CVE-2021-43056

2021-10-28T04:15:00

Description

An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values.

Affected Software

CPE Name	Name	Version
linux:linux_kernel	linux linux kernel	5.4.15
fedoraproject:fedora	fedoraproject fedora	33
fedoraproject:fedora	fedoraproject fedora	34
fedoraproject:fedora	fedoraproject fedora	35

{"id": "CVE-2021-43056", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2021-43056", "description": "An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values.", "published": "2021-10-28T04:15:00", "modified": "2021-11-28T23:31:00", "epss": [{"cve": "CVE-2021-43056", "epss": 0.00045, "percentile": 0.12212, "modified": "2023-05-23"}], "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 4.9}, "severity": "MEDIUM", "exploitabilityScore": 3.9, "impactScore": 6.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43056", "reporter": "cve@mitre.org", "references": ["https://git.kernel.org/linus/cdeb5d7d890e14f3b70e8087e745c4a6a7d9f337", "https://lore.kernel.org/linuxppc-dev/87pmrtbbdt.fsf@mpe.ellerman.id.au/T/#u", "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.15", "http://www.openwall.com/lists/oss-security/2021/10/28/1", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BBM4FP3IT3JZ2O7EBS7TEOG657N4ZGRE/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AA7EAPPKWG4LMTQQLNNSKATY6ST2KQFE/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRAIS3PG4EV5WFLYESR6FXWM4BJJGWVA/"], "cvelist": ["CVE-2021-43056"], "immutableFields": [], "lastseen": "2023-05-23T15:47:25", "viewCount": 170, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2022:1988"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:53F8A02950D1071788BF2E23EFF823EF", "CFOUNDRY:C7BE92CF45CB8F4FCBCEA8F043427BCF"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-43056"]}, {"type": "fedora", "idList": ["FEDORA:2757230742BD", "FEDORA:A1C2A3072626", "FEDORA:CCAC1305D42D"]}, {"type": "nessus", "idList": ["ALMA_LINUX_ALSA-2022-1988.NASL", "OPENSUSE-2021-1460.NASL", "OPENSUSE-2021-1477.NASL", "OPENSUSE-2021-3641.NASL", "OPENSUSE-2021-3655.NASL", "OPENSUSE-2021-3675.NASL", "ORACLELINUX_ELSA-2022-1988.NASL", "REDHAT-RHSA-2022-1988.NASL", "SUSE_SU-2021-3640-1.NASL", "SUSE_SU-2021-3641-1.NASL", "SUSE_SU-2021-3642-1.NASL", "SUSE_SU-2021-3655-1.NASL", "SUSE_SU-2021-3658-1.NASL", "SUSE_SU-2021-3675-1.NASL", "SUSE_SU-2021-3754-1.NASL", "UBUNTU_USN-5139-1.NASL", "UBUNTU_USN-5165-1.NASL", "UBUNTU_USN-5208-1.NASL", "UBUNTU_USN-5210-1.NASL", "UBUNTU_USN-5218-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2022-1988"]}, {"type": "redhat", "idList": ["RHSA-2022:1988", "RHSA-2022:4814", "RHSA-2022:4956", "RHSA-2022:5201", "RHSA-2022:5392", "RHSA-2022:5483"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-43056"]}, {"type": "rocky", "idList": ["RLSA-2022:1988"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1460-1", "OPENSUSE-SU-2021:1477-1", "OPENSUSE-SU-2021:3641-1", "OPENSUSE-SU-2021:3655-1", "OPENSUSE-SU-2021:3675-1"]}, {"type": "ubuntu", "idList": ["USN-5139-1", "USN-5165-1", "USN-5208-1", "USN-5210-1", "USN-5210-2", "USN-5218-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-43056"]}, {"type": "veracode", "idList": ["VERACODE:33702"]}]}, "score": {"value": 1.8, "vector": "NONE"}, "backreferences": {"references": [{"type": "cloudfoundry", "idList": ["CFOUNDRY:53F8A02950D1071788BF2E23EFF823EF", "CFOUNDRY:C7BE92CF45CB8F4FCBCEA8F043427BCF"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-43056"]}, {"type": "fedora", "idList": ["FEDORA:2757230742BD", "FEDORA:A1C2A3072626", "FEDORA:CCAC1305D42D"]}, {"type": "nessus", "idList": ["OPENSUSE-2021-1460.NASL", "OPENSUSE-2021-3641.NASL", "SUSE_SU-2021-3640-1.NASL", "SUSE_SU-2021-3641-1.NASL", "SUSE_SU-2021-3642-1.NASL"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-43056"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1460-1", "OPENSUSE-SU-2021:3641-1", "OPENSUSE-SU-2021:3655-1"]}, {"type": "ubuntu", "idList": ["USN-5139-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-43056"]}]}, "exploitation": null, "affected_software": {"major_version": [{"name": "linux linux kernel", "version": 5}, {"name": "fedoraproject fedora", "version": 33}, {"name": "fedoraproject fedora", "version": 34}, {"name": "fedoraproject fedora", "version": 35}]}, "epss": [{"cve": "CVE-2021-43056", "epss": 0.00045, "percentile": 0.12107, "modified": "2023-05-03"}], "vulnersScore": 1.8}, "_state": {"dependencies": 1685064693, "score": 1684856904, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "72f33a50eff2486fc3e95bfd6148e949"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/o:fedoraproject:fedora:33", "cpe:/o:fedoraproject:fedora:34", "cpe:/o:fedoraproject:fedora:35"], "cpe23": ["cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-noinfo"], "affectedSoftware": [{"cpeName": "linux:linux_kernel", "version": "5.4.15", "operator": "lt", "name": "linux linux kernel"}, {"cpeName": "fedoraproject:fedora", "version": "33", "operator": "eq", "name": "fedoraproject fedora"}, {"cpeName": "fedoraproject:fedora", "version": "34", "operator": "eq", "name": "fedoraproject fedora"}, {"cpeName": "fedoraproject:fedora", "version": "35", "operator": "eq", "name": "fedoraproject fedora"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.4.15:*:*:*:*:*:*:*", "versionStartIncluding": "5.2", "versionEndExcluding": "5.4.15", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://git.kernel.org/linus/cdeb5d7d890e14f3b70e8087e745c4a6a7d9f337", "name": "https://git.kernel.org/linus/cdeb5d7d890e14f3b70e8087e745c4a6a7d9f337", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory"]}, {"url": "https://lore.kernel.org/linuxppc-dev/87pmrtbbdt.fsf@mpe.ellerman.id.au/T/#u", "name": "https://lore.kernel.org/linuxppc-dev/87pmrtbbdt.fsf@mpe.ellerman.id.au/T/#u", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory"]}, {"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.15", "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.14.15", "refsource": "MISC", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "http://www.openwall.com/lists/oss-security/2021/10/28/1", "name": "[oss-security] 20211028 Re: Linux kernel: powerpc: KVM guest can trigger host crash on Power8", "refsource": "MLIST", "tags": ["Mailing List", "Patch", "Third Party Advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BBM4FP3IT3JZ2O7EBS7TEOG657N4ZGRE/", "name": "FEDORA-2021-4320606094", "refsource": "FEDORA", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AA7EAPPKWG4LMTQQLNNSKATY6ST2KQFE/", "name": "FEDORA-2021-4fed2b55c4", "refsource": "FEDORA", "tags": ["Mailing List", "Third Party Advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRAIS3PG4EV5WFLYESR6FXWM4BJJGWVA/", "name": "FEDORA-2021-ed8c2e1098", "refsource": "FEDORA", "tags": ["Mailing List", "Third Party Advisory"]}], "product_info": [{"vendor": "Fedoraproject", "product": "Fedora"}, {"vendor": "Linux", "product": "Linux_kernel"}], "solutions": [], "workarounds": [], "impacts": [], "exploits": [], "problemTypes": [], "assigned": "1976-01-01T00:00:00"}

{"veracode": [{"lastseen": "2022-12-13T13:02:12", "description": "libxml2.so is vulnerable to denial of service. The vulnerability exists in the `book3s_hv_rmhandlers.s` because of containing a bug when handling SRR1 that allows a malicious guest to crash the application,\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-01-15T00:39:10", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43056"], "modified": "2022-12-09T11:38:33", "id": "VERACODE:33702", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-33702/summary", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "debiancve": [{"lastseen": "2023-05-24T10:10:51", "description": "An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-10-28T04:15:00", "type": "debiancve", "title": "CVE-2021-43056", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43056"], "modified": "2021-10-28T04:15:00", "id": "DEBIANCVE:CVE-2021-43056", "href": "https://security-tracker.debian.org/tracker/CVE-2021-43056", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "prion": [{"lastseen": "2023-08-16T07:46:08", "description": "An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-10-28T04:15:00", "type": "prion", "title": "CVE-2021-43056", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43056"], "modified": "2021-11-28T23:31:00", "id": "PRION:CVE-2021-43056", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-43056", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "redhatcve": [{"lastseen": "2023-05-23T17:16:02", "description": "A denial of service problem was found in the Linux kernel's Kernel-based Virtual Machine (KVM) specific to PowerPC. In this flaw, a user with local access can confuse the host offline code, causing the guest to crash.\n#### Mitigation\n\nMitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. \n\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-10-28T15:18:39", "type": "redhatcve", "title": "CVE-2021-43056", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43056"], "modified": "2023-04-06T08:43:22", "id": "RH:CVE-2021-43056", "href": "https://access.redhat.com/security/cve/cve-2021-43056", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntucve": [{"lastseen": "2023-09-13T14:40:02", "description": "An issue was discovered in the Linux kernel for powerpc before 5.14.15. It\nallows a malicious KVM guest to crash the host, when the host is running on\nPower8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation\nbug in the handling of the SRR1 register values.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-10-28T00:00:00", "type": "ubuntucve", "title": "CVE-2021-43056", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-43056"], "modified": "2021-10-28T00:00:00", "id": "UB:CVE-2021-43056", "href": "https://ubuntu.com/security/CVE-2021-43056", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "fedora": [{"lastseen": "2023-05-23T16:36:16", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-04T01:34:41", "type": "fedora", "title": "[SECURITY] Fedora 34 Update: kernel-5.14.15-200.fc34", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3760", "CVE-2021-43056"], "modified": "2021-11-04T01:34:41", "id": "FEDORA:2757230742BD", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BBM4FP3IT3JZ2O7EBS7TEOG657N4ZGRE/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T16:36:16", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-04T01:48:00", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: kernel-5.14.15-300.