with iSCSI, and has a length up to the maximum\nlength of a Netlink message (bnc#1182715).\n\nCVE-2021-27363: Fixed an issue with a kernel pointer leak that could\nhave been used to determine the address of the iscsi_transport\nstructure. When an iSCSI transport is registered with the iSCSI\nsubsystem, the transport's handle is available to unprivileged users\nvia the sysfs file system, at\n/sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the\nshow_transport_handle function (in\ndrivers/scsi/scsi_transport_iscsi.c) is called, which leaks the\nhandle. This handle is actually the pointer to an iscsi_transport\nstruct in the kernel module's global variables (bnc#1182716).\n\nCVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c\nwhere an unprivileged user can craft Netlink messages (bnc#1182717).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175873\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177411\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177753\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178181\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182194\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183069\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183738\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184194\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184583\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185248\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0433/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25670/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25671/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25672/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25673/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27170/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27171/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27673/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27815/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35519/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36310/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36311/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36312/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36322/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20219/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27363/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27364/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27365/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28038/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28688/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28950/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28964/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28971/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28972/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29154/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29155/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29264/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29265/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29647/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29650/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30002/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3428/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3444/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3483/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20211596-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5a2d3ed3\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-1596=1\n\nSUSE OpenStack Cloud 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-9-2021-1596=1\n\nSUSE Linux Enterprise Server for SAP 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP4-2021-1596=1\n\nSUSE Linux Enterprise Server 12-SP4-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-1596=1\n\nSUSE Linux Enterprise Live Patching 12-SP4 :\n\nzypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-1596=1\n\nSUSE Linux Enterprise High Availability 12-SP4 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP4-2021-1596=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28660\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-95.74.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-95.74.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-4.12.14-95.74.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-base-4.12.14-95.74.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-base-debuginfo-4.12.14-95.74.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-debuginfo-4.12.14-95.74.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-debugsource-4.12.14-95.74.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-devel-4.12.14-95.74.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-syms-4.12.14-95.74.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-23T15:27:12", "description": "The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509).\n\nCVE-2021-29650: Fixed an issue inside the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208).\n\nCVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations (bnc#1184942).\n\nCVE-2020-36310: Fixed an issue in arch/x86/kvm/svm/svm.c that allowed a set_memory_region_test infinite loop for certain nested page faults (bnc#1184512).\n\nCVE-2020-27673: Fixed an issue in Xen where a guest OS users could have caused a denial of service (host OS hang) via a high rate of events to dom0 (bnc#1177411, bnc#1184583).\n\nCVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bnc#1184391).\n\nCVE-2020-25673: Fixed NFC endless loops caused by repeated llcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind() (bsc#1178181).\n\nCVE-2020-36311: Fixed an issue in arch/x86/kvm/svm/sev.c that allowed attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions) (bnc#1184511).\n\nCVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a 'stall on CPU' could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211).\n\nCVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211).\n\nCVE-2021-30002: Fixed a memory leak issue when a webcam device exists (bnc#1184120).\n\nCVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl() (bsc#1184393).\n\nCVE-2021-20219: Fixed a denial of service vulnerability in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could have delayed the loop and cause a threat to the system availability (bnc#1184397).\n\nCVE-2021-28964: Fixed a race condition in fs/btrfs/ctree.c that could have caused a denial of service because of a lack of locking on an extent buffer before a cloning operation (bnc#1184193).\n\nCVE-2021-3444: Fixed the bpf verifier as it did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution (bnc#1184170).\n\nCVE-2021-28971: Fixed a potential local denial of service in intel_pmu_drain_pebs_nhm where userspace applications can cause a system crash because the PEBS status in a PEBS record is mishandled (bnc#1184196).\n\nCVE-2021-28688: Fixed XSA-365 that includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up.\nThe lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains (bnc#1183646).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store in drivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status (bnc#1184167).\n\nCVE-2021-29264: Fixed an issue in drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver that allowed attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled (bnc#1184168).\n\nCVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c where the RPA PCI Hotplug driver had a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\\0' termination (bnc#1184198).\n\nCVE-2021-29647: Fixed an issue in kernel qrtr_recvmsg in net/qrtr/qrtr.c that allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bnc#1184192).\n\nCVE-2020-27171: Fixed an issue in kernel/bpf/verifier.c that had an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bnc#1183686, bnc#1183775).\n\nCVE-2020-27170: Fixed an issue in kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. This affects pointer types that do not define a ptr_limit (bnc#1183686 bnc#1183775).\n\nCVE-2021-28660: Fixed rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing beyond the end of the ssid array (bnc#1183593).\n\nCVE-2020-35519: Update patch reference for x25 fix (bsc#1183696).\n\nCVE-2021-3428: Fixed ext4 integer overflow in ext4_es_cache_extent (bsc#1173485, bsc#1183509).\n\nCVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where a possible use after free due to improper locking could have happened.\nThis could have led to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176720).\n\nCVE-2021-28038: Fixed an issue with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931 (bnc#1183022, bnc#1183069).\n\nCVE-2020-27815: Fixed jfs array index bounds check in dbAdjTree (bsc#1179454).\n\nCVE-2021-27365: Fixed an issue inside the iSCSI data structures that does not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bnc#1182715).\n\nCVE-2021-27363: Fixed an issue with a kernel pointer leak that could have been used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables (bnc#1182716).\n\nCVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c where an unprivileged user can craft Netlink messages (bnc#1182717).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-05-13T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1573-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0433", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-25673", "CVE-2020-27170", "CVE-2020-27171", "CVE-2020-27673", "CVE-2020-27815", "CVE-2020-35519", "CVE-2020-36310", "CVE-2020-36311", "CVE-2020-36312", "CVE-2020-36322", "CVE-2021-20219", "CVE-2021-26931", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-28038", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972", "CVE-2021-29154", "CVE-2021-29155", "CVE-2021-29264", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-29650", "CVE-2021-30002", "CVE-2021-3428", "CVE-2021-3444", "CVE-2021-3483"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-1573-1.NASL", "href": "https://www.tenable.com/plugins/nessus/149462", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:1573-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149462);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2020-0433\",\n \"CVE-2020-25670\",\n \"CVE-2020-25671\",\n \"CVE-2020-25672\",\n \"CVE-2020-25673\",\n \"CVE-2020-27170\",\n \"CVE-2020-27171\",\n \"CVE-2020-27673\",\n \"CVE-2020-27815\",\n \"CVE-2020-35519\",\n \"CVE-2020-36310\",\n \"CVE-2020-36311\",\n \"CVE-2020-36312\",\n \"CVE-2020-36322\",\n \"CVE-2021-3428\",\n \"CVE-2021-3444\",\n \"CVE-2021-3483\",\n \"CVE-2021-20219\",\n \"CVE-2021-26931\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\",\n \"CVE-2021-28038\",\n \"CVE-2021-28660\",\n \"CVE-2021-28688\",\n \"CVE-2021-28950\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-28972\",\n \"CVE-2021-29154\",\n \"CVE-2021-29155\",\n \"CVE-2021-29264\",\n \"CVE-2021-29265\",\n \"CVE-2021-29647\",\n \"CVE-2021-29650\",\n \"CVE-2021-30002\"\n );\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1573-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a\nkvm_io_bus_unregister_dev memory leak upon a kmalloc failure\n(bnc#1184509).\n\nCVE-2021-29650: Fixed an issue inside the netfilter subsystem that\nallowed attackers to cause a denial of service (panic) because\nnet/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a\nfull memory barrier upon the assignment of a new table value\n(bnc#1184208).\n\nCVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that\nperformed undesirable out-of-bounds speculation on pointer arithmetic,\nleading to side-channel attacks that defeat Spectre mitigations and\nobtain sensitive information from kernel memory. Specifically, for\nsequences of pointer arithmetic operations, the pointer modification\nperformed by the first operation is not correctly accounted for when\nrestricting subsequent operations (bnc#1184942).\n\nCVE-2020-36310: Fixed an issue in arch/x86/kvm/svm/svm.c that allowed\na set_memory_region_test infinite loop for certain nested page faults\n(bnc#1184512).\n\nCVE-2020-27673: Fixed an issue in Xen where a guest OS users could\nhave caused a denial of service (host OS hang) via a high rate of\nevents to dom0 (bnc#1177411, bnc#1184583).\n\nCVE-2021-29154: Fixed BPF JIT compilers that allowed to execute\narbitrary code within the kernel context (bnc#1184391).\n\nCVE-2020-25673: Fixed NFC endless loops caused by repeated\nllcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect()\n(bsc#1178181).\n\nCVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect()\n(bsc#1178181).\n\nCVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind()\n(bsc#1178181).\n\nCVE-2020-36311: Fixed an issue in arch/x86/kvm/svm/sev.c that allowed\nattackers to cause a denial of service (soft lockup) by triggering\ndestruction of a large SEV VM (which requires unregistering many\nencrypted regions) (bnc#1184511).\n\nCVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a 'stall on\nCPU' could have occured because a retry loop continually finds the\nsame bad inode (bnc#1184194, bnc#1184211).\n\nCVE-2020-36322: Fixed an issue inside the FUSE filesystem\nimplementation where fuse_do_getattr() calls make_bad_inode() in\ninappropriate situations, could have caused a system crash. NOTE: the\noriginal fix for this vulnerability was incomplete, and its\nincompleteness is tracked as CVE-2021-28950 (bnc#1184211).\n\nCVE-2021-30002: Fixed a memory leak issue when a webcam device exists\n(bnc#1184120).\n\nCVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl()\n(bsc#1184393).\n\nCVE-2021-20219: Fixed a denial of service vulnerability in\ndrivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker\nwith a normal user privilege could have delayed the loop and cause a\nthreat to the system availability (bnc#1184397).\n\nCVE-2021-28964: Fixed a race condition in fs/btrfs/ctree.c that could\nhave caused a denial of service because of a lack of locking on an\nextent buffer before a cloning operation (bnc#1184193).\n\nCVE-2021-3444: Fixed the bpf verifier as it did not properly handle\nmod32 destination register truncation when the source register was\nknown to be 0. A local attacker with the ability to load bpf programs\ncould use this gain out-of-bounds reads in kernel memory leading to\ninformation disclosure (kernel memory), and possibly out-of-bounds\nwrites that could potentially lead to code execution (bnc#1184170).\n\nCVE-2021-28971: Fixed a potential local denial of service in\nintel_pmu_drain_pebs_nhm where userspace applications can cause a\nsystem crash because the PEBS status in a PEBS record is mishandled\n(bnc#1184196).