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3760", "CVE-2021-43056"], "modified": "2021-11-04T01:48:00", "id": "FEDORA:A1C2A3072626", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/RRAIS3PG4EV5WFLYESR6FXWM4BJJGWVA/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T16:36:16", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-04T01:24:10", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: kernel-5.14.15-100.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3760", "CVE-2021-43056"], "modified": "2021-11-04T01:24:10", "id": "FEDORA:CCAC1305D42D", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/AA7EAPPKWG4LMTQQLNNSKATY6ST2KQFE/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-05-19T15:16:36", "description": "The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5139-1 advisory.\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. (CVE-2021-41864)\n\n - A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)\n\n - A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability. (CVE-2021-3760)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\n - An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (CVE-2021-43389)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : Linux kernel (OEM 5.10) vulnerabilities (USN-5139-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3655", "CVE-2021-3744", "CVE-2021-3760", "CVE-2021-3764", "CVE-2021-41864", "CVE-2021-43056", "CVE-2021-43389"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.10.0-1051-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.10.0-1051-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-20.04b", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.10.0-1051-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04b", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.10.0-1051-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.10.0-1051-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-20.04b", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.10-headers-5.10.0-1051", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.10-tools-5.10.0-1051", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.10-tools-host", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.10.0-1051-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-20.04b"], "id": "UBUNTU_USN-5139-1.NASL", "href": "https://www.tenable.com/plugins/nessus/155221", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5139-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155221);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2021-3655\",\n \"CVE-2021-3744\",\n \"CVE-2021-3760\",\n \"CVE-2021-3764\",\n \"CVE-2021-41864\",\n \"CVE-2021-43056\",\n \"CVE-2021-43389\"\n );\n script_xref(name:\"USN\", value:\"5139-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : Linux kernel (OEM 5.10) vulnerabilities (USN-5139-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-5139-1 advisory.\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows\n unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds\n write. (CVE-2021-41864)\n\n - A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on\n inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)\n\n - A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat\n to confidentiality, integrity, and system availability. (CVE-2021-3760)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to\n crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S\n implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\n - An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in\n the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (CVE-2021-43389)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5139-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3760\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.10.0-1051-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.10.0-1051-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-20.04b\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.10.0-1051-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04b\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.10.0-1051-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.10.0-1051-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-20.04b\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.10-headers-5.10.0-1051\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.10-tools-5.10.0-1051\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.10-tools-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.10.0-1051-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-20.04b\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2021-3655', 'CVE-2021-3744', 'CVE-2021-3764');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5139-1');\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.10.0-1051-oem', 'pkgver': '5.10.0-1051.53'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.10.0-1051-oem', 'pkgver': '5.10.0-1051.53'},\n {'osver': '20.04', 'pkgname': 'linux-headers-oem-20.04', 'pkgver': '5.10.0.1051.53'},\n {'osver': '20.04', 'pkgname': 'linux-headers-oem-20.04-edge', 'pkgver': '5.10.0.1051.53'},\n {'osver': '20.04', 'pkgname': 'linux-headers-oem-20.04b', 'pkgver': '5.10.0.1051.53'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.10.0-1051-oem', 'pkgver': '5.10.0-1051.53'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem-20.04', 'pkgver': '5.10.0.1051.53'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem-20.04-edge', 'pkgver': '5.10.0.1051.53'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem-20.04b', 'pkgver': '5.10.0.1051.53'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.10.0-1051-oem', 'pkgver': '5.10.0-1051.53'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.10.0-1051-oem', 'pkgver': '5.10.0-1051.53'},\n {'osver': '20.04', 'pkgname': 'linux-oem-20.04', 'pkgver': '5.10.0.1051.53'},\n {'osver': '20.04', 'pkgname': 'linux-oem-20.04-edge', 'pkgver': '5.10.0.1051.53'},\n {'osver': '20.04', 'pkgname': 'linux-oem-20.04b', 'pkgver': '5.10.0.1051.53'},\n {'osver': '20.04', 'pkgname': 'linux-oem-5.10-headers-5.10.0-1051', 'pkgver': '5.10.0-1051.53'},\n {'osver': '20.04', 'pkgname': 'linux-oem-5.10-tools-5.10.0-1051', 'pkgver': '5.10.0-1051.53'},\n {'osver': '20.04', 'pkgname': 'linux-oem-5.10-tools-host', 'pkgver': '5.10.0-1051.53'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.10.0-1051-oem', 'pkgver': '5.10.0-1051.53'},\n {'osver': '20.04', 'pkgname': 'linux-tools-oem-20.04', 'pkgver': '5.10.0.1051.53'},\n {'osver': '20.04', 'pkgname': 'linux-tools-oem-20.04-edge', 'pkgver': '5.10.0.1051.53'},\n {'osver': '20.04', 'pkgname': 'linux-tools-oem-20.04b', 'pkgver': '5.10.0.1051.53'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-buildinfo-5.10.0-1051-oem / linux-headers-5.10.0-1051-oem / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-13T14:25:58", "description": "The remote Ubuntu 20.04 LTS / 21.04 / 21.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5208-1 advisory.\n\n - An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter- Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type. (CVE-2021-43267)\n\n - A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability. (CVE-2021-3760)\n\n - A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.\n (CVE-2021-20321)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. (CVE-2021-41864)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-06T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS / 21.04 / 21.10 : Linux kernel vulnerabilities (USN-5208-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-20321", "CVE-2021-3760", "CVE-2021-4002", "CVE-2021-41864", "CVE-2021-43056", "CVE-2021-43267", "CVE-2021-43389"], "modified": "2023-07-12T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:21.04", "cpe:/o:canonical:ubuntu_linux:21.10", "p-cpe:/a:canonical:ubuntu_linux:linux-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.11-cloud-tools-5.11.0-1023", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.11-headers-5.11.0-1023", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.11-tools-5.11.0-1023", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-cloud-tools-5.11.0-1023", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-cloud-tools-5.13.0-1008", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-headers-5.11.0-1023", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-headers-5.13.0-1008", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-tools-5.11.0-1023", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-tools-5.13.0-1008", "p-cpe:/a:canonical:ubuntu_linux:linux-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.11-cloud-tools-5.11.0-1023", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.11-headers-5.11.0-1023", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.11-tools-5.11.0-1023", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-cloud-tools-5.11.0-1023", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-cloud-tools-5.13.0-1009", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-headers-5.11.0-1023", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-headers-5.13.0-1009", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-tools-5.11.0-1023", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-tools-5.13.0-1009", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-1021-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-1023-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-1023-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-1023-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-1024-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-1024-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-1024-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-44-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-44-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-44-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-44-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1007-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1008-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1008-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1009-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1011-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1012-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1012-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-23-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-23-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-23-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-23-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.11.0-1023-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.11.0-1023-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.11.0-44", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.11.0-44-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.11.0-44-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.13.0-1008-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.13.0-1009-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.13.0-23", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.13.0-23-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.13.0-23-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-44-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1007-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1008-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1008-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1009-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1011-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1012-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1012-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-23-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-23-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-23-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-23-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-crashdump", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.11-headers-5.11.0-1024", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.11-tools-5.11.0-1024", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-headers-5.11.0-1024", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-headers-5.13.0-1008", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-tools-5.11.0-1024", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-tools-5.13.0-1008", "p-cpe:/a:canonical:ubuntu_linux:linux-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-64k-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-64k-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-1021-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-1023-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-1023-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-1023-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-1024-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-1024-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-1024-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-44", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-44-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-44-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-44-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-44-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-1007-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-1008-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-1008-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-1009-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-1011-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-1012-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-1012-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-23", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-23-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-23-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-23-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-23-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-64k-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-64k-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11-cloud-tools-5.11.0-44", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11-cloud-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11-headers-5.11.0-44", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11-source-5.11.0", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11-tools-5.11.0-44", "p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-23-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-kvm-headers-5.11.0-1021", "p-cpe:/a:canonical:ubuntu_linux:linux-kvm-headers-5.13.0-1007", "p-cpe:/a:canonical:ubuntu_linux:linux-kvm-tools-5.11.0-1021", "p-cpe:/a:canonical:ubuntu_linux:linux-kvm-tools-5.13.0-1007", "p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev", "p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-1021-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-1023-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-1023-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-1023-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-1024-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-1024-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-1024-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-44-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-44-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.11-headers-5.11.0-1023", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11-tools-host", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-1021-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-1023-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-1023-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-1023-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-1024-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-1024-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-1024-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-44-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-44-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-44-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.11.0-1021-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.11.0-1023-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.11.0-1023-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.11.0-1024-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.11.0-44-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.11.0-44-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.11.0-44-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-1007-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-1008-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-1009-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-1011-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-23-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-23-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-44-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-44-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-1007-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-1008-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-1008-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-1009-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-1011-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-1012-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-1012-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-23-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-23-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-23-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-23-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.11.0-1023-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.11.0-1023-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.11.0-1023-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.11.0-1024-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.11.0-44-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-1008-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-1008-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-1009-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-1011-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-1012-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-1012-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-23-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-44-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-44-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-44-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-1007-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-1008-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-1008-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.11-tools-5.11.0-1023", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-headers-5.11.0-1023", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-headers-5.13.0-1011", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-tools-5.11.0-1023", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-tools-5.13.0-1011", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi-headers-5.11.0-1024", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi-headers-5.13.0-1012", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi-tools-5.11.0-1024", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi-tools-5.13.0-1012", "p-cpe:/a:canonical:ubuntu_linux:linux-source", "p-cpe:/a:canonical:ubuntu_linux:linux-source-5.11.0", "p-cpe:/a:canonical:ubuntu_linux:linux-source-5.13.0", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-1021-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-1023-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-1023-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-1023-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-1024-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-1024-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-1024-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-44", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-44-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-1009-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-1011-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-1012-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-1012-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-23", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-23-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-23-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-23-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-23-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-64k-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-64k-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-host", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi-nolpae", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-hwe-20.