\n\nCVE-2021-28688: Fixed XSA-365 that includes initialization of pointers\nsuch that subsequent cleanup code wouldn't use uninitialized or stale\nvalues. This initialization went too far and may under certain\nconditions also overwrite pointers which are in need of cleaning up.\nThe lack of cleanup would result in leaking persistent grants. The\nleak in turn would prevent fully cleaning up after a respective guest\nhas died, leaving around zombie domains (bnc#1183646).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store in\ndrivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial\nof service (GPF) because the stub-up sequence has race conditions\nduring an update of the local and shared status (bnc#1184167).\n\nCVE-2021-29264: Fixed an issue in\ndrivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar\nEthernet driver that allowed attackers to cause a system crash because\na negative fragment size is calculated in situations involving an rx\nqueue overrun when jumbo packets are used and NAPI is enabled\n(bnc#1184168).\n\nCVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c\nwhere the RPA PCI Hotplug driver had a user-tolerable buffer overflow\nwhen writing a new device name to the driver from userspace, allowing\nuserspace to write data to the kernel stack frame directly. This\noccurs because add_slot_store and remove_slot_store mishandle drc_name\n'\\0' termination (bnc#1184198).\n\nCVE-2021-29647: Fixed an issue in kernel qrtr_recvmsg in\nnet/qrtr/qrtr.c that allowed attackers to obtain sensitive information\nfrom kernel memory because of a partially uninitialized data structure\n(bnc#1184192).\n\nCVE-2020-27171: Fixed an issue in kernel/bpf/verifier.c that had an\noff-by-one error (with a resultant integer underflow) affecting\nout-of-bounds speculation on pointer arithmetic, leading to\nside-channel attacks that defeat Spectre mitigations and obtain\nsensitive information from kernel memory (bnc#1183686, bnc#1183775).\n\nCVE-2020-27170: Fixed an issue in kernel/bpf/verifier.c that performed\nundesirable out-of-bounds speculation on pointer arithmetic, leading\nto side-channel attacks that defeat Spectre mitigations and obtain\nsensitive information from kernel memory. This affects pointer types\nthat do not define a ptr_limit (bnc#1183686 bnc#1183775).\n\nCVE-2021-28660: Fixed rtw_wx_set_scan in\ndrivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing\nbeyond the end of the ssid array (bnc#1183593).\n\nCVE-2020-35519: Update patch reference for x25 fix (bsc#1183696).\n\nCVE-2021-3428: Fixed ext4 integer overflow in ext4_es_cache_extent\n(bsc#1173485, bsc#1183509).\n\nCVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where\na possible use after free due to improper locking could have happened.\nThis could have led to local escalation of privilege with no\nadditional execution privileges needed. User interaction is not needed\nfor exploitation (bnc#1176720).\n\nCVE-2021-28038: Fixed an issue with Xen PV. A certain part of the\nnetback driver lacks necessary treatment of errors such as failed\nmemory allocations (as a result of changes to the handling of grant\nmapping errors). A host OS denial of service may occur during\nmisbehavior of a networking frontend driver. NOTE: this issue exists\nbecause of an incomplete fix for CVE-2021-26931 (bnc#1183022,\nbnc#1183069).\n\nCVE-2020-27815: Fixed jfs array index bounds check in dbAdjTree\n(bsc#1179454).\n\nCVE-2021-27365: Fixed an issue inside the iSCSI data structures that\ndoes not have appropriate length constraints or checks, and can exceed\nthe PAGE_SIZE value. An unprivileged user can send a Netlink message\nthat is associated with iSCSI, and has a length up to the maximum\nlength of a Netlink message (bnc#1182715).\n\nCVE-2021-27363: Fixed an issue with a kernel pointer leak that could\nhave been used to determine the address of the iscsi_transport\nstructure. When an iSCSI transport is registered with the iSCSI\nsubsystem, the transport's handle is available to unprivileged users\nvia the sysfs file system, at\n/sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the\nshow_transport_handle function (in\ndrivers/scsi/scsi_transport_iscsi.c) is called, which leaks the\nhandle. This handle is actually the pointer to an iscsi_transport\nstruct in the kernel module's global variables (bnc#1182716).\n\nCVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c\nwhere an unprivileged user can craft Netlink messages (bnc#1182717).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177411\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178181\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183069\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184194\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184583\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185248\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0433/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25670/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25671/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25672/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25673/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27170/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27171/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27673/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27815/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35519/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36310/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36311/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36312/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36322/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20219/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27363/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27364/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27365/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28038/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28688/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28950/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28964/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28971/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28972/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29154/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29155/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29264/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29265/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29647/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29650/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30002/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3428/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3444/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3483/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20211573-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?78e5e7d1\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 15 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-1573=1\n\nSUSE Linux Enterprise Server 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-2021-1573=1\n\nSUSE Linux Enterprise Module for Live Patching 15 :\n\nzypper in -t patch SUSE-SLE-Module-Live-Patching-15-2021-1573=1\n\nSUSE Linux Enterprise High Performance Computing 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2021-1573=1\n\nSUSE Linux Enterprise High Performance Computing 15-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2021-1573=1\n\nSUSE Linux Enterprise High Availability 15 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-2021-1573=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28660\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"s390x\") audit(AUDIT_ARCH_NOT, \"s390x\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-4.12.14-150.72.