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-virtual-hwe-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-virtual-hwe-20.04-edge"], "id": "UBUNTU_USN-5208-1.NASL", "href": "https://www.tenable.com/plugins/nessus/156486", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5208-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156486);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/12\");\n\n script_cve_id(\n \"CVE-2021-3760\",\n \"CVE-2021-4002\",\n \"CVE-2021-20321\",\n \"CVE-2021-41864\",\n \"CVE-2021-43056\",\n \"CVE-2021-43267\",\n \"CVE-2021-43389\"\n );\n script_xref(name:\"USN\", value:\"5208-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS / 21.04 / 21.10 : Linux kernel vulnerabilities (USN-5208-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 21.04 / 21.10 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-5208-1 advisory.\n\n - An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-\n Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of\n user-supplied sizes for the MSG_CRYPTO message type. (CVE-2021-43267)\n\n - A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat\n to confidentiality, integrity, and system availability. (CVE-2021-3760)\n\n - A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users\n do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.\n (CVE-2021-20321)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows\n unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds\n write. (CVE-2021-41864)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to\n crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S\n implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5208-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-43267\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:21.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:21.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.11-cloud-tools-5.11.0-1023\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.11-headers-5.11.0-1023\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.11-tools-5.11.0-1023\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-cloud-tools-5.11.0-1023\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-cloud-tools-5.13.0-1008\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-headers-5.11.0-1023\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-headers-5.13.0-1008\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-tools-5.11.0-1023\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-tools-5.13.0-1008\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.11-cloud-tools-5.11.0-1023\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.11-headers-5.11.0-1023\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.11-tools-5.11.0-1023\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-cloud-tools-5.11.0-1023\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-cloud-tools-5.13.0-1009\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-headers-5.11.0-1023\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-headers-5.13.0-1009\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-tools-5.11.0-1023\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-tools-5.13.0-1009\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-1021-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-1023-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-1023-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-1023-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-1024-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-1024-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-1024-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-44-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-44-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-44-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.11.0-44-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1007-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1008-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1008-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1009-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1011-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1012-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1012-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-23-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-23-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-23-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-23-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.11.0-1023-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.11.0-1023-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.11.0-44\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.11.0-44-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.11.0-44-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.13.0-1008-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.13.0-1009-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.13.0-23\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.13.0-23-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.13.0-23-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-crashdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.11-headers-5.11.0-1024\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.11-tools-5.11.0-1024\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-headers-5.11.0-1024\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-headers-5.13.0-1008\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-tools-5.11.0-1024\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-tools-5.13.0-1008\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-64k-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-64k-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-1021-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-1023-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-1023-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-1023-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-1024-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-1024-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-1024-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-44\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-44-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-44-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-44-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.11.0-44-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-1007-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-1008-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-1008-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-1009-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-1011-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-1012-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-1012-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-23\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-23-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-23-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-23-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-23-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-64k-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-64k-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11-cloud-tools-5.11.0-44\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11-cloud-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11-headers-5.11.0-44\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11-source-5.11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11-tools-5.11.0-44\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.11-tools-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-1021-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-1023-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-1023-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-1023-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-1024-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-1024-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-1024-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-44-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-44-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-44-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.11.0-44-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1007-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1008-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1008-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1009-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1011-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1012-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1012-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-23-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-23-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-23-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-23-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.11.0-1021-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.11.0-1023-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.11.0-1023-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.11.0-1024-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.11.0-44-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.11.0-44-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.11.0-44-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-1007-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-1008-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-1009-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-1011-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-23-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-23-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-23-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kvm-headers-5.11.0-1021\