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-base-4.12.14-150.72.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-debuginfo-4.12.14-150.72.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-debugsource-4.12.14-150.72.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-devel-4.12.14-150.72.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-devel-debuginfo-4.12.14-150.72.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-150.72.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-obs-build-4.12.14-150.72.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-obs-build-debugsource-4.12.14-150.72.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-syms-4.12.14-150.72.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-vanilla-base-4.12.14-150.72.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-150.72.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-vanilla-debuginfo-4.12.14-150.72.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-vanilla-debugsource-4.12.14-150.72.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-150.72.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-150.72.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"reiserfs-kmp-default-4.12.14-150.72.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"reiserfs-kmp-default-debuginfo-4.12.14-150.72.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-23T15:26:26", "description": "The SUSE Linux Enterprise 15 SP1 LTSS kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure (bnc#1184509).\n\nCVE-2021-29650: Fixed an issue inside the netfilter subsystem that allowed attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value (bnc#1184208).\n\nCVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations (bnc#1184942).\n\nCVE-2020-36310: Fixed an issue in arch/x86/kvm/svm/svm.c that allowed a set_memory_region_test infinite loop for certain nested page faults (bnc#1184512).\n\nCVE-2020-27673: Fixed an issue in Xen where a guest OS users could have caused a denial of service (host OS hang) via a high rate of events to dom0 (bnc#1177411, bnc#1184583).\n\nCVE-2021-29154: Fixed BPF JIT compilers that allowed to execute arbitrary code within the kernel context (bnc#1184391).\n\nCVE-2020-25673: Fixed NFC endless loops caused by repeated llcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind() (bsc#1178181).\n\nCVE-2020-36311: Fixed an issue in arch/x86/kvm/svm/sev.c that allowed attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions) (bnc#1184511).\n\nCVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a 'stall on CPU' could have occured because a retry loop continually finds the same bad inode (bnc#1184194, bnc#1184211).\n\nCVE-2020-36322: Fixed an issue inside the FUSE filesystem implementation where fuse_do_getattr() calls make_bad_inode() in inappropriate situations, could have caused a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950 (bnc#1184211).\n\nCVE-2021-30002: Fixed a memory leak issue when a webcam device exists (bnc#1184120).\n\nCVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl() (bsc#1184393).\n\nCVE-2021-20219: Fixed a denial of service vulnerability in drivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker with a normal user privilege could have delayed the loop and cause a threat to the system availability (bnc#1184397).\n\nCVE-2021-28964: Fixed a race condition in fs/btrfs/ctree.c that could have caused a denial of service because of a lack of locking on an extent buffer before a cloning operation (bnc#1184193).\n\nCVE-2021-3444: Fixed the bpf verifier as it did not properly handle mod32 destination register truncation when the source register was known to be 0. A local attacker with the ability to load bpf programs could use this gain out-of-bounds reads in kernel memory leading to information disclosure (kernel memory), and possibly out-of-bounds writes that could potentially lead to code execution (bnc#1184170).\n\nCVE-2021-28971: Fixed a potential local denial of service in intel_pmu_drain_pebs_nhm where userspace applications can cause a system crash because the PEBS status in a PEBS record is mishandled (bnc#1184196).\n\nCVE-2021-28688: Fixed XSA-365 that includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up.\nThe lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains (bnc#1183646).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store in drivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status (bnc#1184167).\n\nCVE-2021-29264: Fixed an issue in drivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar Ethernet driver that allowed attackers to cause a system crash because a negative fragment size is calculated in situations involving an rx queue overrun when jumbo packets are used and NAPI is enabled (bnc#1184168).\n\nCVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c where the RPA PCI Hotplug driver had a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\\0' termination (bnc#1184198).\n\nCVE-2021-29647: Fixed an issue in kernel qrtr_recvmsg in net/qrtr/qrtr.c that allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bnc#1184192).\n\nCVE-2020-27171: Fixed an issue in kernel/bpf/verifier.c that had an off-by-one error (with a resultant integer underflow) affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bnc#1183686, bnc#1183775).\n\nCVE-2020-27170: Fixed an issue in kernel/bpf/verifier.c that performed undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. This affects pointer types that do not define a ptr_limit (bnc#1183686 bnc#1183775).\n\nCVE-2021-28660: Fixed rtw_wx_set_scan in drivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing beyond the end of the ssid array (bnc#1183593).\n\nCVE-2020-35519: Update patch reference for x25 fix (bsc#1183696).\n\nCVE-2021-3428: Fixed ext4 integer overflow in ext4_es_cache_extent (bsc#1173485, bsc#1183509).\n\nCVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where a possible use after free due to improper locking could have happened.\nThis could have led to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1176720).\n\nCVE-2021-28038: Fixed an issue with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931 (bnc#1183022, bnc#1183069).\n\nCVE-2020-27815: Fixed jfs array index bounds check in dbAdjTree (bsc#1179454).\n\nCVE-2021-27365: Fixed an issue inside the iSCSI data structures that does not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bnc#1182715).\n\nCVE-2021-27363: Fixed an issue with a kernel pointer leak that could have been used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables (bnc#1182716).\n\nCVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c where an unprivileged user can craft Netlink messages (bnc#1182717).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-05-19T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1624-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0433", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-25673", "CVE-2020-27170", "CVE-2020-27171", "CVE-2020-27673", "CVE-2020-27815", "CVE-2020-35519", "CVE-2020-36310", "CVE-2020-36311", "CVE-2020-36312", "CVE-2020-36322", "CVE-2021-20219", "CVE-2021-26931", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-28038", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28950", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972", "CVE-2021-29154", "CVE-2021-29155", "CVE-2021-29264", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-29650", "CVE-2021-30002", "CVE-2021-3428", "CVE-2021-3444", "CVE-2021-3483"], "modified": "2023-03-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-1624-1.NASL", "href": "https://www.tenable.com/plugins/nessus/149717", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:1624-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149717);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/23\");\n\n script_cve_id(\n \"CVE-2020-0433\",\n \"CVE-2020-25670\",\n \"CVE-2020-25671\",\n \"CVE-2020-25672\",\n \"CVE-2020-25673\",\n \"CVE-2020-27170\",\n \"CVE-2020-27171\",\n \"CVE-2020-27673\",\n \"CVE-2020-27815\",\n \"CVE-2020-35519\",\n \"CVE-2020-36310\",\n \"CVE-2020-36311\",\n \"CVE-2020-36312\",\n \"CVE-2020-36322\",\n \"CVE-2021-3428\",\n \"CVE-2021-3444\",\n \"CVE-2021-3483\",\n \"CVE-2021-20219\",\n \"CVE-2021-26931\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\",\n \"CVE-2021-28038\",\n \"CVE-2021-28660\",\n \"CVE-2021-28688\",\n \"CVE-2021-28950\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-28972\",\n \"CVE-2021-29154\",\n \"CVE-2021-29155\",\n \"CVE-2021-29264\",\n \"CVE-2021-29265\",\n \"CVE-2021-29647\",\n \"CVE-2021-29650\",\n \"CVE-2021-30002\"\n );\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2021:1624-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP1 LTSS kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-36312: Fixed an issue in virt/kvm/kvm_main.c that had a\nkvm_io_bus_unregister_dev memory leak upon a kmalloc failure\n(bnc#1184509).\n\nCVE-2021-29650: Fixed an issue inside the netfilter subsystem that\nallowed attackers to cause a denial of service (panic) because\nnet/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a\nfull memory barrier upon the assignment of a new table value\n(bnc#1184208).\n\nCVE-2021-29155: Fixed an issue within kernel/bpf/verifier.c that\nperformed undesirable out-of-bounds speculation on pointer arithmetic,\nleading to side-channel attacks that defeat Spectre mitigations and\nobtain sensitive information from kernel memory. Specifically, for\nsequences of pointer arithmetic operations, the pointer modification\nperformed by the first operation is not correctly accounted for when\nrestricting subsequent operations (bnc#1184942).\n\nCVE-2020-36310: Fixed an issue in arch/x86/kvm/svm/svm.c that allowed\na set_memory_region_test infinite loop for certain nested page faults\n(bnc#1184512).\n\nCVE-2020-27673: Fixed an issue in Xen where a guest OS users could\nhave caused a denial of service (host OS hang) via a high rate of\nevents to dom0 (bnc#1177411, bnc#1184583).\n\nCVE-2021-29154: Fixed BPF JIT compilers that allowed to execute\narbitrary code within the kernel context (bnc#1184391).\n\nCVE-2020-25673: Fixed NFC endless loops caused by repeated\nllcp_sock_connect() (bsc#1178181).\n\nCVE-2020-25672: Fixed NFC memory leak in llcp_sock_connect()\n(bsc#1178181).\n\nCVE-2020-25671: Fixed NFC refcount leak in llcp_sock_connect()\n(bsc#1178181).\n\nCVE-2020-25670: Fixed NFC refcount leak in llcp_sock_bind()\n(bsc#1178181).\n\nCVE-2020-36311: Fixed an issue in arch/x86/kvm/svm/sev.c that allowed\nattackers to cause a denial of service (soft lockup) by triggering\ndestruction of a large SEV VM (which requires unregistering many\nencrypted regions) (bnc#1184511).\n\nCVE-2021-28950: Fixed an issue in fs/fuse/fuse_i.h where a 'stall on\nCPU' could have occured because a retry loop continually finds the\nsame bad inode (bnc#1184194, bnc#1184211).\n\nCVE-2020-36322: Fixed an issue inside the FUSE filesystem\nimplementation where fuse_do_getattr() calls make_bad_inode() in\ninappropriate situations, could have caused a system crash. NOTE: the\noriginal fix for this vulnerability was incomplete, and its\nincompleteness is tracked as CVE-2021-28950 (bnc#1184211).\n\nCVE-2021-30002: Fixed a memory leak issue when a webcam device exists\n(bnc#1184120).\n\nCVE-2021-3483: Fixed a use-after-free bug in nosy_ioctl()\n(bsc#1184393).\n\nCVE-2021-20219: Fixed a denial of service vulnerability in\ndrivers/tty/n_tty.c of the Linux kernel. In this flaw a local attacker\nwith a normal user privilege could have delayed the loop and cause a\nthreat to the system availability (bnc#1184397).\n\nCVE-2021-28964: Fixed a race condition in fs/btrfs/ctree.c that could\nhave caused a denial of service because of a lack of locking on an\nextent buffer before a cloning operation (bnc#1184193).\n\nCVE-2021-3444: Fixed the bpf verifier as it did not properly handle\nmod32 destination register truncation when the source register was\nknown to be 0. A local attacker with the ability to load bpf programs\ncould use this gain out-of-bounds reads in kernel memory leading to\ninformation disclosure (kernel memory), and possibly out-of-bounds\nwrites that could potentially lead to code execution (bnc#1184170).\n\nCVE-2021-28971: Fixed a potential local denial of service in\nintel_pmu_drain_pebs_nhm where userspace applications can cause a\nsystem crash because the PEBS status in a PEBS record is mishandled\n(bnc#1184196).\n\nCVE-2021-28688: Fixed XSA-365 that includes initialization of pointers\nsuch that subsequent cleanup code wouldn't use uninitialized or stale\nvalues. This initialization went too far and may under certain\nconditions also overwrite pointers which are in need of cleaning up.\nThe lack of cleanup would result in leaking persistent grants. The\nleak in turn would prevent fully cleaning up after a respective guest\nhas died, leaving around zombie domains (bnc#1183646).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store in\ndrivers/usb/usbip/stub_dev.c that allowed attackers to cause a denial\nof service (GPF) because the stub-up sequence has race conditions\nduring an update of the local and shared status (bnc#1184167).\n\nCVE-2021-29264: Fixed an issue in\ndrivers/net/ethernet/freescale/gianfar.c in the Freescale Gianfar\nEthernet driver that allowed attackers to cause a system crash because\na negative fragment size is calculated in situations involving an rx\nqueue overrun when jumbo packets are used and NAPI is enabled\n(bnc#1184168).\n\nCVE-2021-28972: Fixed an issue in drivers/pci/hotplug/rpadlpar_sysfs.c\nwhere the RPA PCI Hotplug driver had a user-tolerable buffer overflow\nwhen writing a new device name to the driver from userspace, allowing\nuserspace to write data to the kernel stack frame directly. This\noccurs because add_slot_store and remove_slot_store mishandle drc_name\n'\\0' termination (bnc#1184198).\n\nCVE-2021-29647: Fixed an issue in kernel qrtr_recvmsg in\nnet/qrtr/qrtr.c that allowed attackers to obtain sensitive information\nfrom kernel memory because of a partially uninitialized data structure\n(bnc#1184192).\n\nCVE-2020-27171: Fixed an issue in kernel/bpf/verifier.c that had an\noff-by-one error (with a resultant integer underflow) affecting\nout-of-bounds speculation on pointer arithmetic, leading to\nside-channel attacks that defeat Spectre mitigations and obtain\nsensitive information from kernel memory (bnc#1183686, bnc#1183775).