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kvm-headers-5.13.0-1007\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kvm-tools-5.11.0-1021\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kvm-tools-5.13.0-1007\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-1021-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-1023-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-1023-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-1023-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-1024-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-1024-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-1024-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-44-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-44-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-44-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.11.0-44-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-1007-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-1008-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-1008-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-1009-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-1011-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-1012-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-1012-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-23-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-23-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-23-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-23-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.11.0-1023-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.11.0-1023-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.11.0-1023-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.11.0-1024-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.11.0-44-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-1008-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-1008-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-1009-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-1011-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-1012-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-1012-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.13.0-23-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.11-headers-5.11.0-1023\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.11-tools-5.11.0-1023\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-headers-5.11.0-1023\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-headers-5.13.0-1011\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-tools-5.11.0-1023\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-tools-5.13.0-1011\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi-headers-5.11.0-1024\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi-headers-5.13.0-1012\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi-tools-5.11.0-1024\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi-tools-5.13.0-1012\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-5.11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-5.13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-1021-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-1023-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-1023-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-1023-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-1024-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-1024-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-1024-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-44\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-44-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-44-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-44-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.11.0-44-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-1007-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-1008-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-1008-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-1009-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-1011-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-1012-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-1012-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-23\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-23-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-23-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-23-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-23-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-64k-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-64k-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi-nolpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-hwe-20.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-virtual-hwe-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-virtual-hwe-20.04-edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('20.04' >< os_release || '21.04' >< os_release || '21.10' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 21.04 / 21.10', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '20.04', 'pkgname': 'linux-aws', 'pkgver': '5.11.0.1023.24~20.04.23'},\n {'osver': '20.04', 'pkgname': 'linux-aws-5.11-cloud-tools-5.11.0-1023', 'pkgver': '5.11.0-1023.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-aws-5.11-headers-5.11.0-1023', 'pkgver': '5.11.0-1023.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-aws-5.11-tools-5.11.0-1023', 'pkgver': '5.11.0-1023.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-azure', 'pkgver': '5.11.0.1023.24~20.04.23'},\n {'osver': '20.04', 'pkgname': 'linux-azure-5.11-cloud-tools-5.11.0-1023', 'pkgver': '5.11.0-1023.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-azure-5.11-headers-5.11.0-1023', 'pkgver': '5.11.0-1023.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-azure-5.11-tools-5.11.0-1023', 'pkgver': '5.11.0-1023.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.11.0-1023-aws', 'pkgver': '5.11.0-1023.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.11.0-1023-azure', 'pkgver': '5.11.0-1023.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.11.0-1023-oracle', 'pkgver': '5.11.0-1023.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.11.0-1024-gcp', 'pkgver': '5.11.0-1024.26~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.11.0-44-generic', 'pkgver': '5.11.0-44.48~20.04.2'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.11.0-44-generic-64k', 'pkgver': '5.11.0-44.48~20.04.2'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.11.0-44-generic-lpae', 'pkgver': '5.11.0-44.48~20.04.2'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.11.0-44-lowlatency', 'pkgver': '5.11.0-44.48~20.04.2'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.11.0-1023-aws', 'pkgver': '5.11.0-1023.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.11.0-1023-azure', 'pkgver': '5.11.0-1023.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.11.0-44-generic', 'pkgver': '5.11.0-44.48~20.04.2'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.11.0-44-lowlatency', 'pkgver': '5.11.0-44.48~20.04.2'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-azure', 'pkgver': '5.11.0.1023.24~20.04.23'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-generic-hwe-20.04', 'pkgver': '5.11.0.44.48~20.04.22'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-20.04', 'pkgver': '5.11.0.44.48~20.04.22'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-virtual-hwe-20.04', 'pkgver': '5.11.0.44.48~20.04.22'},\n {'osver': '20.04', 'pkgname': 'linux-gcp', 'pkgver': '5.11.0.1024.26~20.04.24'},\n {'osver': '20.04', 'pkgname': 'linux-gcp-5.11-headers-5.11.0-1024', 'pkgver': '5.11.0-1024.26~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-gcp-5.11-tools-5.11.0-1024', 'pkgver': '5.11.0-1024.26~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-generic-64k-hwe-20.04', 'pkgver': '5.11.0.44.48~20.04.22'},\n {'osver': '20.04', 'pkgname': 'linux-generic-hwe-20.04', 'pkgver': '5.11.0.44.48~20.04.22'},\n {'osver': '20.04', 'pkgname': 'linux-generic-lpae-hwe-20.04', 'pkgver': '5.11.0.44.48~20.04.22'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.11.0-1023-aws', 'pkgver': '5.11.0-1023.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.11.0-1023-azure', 'pkgver': '5.11.0-1023.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.11.0-1023-oracle', 'pkgver': '5.11.0-1023.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.11.0-1024-gcp', 'pkgver': '5.11.0-1024.26~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.11.0-44-generic', 'pkgver': '5.11.0-44.48~20.04.2'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.11.0-44-generic-64k', 'pkgver': '5.11.0-44.48~20.04.2'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.11.0-44-generic-lpae', 'pkgver': '5.11.0-44.48~20.04.2'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.11.0-44-lowlatency', 'pkgver': '5.11.0-44.48~20.04.2'},\n {'osver': '20.04', 'pkgname': 'linux-headers-aws', 'pkgver': '5.11.0.1023.24~20.04.23'},\n {'osver': '20.04', 'pkgname': 'linux-headers-azure', 'pkgver': '5.11.0.1023.24~20.04.23'},\n {'osver': '20.04', 'pkgname': 'linux-headers-gcp', 'pkgver': '5.11.0.1024.26~20.04.24'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic-64k-hwe-20.04', 'pkgver': '5.11.0.44.48~20.04.22'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic-hwe-20.04', 'pkgver': '5.11.0.44.48~20.04.22'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic-lpae-hwe-20.04', 'pkgver': '5.11.0.44.48~20.04.22'},\n {'osver': '20.04', 'pkgname': 'linux-headers-lowlatency-hwe-20.04', 'pkgver': '5.11.0.44.48~20.04.22'},\n {'osver': '20.04', 'pkgname': 'linux-headers-oracle', 'pkgver': '5.11.0.1023.24~20.04.16'},\n {'osver': '20.04', 'pkgname': 'linux-headers-oracle-edge', 'pkgver': '5.11.0.1023.24~20.04.16'},\n {'osver': '20.04', 'pkgname': 'linux-headers-virtual-hwe-20.04', 'pkgver': '5.11.0.44.48~20.04.22'},\n {'osver': '20.04', 'pkgname': 'linux-hwe-5.11-cloud-tools-5.11.0-44', 'pkgver': '5.11.0-44.48~20.04.2'},\n {'osver': '20.04', 'pkgname': 'linux-hwe-5.11-cloud-tools-common', 'pkgver': '5.11.0-44.48~20.04.2'},\n {'osver': '20.04', 'pkgname': 'linux-hwe-5.11-headers-5.11.0-44', 'pkgver': '5.11.0-44.48~20.04.2'},\n {'osver': '20.04', 'pkgname': 'linux-hwe-5.11-source-5.11.0', 'pkgver': '5.11.0-44.48~20.04.2'},\n {'osver': '20.04', 'pkgname': 'linux-hwe-5.11-tools-5.11.0-44', 'pkgver': '5.11.0-44.48~20.04.2'},\n {'osver': '20.04', 'pkgname': 'linux-hwe-5.11-tools-common', 'pkgver': '5.11.0-44.48~20.04.2'},\n {'osver': '20.04', 'pkgname': 'linux-hwe-5.11-tools-host', 'pkgver': '5.11.0-44.48~20.04.2'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.11.0-1023-aws', 'pkgver': '5.11.0-1023.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.11.0-1023-azure', 'pkgver': '5.11.0-1023.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.11.0-1023-oracle', 'pkgver': '5.11.0-1023.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.11.0-1024-gcp', 'pkgver': '5.11.0-1024.26~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.11.0-44-generic', 'pkgver': '5.11.0-44.48~20.04.2'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.11.0-44-generic-64k', 'pkgver': '5.11.0-44.48~20.04.2'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.11.0-44-generic-lpae', 'pkgver': '5.11.0-44.48~20.04.2'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.11.0-44-lowlatency', 'pkgver': '5.11.0-44.48~20.04.2'},\n {'osver': '20.04', 'pkgname': 'linux-image-aws', 'pkgver': '5.11.0.1023.24~20.04.23'},\n {'osver': '20.04', 'pkgname': 'linux-image-azure', 'pkgver': '5.11.0.1023.24~20.04.23'},\n {'osver': '20.04', 'pkgname': 'linux-image-extra-virtual-hwe-20.04', 'pkgver': '5.11.0.44.48~20.04.22'},\n {'osver': '20.04', 'pkgname': 'linux-image-gcp', 'pkgver': '5.11.0.1024.26~20.04.24'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-64k-hwe-20.04', 'pkgver': '5.11.0.44.48~20.04.22'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-hwe-20.04', 'pkgver': '5.11.0.44.48~20.04.22'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae-hwe-20.04', 'pkgver': '5.11.0.44.48~20.04.22'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency-hwe-20.04', 'pkgver': '5.11.0.44.48~20.04.22'},\n {'osver': '20.04', 'pkgname': 'linux-image-oracle', 'pkgver': '5.11.0.1023.24~20.04.16'},\n {'osver': '20.04', 'pkgname': 'linux-image-oracle-edge', 'pkgver': '5.11.0.1023.24~20.04.16'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.11.0-1023-azure', 'pkgver': '5.11.0-1023.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.11.0-1023-oracle', 'pkgver': '5.11.0-1023.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.11.0-1024-gcp', 'pkgver': '5.11.0-1024.26~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.11.0-44-generic', 'pkgver': '5.11.0-44.48~20.04.2'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.11.0-44-generic-64k', 'pkgver': '5.11.0-44.48~20.04.2'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.11.0-44-lowlatency', 'pkgver': '5.11.0-44.48~20.04.2'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual-hwe-20.04', 'pkgver': '5.11.0.44.48~20.04.22'},\n {'osver': '20.04', 'pkgname': 'linux-lowlatency-hwe-20.04', 'pkgver': '5.11.0.44.48~20.04.22'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.11.0-1023-aws', 'pkgver': '5.11.0-1023.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.11.0-1023-azure', 'pkgver': '5.11.0-1023.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.11.0-1023-oracle', 'pkgver': '5.11.0-1023.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.11.0-1024-gcp', 'pkgver': '5.11.0-1024.26~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.11.0-44-generic', 'pkgver': '5.11.0-44.48~20.04.2'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.11.0-44-generic-64k', 'pkgver': '5.11.0-44.48~20.04.2'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.11.0-44-generic-lpae', 'pkgver': '5.11.0-44.48~20.04.2'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.11.0-44-lowlatency', 'pkgver': '5.11.0-44.48~20.04.2'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.11.0-1023-aws', 'pkgver': '5.11.0-1023.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.11.0-1023-azure', 'pkgver': '5.11.0-1023.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.11.0-1023-oracle', 'pkgver': '5.11.0-1023.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.11.0-1024-gcp', 'pkgver': '5.11.0-1024.26~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.11.0-44-generic', 'pkgver': '5.11.0-44.48~20.04.2'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-aws', 'pkgver': '5.11.0.1023.24~20.04.23'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-azure', 'pkgver': '5.11.0.1023.24~20.04.23'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-gcp', 'pkgver': '5.11.0.1024.26~20.04.24'},\n {'osver': '20.04', 'pkgname': 'linux-oracle', 'pkgver': '5.11.0.1023.24~20.04.16'},\n {'osver': '20.04', 'pkgname': 'linux-oracle-5.11-headers-5.11.0-1023', 'pkgver': '5.11.0-1023.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-oracle-5.11-tools-5.11.0-1023', 'pkgver': '5.11.0-1023.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-oracle-edge', 'pkgver': '5.11.0.1023.24~20.04.16'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.11.0-1023-aws', 'pkgver': '5.11.0-1023.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.11.0-1023-azure', 'pkgver': '5.11.0-1023.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.11.0-1023-oracle', 'pkgver': '5.11.0-1023.24~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.11.0-1024-gcp', 'pkgver': '5.11.0-1024.26~20.04.1'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.11.0-44-generic', 'pkgver': '5.11.0-44.48~20.04.2'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.11.0-44-generic-64k', 'pkgver': '5.11.0-44.48~20.04.2'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.11.0-44-generic-lpae', 'pkgver': '5.11.0-44.48~20.04.2'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.11.0-44-lowlatency', 'pkgver': '5.11.0-44.48~20.04.2'},\n {'osver': '20.04', 'pkgname': 'linux-tools-aws', 'pkgver': '5.11.0.1023.24~20.04.23'},\n {'osver': '20.04', 'pkgname': 'linux-tools-azure', 'pkgver': '5.11.0.1023.24~20.04.23'},\n {'osver': '20.04', 'pkgname': 'linux-tools-gcp', 'pkgver': '5.11.0.1024.26~20.04.24'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic-64k-hwe-20.04', 'pkgver': '5.11.0.44.48~20.04.22'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic-hwe-20.04', 'pkgver': '5.11.0.44.48~20.04.22'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic-lpae-hwe-20.04', 'pkgver': '5.11.0.44.48~20.04.22'},\n {'osver': '20.04', 'pkgname': 'linux-tools-lowlatency-hwe-20.04', 'pkgver': '5.11.0.44.48~20.04.22'},\n {'osver': '20.04', 'pkgname': 'linux-tools-oracle', 'pkgver': '5.11.0.1023.24~20.04.16'},\n {'osver': '20.04', 'pkgname': 'linux-tools-oracle-edge', 'pkgver': '5.11.0.1023.24~20.04.16'},\n {'osver': '20.04', 'pkgname': 'linux-tools-virtual-hwe-20.04', 'pkgver': '5.11.0.44.48~20.04.22'},\n {'osver': '20.04', 'pkgname': 'linux-virtual-hwe-20.04', 'pkgver': '5.11.0.44.48~20.04.22'},\n {'osver': '21.04', 'pkgname': 'linux-aws', 'pkgver': '5.11.0.1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-aws-cloud-tools-5.11.0-1023', 'pkgver': '5.11.0-1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-aws-headers-5.11.0-1023', 'pkgver': '5.11.0-1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-aws-tools-5.11.0-1023', 'pkgver': '5.11.0-1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-azure', 'pkgver': '5.11.0.1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-azure-cloud-tools-5.11.0-1023', 'pkgver': '5.11.0-1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-azure-headers-5.11.0-1023', 'pkgver': '5.11.0-1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-azure-tools-5.11.0-1023', 'pkgver': '5.11.0-1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-buildinfo-5.11.0-1021-kvm', 'pkgver': '5.11.0-1021.23'},\n {'osver': '21.04', 'pkgname': 'linux-buildinfo-5.11.0-1023-aws', 'pkgver': '5.11.0-1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-buildinfo-5.11.0-1023-azure', 'pkgver': '5.11.0-1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-buildinfo-5.11.0-1023-oracle', 'pkgver': '5.11.0-1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-buildinfo-5.11.0-1024-gcp', 'pkgver': '5.11.0-1024.26'},\n {'osver': '21.04', 'pkgname': 'linux-buildinfo-5.11.0-1024-raspi', 'pkgver': '5.11.0-1024.26'},\n {'osver': '21.04', 'pkgname': 'linux-buildinfo-5.11.0-1024-raspi-nolpae', 'pkgver': '5.11.0-1024.26'},\n {'osver': '21.04', 'pkgname': 'linux-buildinfo-5.11.0-44-generic', 'pkgver': '5.11.0-44.48'},\n {'osver': '21.04', 'pkgname': 'linux-buildinfo-5.11.0-44-generic-64k', 'pkgver': '5.11.0-44.48'},\n {'osver': '21.04', 'pkgname': 'linux-buildinfo-5.11.0-44-generic-lpae', 'pkgver': '5.11.0-44.48'},\n {'osver': '21.04', 'pkgname': 'linux-buildinfo-5.11.0-44-lowlatency', 'pkgver': '5.11.0-44.48'},\n {'osver': '21.04', 'pkgname': 'linux-cloud-tools-5.11.0-1023-aws', 'pkgver': '5.11.0-1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-cloud-tools-5.11.0-1023-azure', 'pkgver': '5.11.0-1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-cloud-tools-5.11.0-44', 'pkgver': '5.11.0-44.48'},\n {'osver': '21.04', 'pkgname': 'linux-cloud-tools-5.11.0-44-generic', 'pkgver': '5.11.0-44.48'},\n {'osver': '21.04', 'pkgname': 'linux-cloud-tools-5.11.0-44-lowlatency', 'pkgver': '5.11.0-44.48'},\n {'osver': '21.04', 'pkgname': 'linux-cloud-tools-azure', 'pkgver': '5.11.0.1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-cloud-tools-common', 'pkgver': '5.11.0-44.48'},\n {'osver': '21.04', 'pkgname': 'linux-cloud-tools-generic', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-cloud-tools-generic-hwe-20.04', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-cloud-tools-generic-hwe-20.04-edge', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-cloud-tools-lowlatency', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-20.04', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-20.04-edge', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-cloud-tools-virtual', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-cloud-tools-virtual-hwe-20.04', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-cloud-tools-virtual-hwe-20.04-edge', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-crashdump', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-gcp', 'pkgver': '5.11.0.1024.24'},\n {'osver': '21.04', 'pkgname': 'linux-gcp-headers-5.11.0-1024', 'pkgver': '5.11.0-1024.26'},\n {'osver': '21.04', 'pkgname': 'linux-gcp-tools-5.11.0-1024', 'pkgver': '5.11.0-1024.26'},\n {'osver': '21.04', 