\n\nCVE-2020-27170: Fixed an issue in kernel/bpf/verifier.c that performed\nundesirable out-of-bounds speculation on pointer arithmetic, leading\nto side-channel attacks that defeat Spectre mitigations and obtain\nsensitive information from kernel memory. This affects pointer types\nthat do not define a ptr_limit (bnc#1183686 bnc#1183775).\n\nCVE-2021-28660: Fixed rtw_wx_set_scan in\ndrivers/staging/rtl8188eu/os_dep/ioctl_linux.c that allowed writing\nbeyond the end of the ssid array (bnc#1183593).\n\nCVE-2020-35519: Update patch reference for x25 fix (bsc#1183696).\n\nCVE-2021-3428: Fixed ext4 integer overflow in ext4_es_cache_extent\n(bsc#1173485, bsc#1183509).\n\nCVE-2020-0433: Fixed blk_mq_queue_tag_busy_iter of blk-mq-tag.c, where\na possible use after free due to improper locking could have happened.\nThis could have led to local escalation of privilege with no\nadditional execution privileges needed. User interaction is not needed\nfor exploitation (bnc#1176720).\n\nCVE-2021-28038: Fixed an issue with Xen PV. A certain part of the\nnetback driver lacks necessary treatment of errors such as failed\nmemory allocations (as a result of changes to the handling of grant\nmapping errors). A host OS denial of service may occur during\nmisbehavior of a networking frontend driver. NOTE: this issue exists\nbecause of an incomplete fix for CVE-2021-26931 (bnc#1183022,\nbnc#1183069).\n\nCVE-2020-27815: Fixed jfs array index bounds check in dbAdjTree\n(bsc#1179454).\n\nCVE-2021-27365: Fixed an issue inside the iSCSI data structures that\ndoes not have appropriate length constraints or checks, and can exceed\nthe PAGE_SIZE value. An unprivileged user can send a Netlink message\nthat is associated with iSCSI, and has a length up to the maximum\nlength of a Netlink message (bnc#1182715).\n\nCVE-2021-27363: Fixed an issue with a kernel pointer leak that could\nhave been used to determine the address of the iscsi_transport\nstructure. When an iSCSI transport is registered with the iSCSI\nsubsystem, the transport's handle is available to unprivileged users\nvia the sysfs file system, at\n/sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the\nshow_transport_handle function (in\ndrivers/scsi/scsi_transport_iscsi.c) is called, which leaks the\nhandle. This handle is actually the pointer to an iscsi_transport\nstruct in the kernel module's global variables (bnc#1182716).\n\nCVE-2021-27364: Fixed an issue in drivers/scsi/scsi_transport_iscsi.c\nwhere an unprivileged user can craft Netlink messages (bnc#1182717).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047233\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177411\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178181\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183069\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184194\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184391\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184512\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184583\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1185244\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0433/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25670/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25671/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25672/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25673/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27170/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27171/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27673/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27815/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35519/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36310/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36311/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36312/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36322/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20219/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27363/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27364/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27365/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28038/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28688/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28950/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28964/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28971/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28972/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29154/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29155/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29264/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29265/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29647/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29650/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30002/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3428/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3444/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3483/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20211624-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?38d85273\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Manager Server 4.0 :\n\nzypper in -t patch\nSUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-1624=1\n\nSUSE Manager Retail Branch Server 4.0 :\n\nzypper in -t patch\nSUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-1624=1\n\nSUSE Manager Proxy 4.0 :\n\nzypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-1624=1\n\nSUSE Linux Enterprise Server for SAP 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-1624=1\n\nSUSE Linux Enterprise Server 15-SP1-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-1624=1\n\nSUSE Linux Enterprise Server 15-SP1-BCL :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-1624=1\n\nSUSE Linux Enterprise Module for Live Patching 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-1624=1\n\nSUSE Linux Enterprise High Performance Computing 15-SP1-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-1624=1\n\nSUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-1624=1\n\nSUSE Linux Enterprise High Availability 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-1624=1\n\nSUSE Enterprise Storage 6 :\n\nzypper in -t patch SUSE-Storage-6-2021-1624=1\n\nSUSE CaaS Platform 4.0 :\n\nTo install this update, use the SUSE CaaS Platform 'skuba' tool. I\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28660\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-debuginfo-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debuginfo-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debugsource-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-debuginfo-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-debugsource-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-syms-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-4.12.14-197.89.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-debuginfo-4.12.14-197.89.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-25T15:27:37", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-4356 advisory.\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an attacker with a local account to leak information about kernel internal addresses. The highest threat from this vulnerability is to confidentiality. (CVE-2021-20239)\n\n - This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.11.