'pkgname': 'linux-generic', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-generic-64k', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-generic-64k-hwe-20.04', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-generic-64k-hwe-20.04-edge', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-generic-hwe-20.04', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-generic-hwe-20.04-edge', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-generic-lpae', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-generic-lpae-hwe-20.04', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-generic-lpae-hwe-20.04-edge', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-gke', 'pkgver': '5.11.0.1024.24'},\n {'osver': '21.04', 'pkgname': 'linux-headers-5.11.0-1021-kvm', 'pkgver': '5.11.0-1021.23'},\n {'osver': '21.04', 'pkgname': 'linux-headers-5.11.0-1023-aws', 'pkgver': '5.11.0-1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-headers-5.11.0-1023-azure', 'pkgver': '5.11.0-1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-headers-5.11.0-1023-oracle', 'pkgver': '5.11.0-1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-headers-5.11.0-1024-gcp', 'pkgver': '5.11.0-1024.26'},\n {'osver': '21.04', 'pkgname': 'linux-headers-5.11.0-1024-raspi', 'pkgver': '5.11.0-1024.26'},\n {'osver': '21.04', 'pkgname': 'linux-headers-5.11.0-1024-raspi-nolpae', 'pkgver': '5.11.0-1024.26'},\n {'osver': '21.04', 'pkgname': 'linux-headers-5.11.0-44', 'pkgver': '5.11.0-44.48'},\n {'osver': '21.04', 'pkgname': 'linux-headers-5.11.0-44-generic', 'pkgver': '5.11.0-44.48'},\n {'osver': '21.04', 'pkgname': 'linux-headers-5.11.0-44-generic-64k', 'pkgver': '5.11.0-44.48'},\n {'osver': '21.04', 'pkgname': 'linux-headers-5.11.0-44-generic-lpae', 'pkgver': '5.11.0-44.48'},\n {'osver': '21.04', 'pkgname': 'linux-headers-5.11.0-44-lowlatency', 'pkgver': '5.11.0-44.48'},\n {'osver': '21.04', 'pkgname': 'linux-headers-aws', 'pkgver': '5.11.0.1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-headers-azure', 'pkgver': '5.11.0.1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-headers-gcp', 'pkgver': '5.11.0.1024.24'},\n {'osver': '21.04', 'pkgname': 'linux-headers-generic', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-headers-generic-64k', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-headers-generic-64k-hwe-20.04', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-headers-generic-64k-hwe-20.04-edge', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-headers-generic-hwe-20.04', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-headers-generic-hwe-20.04-edge', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-headers-generic-lpae', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-headers-generic-lpae-hwe-20.04', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-headers-generic-lpae-hwe-20.04-edge', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-headers-gke', 'pkgver': '5.11.0.1024.24'},\n {'osver': '21.04', 'pkgname': 'linux-headers-kvm', 'pkgver': '5.11.0.1021.22'},\n {'osver': '21.04', 'pkgname': 'linux-headers-lowlatency', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-headers-lowlatency-hwe-20.04', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-headers-lowlatency-hwe-20.04-edge', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-headers-oem-20.04', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-headers-oracle', 'pkgver': '5.11.0.1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-headers-raspi', 'pkgver': '5.11.0.1024.22'},\n {'osver': '21.04', 'pkgname': 'linux-headers-raspi-nolpae', 'pkgver': '5.11.0.1024.22'},\n {'osver': '21.04', 'pkgname': 'linux-headers-virtual', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-headers-virtual-hwe-20.04', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-headers-virtual-hwe-20.04-edge', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-image-5.11.0-1021-kvm', 'pkgver': '5.11.0-1021.23'},\n {'osver': '21.04', 'pkgname': 'linux-image-5.11.0-1023-aws', 'pkgver': '5.11.0-1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-image-5.11.0-1023-azure', 'pkgver': '5.11.0-1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-image-5.11.0-1023-oracle', 'pkgver': '5.11.0-1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-image-5.11.0-1024-gcp', 'pkgver': '5.11.0-1024.26'},\n {'osver': '21.04', 'pkgname': 'linux-image-5.11.0-1024-raspi', 'pkgver': '5.11.0-1024.26'},\n {'osver': '21.04', 'pkgname': 'linux-image-5.11.0-1024-raspi-nolpae', 'pkgver': '5.11.0-1024.26'},\n {'osver': '21.04', 'pkgname': 'linux-image-5.11.0-44-generic', 'pkgver': '5.11.0-44.48'},\n {'osver': '21.04', 'pkgname': 'linux-image-5.11.0-44-generic-64k', 'pkgver': '5.11.0-44.48'},\n {'osver': '21.04', 'pkgname': 'linux-image-5.11.0-44-generic-lpae', 'pkgver': '5.11.0-44.48'},\n {'osver': '21.04', 'pkgname': 'linux-image-5.11.0-44-lowlatency', 'pkgver': '5.11.0-44.48'},\n {'osver': '21.04', 'pkgname': 'linux-image-aws', 'pkgver': '5.11.0.1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-image-azure', 'pkgver': '5.11.0.1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-image-extra-virtual', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-image-extra-virtual-hwe-20.04', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-image-extra-virtual-hwe-20.04-edge', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-image-gcp', 'pkgver': '5.11.0.1024.24'},\n {'osver': '21.04', 'pkgname': 'linux-image-generic', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-image-generic-64k', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-image-generic-64k-hwe-20.04', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-image-generic-64k-hwe-20.04-edge', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-image-generic-hwe-20.04', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-image-generic-hwe-20.04-edge', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-image-generic-lpae', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-image-generic-lpae-hwe-20.04', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-image-generic-lpae-hwe-20.04-edge', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-image-gke', 'pkgver': '5.11.0.1024.24'},\n {'osver': '21.04', 'pkgname': 'linux-image-kvm', 'pkgver': '5.11.0.1021.22'},\n {'osver': '21.04', 'pkgname': 'linux-image-lowlatency', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-image-lowlatency-hwe-20.04', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-image-lowlatency-hwe-20.04-edge', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-image-oem-20.04', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-image-oracle', 'pkgver': '5.11.0.1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-image-raspi', 'pkgver': '5.11.0.1024.22'},\n {'osver': '21.04', 'pkgname': 'linux-image-raspi-nolpae', 'pkgver': '5.11.0.1024.22'},\n {'osver': '21.04', 'pkgname': 'linux-image-unsigned-5.11.0-1021-kvm', 'pkgver': '5.11.0-1021.23'},\n {'osver': '21.04', 'pkgname': 'linux-image-unsigned-5.11.0-1023-azure', 'pkgver': '5.11.0-1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-image-unsigned-5.11.0-1023-oracle', 'pkgver': '5.11.0-1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-image-unsigned-5.11.0-1024-gcp', 'pkgver': '5.11.0-1024.26'},\n {'osver': '21.04', 'pkgname': 'linux-image-unsigned-5.11.0-44-generic', 'pkgver': '5.11.0-44.48'},\n {'osver': '21.04', 'pkgname': 'linux-image-unsigned-5.11.0-44-generic-64k', 'pkgver': '5.11.0-44.48'},\n {'osver': '21.04', 'pkgname': 'linux-image-unsigned-5.11.0-44-lowlatency', 'pkgver': '5.11.0-44.48'},\n {'osver': '21.04', 'pkgname': 'linux-image-virtual', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-image-virtual-hwe-20.04', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-image-virtual-hwe-20.04-edge', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-kvm', 'pkgver': '5.11.0.1021.22'},\n {'osver': '21.04', 'pkgname': 'linux-kvm-headers-5.11.0-1021', 'pkgver': '5.11.0-1021.23'},\n {'osver': '21.04', 'pkgname': 'linux-kvm-tools-5.11.0-1021', 'pkgver': '5.11.0-1021.23'},\n {'osver': '21.04', 'pkgname': 'linux-libc-dev', 'pkgver': '5.11.0-44.48'},\n {'osver': '21.04', 'pkgname': 'linux-lowlatency', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-lowlatency-hwe-20.04', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-lowlatency-hwe-20.04-edge', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-modules-5.11.0-1021-kvm', 'pkgver': '5.11.0-1021.23'},\n {'osver': '21.04', 'pkgname': 'linux-modules-5.11.0-1023-aws', 'pkgver': '5.11.0-1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-modules-5.11.0-1023-azure', 'pkgver': '5.11.0-1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-modules-5.11.0-1023-oracle', 'pkgver': '5.11.0-1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-modules-5.11.0-1024-gcp', 'pkgver': '5.11.0-1024.26'},\n {'osver': '21.04', 'pkgname': 'linux-modules-5.11.0-1024-raspi', 'pkgver': '5.11.0-1024.26'},\n {'osver': '21.04', 'pkgname': 'linux-modules-5.11.0-1024-raspi-nolpae', 'pkgver': '5.11.0-1024.26'},\n {'osver': '21.04', 'pkgname': 'linux-modules-5.11.0-44-generic', 'pkgver': '5.11.0-44.48'},\n {'osver': '21.04', 'pkgname': 'linux-modules-5.11.0-44-generic-64k', 'pkgver': '5.11.0-44.48'},\n {'osver': '21.04', 'pkgname': 'linux-modules-5.11.0-44-generic-lpae', 'pkgver': '5.11.0-44.48'},\n {'osver': '21.04', 'pkgname': 'linux-modules-5.11.0-44-lowlatency', 'pkgver': '5.11.0-44.48'},\n {'osver': '21.04', 'pkgname': 'linux-modules-extra-5.11.0-1023-aws', 'pkgver': '5.11.0-1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-modules-extra-5.11.0-1023-azure', 'pkgver': '5.11.0-1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-modules-extra-5.11.0-1023-oracle', 'pkgver': '5.11.0-1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-modules-extra-5.11.0-1024-gcp', 'pkgver': '5.11.0-1024.26'},\n {'osver': '21.04', 'pkgname': 'linux-modules-extra-5.11.0-44-generic', 'pkgver': '5.11.0-44.48'},\n {'osver': '21.04', 'pkgname': 'linux-modules-extra-aws', 'pkgver': '5.11.0.1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-modules-extra-azure', 'pkgver': '5.11.0.1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-modules-extra-gcp', 'pkgver': '5.11.0.1024.24'},\n {'osver': '21.04', 'pkgname': 