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs prior to executing them.\n An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-13661. (CVE-2021-31440)\n\n - nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after- free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71. (CVE-2021-3348)\n\n - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171 (CVE-2020-0427)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi- device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. (CVE-2021-31916)\n\n - A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket. (CVE-2021-23133)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel. (CVE-2020-27777)\n\n - A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5. (CVE-2021-3573)\n\n - An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration. (CVE-2020-26140)\n\n - A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was found in the way user uses trace ring buffer in a specific way. Only privileged local users (with CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.\n (CVE-2021-3679)\n\n - The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee (bpf, ringbuf: Deny reserve of buffers larger than ringbuf) (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced via 457f44363a88 (bpf: Implement BPF ring buffer and verifier support for it) (v5.8-rc1). (CVE-2021-3489)\n\n - An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. The WEP, WPA, WPA2, and WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration. (CVE-2020-26143)\n\n - An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (CVE-2020-26144)\n\n - An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients. (CVE-2020-26139)\n\n - An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by design. (CVE-2020-26146)\n\n - An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of- bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf. (CVE-2020-36386)\n\n - An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer arithmetic operations, the pointer modification performed by the first operation is not correctly accounted for when restricting subsequent operations. (CVE-2021-29155)\n\n - kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel. (CVE-2021-31829)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.\n (CVE-2020-24586)\n\n - An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data- confidentiality protocol. (CVE-2020-26141)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed. (CVE-2020-24587)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated.\n Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. (CVE-2020-24588)\n\n - An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. (CVE-2020-26145)\n\n - An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. (CVE-2020-26147)\n\n - A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13. (CVE-2021-3564)\n\n - Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. (CVE-2021-0129)\n\n - kernel: overlayfs: Mounting overlayfs inside an unprivileged user namespace can reveal files (CVE-2021-3732)\n\n - Improper input validation in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 and before version 1.4.29.0 for Windows*, may allow an authenticated user to potentially enable a denial of service via local access. (CVE-2020-24502)\n\n - kernel/bpf/verifier.c in the Linux kernel through 5.12.7 enforces incorrect limits for pointer arithmetic operations, aka CID-bb01a1bba579. This can be abused to perform out-of-bounds reads and writes in kernel memory, leading to local privilege escalation to root. In particular, there is a corner case where the off reg causes a masking direction change, which then results in an incorrect final aux->alu_limit.\n (CVE-2021-33200)\n\n - Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable information disclosure via local access.\n (CVE-2020-24503)\n\n - Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable denial of service via local access.\n (CVE-2020-24504)\n\n - An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1. (CVE-2020-29368)\n\n - There is a vulnerability in the linux kernel versions higher than 5.2 (if kernel compiled with config params CONFIG_BPF_SYSCALL=y , CONFIG_BPF=y , CONFIG_CGROUPS=y , CONFIG_CGROUP_BPF=y , CONFIG_HARDENED_USERCOPY not set, and BPF hook to getsockopt is registered). As result of BPF execution, the local user can trigger bug in __cgroup_bpf_run_filter_getsockopt() function that can lead to heap overflow (because of non-hardened usercopy). The impact of attack could be deny of service or possibly privileges escalation. (CVE-2021-20194)\n\n - kernel: eBPF 32-bit source register truncation on div/mod (CVE-2021-3600)\n\n - A flaw was found in the Linux kernel netfilter implementation in versions prior to 5.5-rc7. A user with root (CAP_SYS_ADMIN) access is able to panic the system when issuing netfilter netflow commands.\n (CVE-2021-3635)\n\n - kernel: NULL pointer dereference in llsec_key_alloc() in net/mac802154/llsec.c (CVE-2021-3659)\n\n - An issue was discovered in the Linux kernel before 5.11.11. tipc_nl_retrieve_key in net/tipc/node.c does not properly validate certain data sizes, aka CID-0217ed2848e8. (CVE-2021-29646)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-17T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : kernel (ELSA-2021-4356)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0427", "CVE-2020-24502", "CVE-2020-24503", "CVE-2020-24504", "CVE-2020-24586", "CVE-2020-24587", "CVE-2020-24588", "CVE-2020-26139", "CVE-2020-26140", "CVE-2020-26141", "CVE-2020-26143", "CVE-2020-26144", "CVE-2020-26145", "CVE-2020-26146", "CVE-2020-26147", "CVE-2020-27777", "CVE-2020-29368", "CVE-2020-29660", "CVE-2020-36158", "CVE-2020-36386", "CVE-2021-0129", "CVE-2021-20194", "CVE-2021-20239", "CVE-2021-23133", "CVE-2021-28950", "CVE-2021-28971", "CVE-2021-29155", "CVE-2021-29646", "CVE-2021-29650", "CVE-2021-31440", "CVE-2021-31829", "CVE-2021-31916", "CVE-2021-33200", "CVE-2021-3348", "CVE-2021-3489", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3600", "CVE-2021-3635", "CVE-2021-3659", "CVE-2021-3679", "CVE-2021-3732"], "modified": "2023-11-23T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-stablelists", "p-cpe:/a:oracle:linux:kernel-core", "p-cpe:/a:oracle:linux:kernel-cross-headers", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-core", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-debug-modules", "p-cpe:/a:oracle:linux:kernel-debug-modules-extra", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-modules", "p-cpe:/a:oracle:linux:kernel-modules-extra", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python3-perf"], "id": "ORACLELINUX_ELSA-2021-4356.NASL", "href": "https://www.tenable.com/plugins/nessus/155425", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-4356.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155425);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/23\");\n\n script_cve_id(\n \"CVE-2020-0427\",\n \"CVE-2020-24502\",\n \"CVE-2020-24503\",\n \"CVE-2020-24504\",\n \"CVE-2020-24586\",\n \"CVE-2020-24587\",\n \"CVE-2020-24588\",\n \"CVE-2020-26139\",\n \"CVE-2020-26140\",\n \"CVE-2020-26141\",\n \"CVE-2020-26143\",\n \"CVE-2020-26144\",\n \"CVE-2020-26145\",\n \"CVE-2020-26146\",\n \"CVE-2020-26147\",\n \"CVE-2020-27777\",\n \"CVE-2020-29368\",\n \"CVE-2020-29660\",\n \"CVE-2020-36158\",\n \"CVE-2020-36386\",\n \"CVE-2021-0129\",\n \"CVE-2021-3348\",\n \"CVE-2021-3489\",\n \"CVE-2021-3564\",\n \"CVE-2021-3573\",\n \"CVE-2021-3600\",\n \"CVE-2021-3635\",\n \"CVE-2021-3659\",\n \"CVE-2021-3679\",\n \"CVE-2021-3732\",\n \"CVE-2021-20194\",\n \"CVE-2021-20239\",\n \"CVE-2021-23133\",\n \"CVE-2021-28950\",\n \"CVE-2021-28971\",\n \"CVE-2021-29155\",\n \"CVE-2021-29646\",\n \"CVE-2021-29650\",\n \"CVE-2021-31440\",\n \"CVE-2021-31829\",\n \"CVE-2021-31916\",\n \"CVE-2021-33200\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0223-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0222-S\");\n\n script_name(english:\"Oracle Linux 8 : kernel (ELSA-2021-4356)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-4356 advisory.\n\n - An issue was discovered in the Linux kernel before 5.11.11. The netfilter subsystem allows attackers to\n cause a denial of service (panic) because net/netfilter/x_tables.c and include/linux/netfilter/x_tables.h\n lack a full memory barrier upon the assignment of a new table value, aka CID-175e476b8cdf.\n (CVE-2021-29650)\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur\n because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)\n\n - In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some\n Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS\n status in a PEBS record is mishandled, aka CID-d88d05a9e0b6. (CVE-2021-28971)\n\n - A flaw was found in the Linux kernel in versions before 5.4.92 in the BPF protocol. This flaw allows an\n attacker with a local account to leak information about kernel internal addresses. The highest threat from\n this vulnerability is to confidentiality. (CVE-2021-20239)\n\n - This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel\n 5.11.15. An attacker must first obtain the ability to execute low-privileged code on the target system in\n order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The\n issue results from the lack of proper validation of user-supplied eBPF programs prior to executing them.\n An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the\n context of the kernel. Was ZDI-CAN-13661. (CVE-2021-31440)\n\n - nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-\n free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a\n certain point during device setup, aka CID-b98e762e3d71. (CVE-2021-3348)\n\n - In create_pinctrl of core.c, there is a possible out of bounds read due to a use after free. This could\n lead to local information disclosure with no additional execution privileges needed. User interaction is\n not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-140550171\n (CVE-2020-0427)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID,\n aka CID-c8bcd9c5be24. (CVE-2020-29660)\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through\n 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.\n (CVE-2020-36158)\n\n - An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-\n device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with\n special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or\n a leak of internal kernel information. The highest threat from this vulnerability is to system\n availability. (CVE-2021-31916)\n\n - A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel\n privilege escalation from the context of a network service or an unprivileged process. If\n sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the\n auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network\n service privileges to escalate to root or from the context of an unprivileged user directly if a\n BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket. (CVE-2021-23133)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked\n down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries\n platform) a root like local user could use this flaw to further increase their privileges to that of a\n running kernel. (CVE-2020-27777)\n\n - A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way\n user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev()\n together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(),\n hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their\n privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5. (CVE-2021-3573)\n\n - An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and\n WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to\n inject arbitrary data frames independent of the network configuration. (CVE-2020-26140)\n\n - A lack of CPU resource in the Linux kernel tracing module functionality in versions prior to 5.14-rc3 was\n found in the way user uses trace ring buffer in a specific way. Only privileged local users (with\n CAP_SYS_ADMIN capability) could use this flaw to starve the resources causing denial of service.\n (CVE-2021-3679)\n\n - The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size\n was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel\n and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee (bpf, ringbuf: Deny\n reserve of buffers larger than ringbuf) (v5.13-rc4) and backported to the stable kernels in v5.12.4,\n v5.11.21, and v5.10.37. It was introduced via 457f44363a88 (bpf: Implement BPF ring buffer and verifier\n support for it) (v5.8-rc1). (CVE-2021-3489)\n\n - An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. The WEP, WPA, WPA2, and\n WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. An adversary can\n abuse this to inject arbitrary data frames independent of the network configuration. (CVE-2020-26143)\n\n - An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3\n implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042\n (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets\n independent of the network configuration. (CVE-2020-26144)\n\n - An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other\n clients even though the sender has not yet successfully authenticated to the AP. This might be abused in\n projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier\n to exploit other vulnerabilities in connected clients. (CVE-2020-26139)\n\n - An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations\n reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate\n selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the\n WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by\n design. (CVE-2020-26146)\n\n - An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-\n bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf. (CVE-2020-36386)\n\n - An issue was discovered in the Linux kernel through 5.11.x. kernel/bpf/verifier.c performs undesirable\n out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre\n mitigations and obtain sensitive information from kernel memory. Specifically, for sequences of pointer\n arithmetic operations, the pointer modification performed by the first operation is not correctly\n accounted for when restricting subsequent operations. (CVE-2021-29155)\n\n - kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading\n to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not\n protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized\n data that might represent sensitive information previously operated on by the kernel. (CVE-2021-31829)\n\n - The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent\n Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a\n network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP,\n CCMP, or GCMP, this can be abused to inject arbitrary network packets an