'linux-modules-extra-gke', 'pkgver': '5.11.0.1024.24'},\n {'osver': '21.04', 'pkgname': 'linux-oem-20.04', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-oracle', 'pkgver': '5.11.0.1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-oracle-headers-5.11.0-1023', 'pkgver': '5.11.0-1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-oracle-tools-5.11.0-1023', 'pkgver': '5.11.0-1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-raspi', 'pkgver': '5.11.0.1024.22'},\n {'osver': '21.04', 'pkgname': 'linux-raspi-headers-5.11.0-1024', 'pkgver': '5.11.0-1024.26'},\n {'osver': '21.04', 'pkgname': 'linux-raspi-nolpae', 'pkgver': '5.11.0.1024.22'},\n {'osver': '21.04', 'pkgname': 'linux-raspi-tools-5.11.0-1024', 'pkgver': '5.11.0-1024.26'},\n {'osver': '21.04', 'pkgname': 'linux-source', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-source-5.11.0', 'pkgver': '5.11.0-44.48'},\n {'osver': '21.04', 'pkgname': 'linux-tools-5.11.0-1021-kvm', 'pkgver': '5.11.0-1021.23'},\n {'osver': '21.04', 'pkgname': 'linux-tools-5.11.0-1023-aws', 'pkgver': '5.11.0-1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-tools-5.11.0-1023-azure', 'pkgver': '5.11.0-1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-tools-5.11.0-1023-oracle', 'pkgver': '5.11.0-1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-tools-5.11.0-1024-gcp', 'pkgver': '5.11.0-1024.26'},\n {'osver': '21.04', 'pkgname': 'linux-tools-5.11.0-1024-raspi', 'pkgver': '5.11.0-1024.26'},\n {'osver': '21.04', 'pkgname': 'linux-tools-5.11.0-1024-raspi-nolpae', 'pkgver': '5.11.0-1024.26'},\n {'osver': '21.04', 'pkgname': 'linux-tools-5.11.0-44', 'pkgver': '5.11.0-44.48'},\n {'osver': '21.04', 'pkgname': 'linux-tools-5.11.0-44-generic', 'pkgver': '5.11.0-44.48'},\n {'osver': '21.04', 'pkgname': 'linux-tools-5.11.0-44-generic-64k', 'pkgver': '5.11.0-44.48'},\n {'osver': '21.04', 'pkgname': 'linux-tools-5.11.0-44-generic-lpae', 'pkgver': '5.11.0-44.48'},\n {'osver': '21.04', 'pkgname': 'linux-tools-5.11.0-44-lowlatency', 'pkgver': '5.11.0-44.48'},\n {'osver': '21.04', 'pkgname': 'linux-tools-aws', 'pkgver': '5.11.0.1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-tools-azure', 'pkgver': '5.11.0.1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-tools-common', 'pkgver': '5.11.0-44.48'},\n {'osver': '21.04', 'pkgname': 'linux-tools-gcp', 'pkgver': '5.11.0.1024.24'},\n {'osver': '21.04', 'pkgname': 'linux-tools-generic', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-tools-generic-64k', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-tools-generic-64k-hwe-20.04', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-tools-generic-64k-hwe-20.04-edge', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-tools-generic-hwe-20.04', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-tools-generic-hwe-20.04-edge', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-tools-generic-lpae', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-tools-generic-lpae-hwe-20.04', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-tools-generic-lpae-hwe-20.04-edge', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-tools-gke', 'pkgver': '5.11.0.1024.24'},\n {'osver': '21.04', 'pkgname': 'linux-tools-host', 'pkgver': '5.11.0-44.48'},\n {'osver': '21.04', 'pkgname': 'linux-tools-kvm', 'pkgver': '5.11.0.1021.22'},\n {'osver': '21.04', 'pkgname': 'linux-tools-lowlatency', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-tools-lowlatency-hwe-20.04', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-tools-lowlatency-hwe-20.04-edge', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-tools-oem-20.04', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-tools-oracle', 'pkgver': '5.11.0.1023.24'},\n {'osver': '21.04', 'pkgname': 'linux-tools-raspi', 'pkgver': '5.11.0.1024.22'},\n {'osver': '21.04', 'pkgname': 'linux-tools-raspi-nolpae', 'pkgver': '5.11.0.1024.22'},\n {'osver': '21.04', 'pkgname': 'linux-tools-virtual', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-tools-virtual-hwe-20.04', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-tools-virtual-hwe-20.04-edge', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-virtual', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-virtual-hwe-20.04', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.04', 'pkgname': 'linux-virtual-hwe-20.04-edge', 'pkgver': '5.11.0.44.44'},\n {'osver': '21.10', 'pkgname': 'linux-aws', 'pkgver': '5.13.0.1008.10'},\n {'osver': '21.10', 'pkgname': 'linux-aws-cloud-tools-5.13.0-1008', 'pkgver': '5.13.0-1008.9'},\n {'osver': '21.10', 'pkgname': 'linux-aws-headers-5.13.0-1008', 'pkgver': '5.13.0-1008.9'},\n {'osver': '21.10', 'pkgname': 'linux-aws-tools-5.13.0-1008', 'pkgver': '5.13.0-1008.9'},\n {'osver': '21.10', 'pkgname': 'linux-azure', 'pkgver': '5.13.0.1009.10'},\n {'osver': '21.10', 'pkgname': 'linux-azure-cloud-tools-5.13.0-1009', 'pkgver': '5.13.0-1009.10'},\n {'osver': '21.10', 'pkgname': 'linux-azure-headers-5.13.0-1009', 'pkgver': '5.13.0-1009.10'},\n {'osver': '21.10', 'pkgname': 'linux-azure-tools-5.13.0-1009', 'pkgver': '5.13.0-1009.10'},\n {'osver': '21.10', 'pkgname': 'linux-buildinfo-5.13.0-1007-kvm', 'pkgver': '5.13.0-1007.7'},\n {'osver': '21.10', 'pkgname': 'linux-buildinfo-5.13.0-1008-aws', 'pkgver': '5.13.0-1008.9'},\n {'osver': '21.10', 'pkgname': 'linux-buildinfo-5.13.0-1008-gcp', 'pkgver': '5.13.0-1008.9'},\n {'osver': '21.10', 'pkgname': 'linux-buildinfo-5.13.0-1009-azure', 'pkgver': '5.13.0-1009.10'},\n {'osver': '21.10', 'pkgname': 'linux-buildinfo-5.13.0-1011-oracle', 'pkgver': '5.13.0-1011.13'},\n {'osver': '21.10', 'pkgname': 'linux-buildinfo-5.13.0-1012-raspi', 'pkgver': '5.13.0-1012.14'},\n {'osver': '21.10', 'pkgname': 'linux-buildinfo-5.13.0-1012-raspi-nolpae', 'pkgver': '5.13.0-1012.14'},\n {'osver': '21.10', 'pkgname': 'linux-buildinfo-5.13.0-23-generic', 'pkgver': '5.13.0-23.23'},\n {'osver': '21.10', 'pkgname': 'linux-buildinfo-5.13.0-23-generic-64k', 'pkgver': '5.13.0-23.23'},\n {'osver': '21.10', 'pkgname': 'linux-buildinfo-5.13.0-23-generic-lpae', 'pkgver': '5.13.0-23.23'},\n {'osver': '21.10', 'pkgname': 'linux-buildinfo-5.13.0-23-lowlatency', 'pkgver': '5.13.0-23.23'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-5.13.0-1008-aws', 'pkgver': '5.13.0-1008.9'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-5.13.0-1009-azure', 'pkgver': '5.13.0-1009.10'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-5.13.0-23', 'pkgver': '5.13.0-23.23'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-5.13.0-23-generic', 'pkgver': '5.13.0-23.23'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-5.13.0-23-lowlatency', 'pkgver': '5.13.0-23.23'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-azure', 'pkgver': '5.13.0.1009.10'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-common', 'pkgver': '5.13.0-23.23'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-generic', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-generic-hwe-20.04', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-generic-hwe-20.04-edge', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-lowlatency', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-20.04', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-20.04-edge', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-virtual', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-virtual-hwe-20.04', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-cloud-tools-virtual-hwe-20.04-edge', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-crashdump', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-gcp', 'pkgver': '5.13.0.1008.9'},\n {'osver': '21.10', 'pkgname': 'linux-gcp-headers-5.13.0-1008', 'pkgver': '5.13.0-1008.9'},\n {'osver': '21.10', 'pkgname': 'linux-gcp-tools-5.13.0-1008', 'pkgver': '5.13.0-1008.9'},\n {'osver': '21.10', 'pkgname': 'linux-generic', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-generic-64k', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-generic-64k-hwe-20.04', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-generic-64k-hwe-20.04-edge', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-generic-hwe-20.04', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-generic-hwe-20.04-edge', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-generic-lpae', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-generic-lpae-hwe-20.04', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-generic-lpae-hwe-20.04-edge', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-gke', 'pkgver': '5.13.0.1008.9'},\n {'osver': '21.10', 'pkgname': 'linux-headers-5.13.0-1007-kvm', 'pkgver': '5.13.0-1007.7'},\n {'osver': '21.10', 'pkgname': 'linux-headers-5.13.0-1008-aws', 'pkgver': '5.13.0-1008.9'},\n {'osver': '21.10', 'pkgname': 'linux-headers-5.13.0-1008-gcp', 'pkgver': '5.13.0-1008.9'},\n {'osver': '21.10', 'pkgname': 'linux-headers-5.13.0-1009-azure', 'pkgver': '5.13.0-1009.10'},\n {'osver': '21.10', 'pkgname': 'linux-headers-5.13.0-1011-oracle', 'pkgver': '5.13.0-1011.13'},\n {'osver': '21.10', 'pkgname': 'linux-headers-5.13.0-1012-raspi', 'pkgver': '5.13.0-1012.14'},\n {'osver': '21.10', 'pkgname': 'linux-headers-5.13.0-1012-raspi-nolpae', 'pkgver': '5.13.0-1012.14'},\n {'osver': '21.10', 'pkgname': 'linux-headers-5.13.0-23', 'pkgver': '5.13.0-23.23'},\n {'osver': '21.10', 'pkgname': 'linux-headers-5.13.0-23-generic', 'pkgver': '5.13.0-23.23'},\n {'osver': '21.10', 'pkgname': 'linux-headers-5.13.0-23-generic-64k', 'pkgver': '5.13.0-23.23'},\n {'osver': '21.10', 'pkgname': 'linux-headers-5.13.0-23-generic-lpae', 'pkgver': '5.13.0-23.23'},\n {'osver': '21.10', 'pkgname': 'linux-headers-5.13.0-23-lowlatency', 'pkgver': '5.13.0-23.23'},\n {'osver': '21.10', 'pkgname': 'linux-headers-aws', 'pkgver': '5.13.0.1008.10'},\n {'osver': '21.10', 'pkgname': 'linux-headers-azure', 'pkgver': '5.13.0.1009.10'},\n {'osver': '21.10', 'pkgname': 'linux-headers-gcp', 'pkgver': '5.13.0.1008.9'},\n {'osver': '21.10', 'pkgname': 'linux-headers-generic', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-headers-generic-64k', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-headers-generic-64k-hwe-20.04', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-headers-generic-64k-hwe-20.04-edge', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-headers-generic-hwe-20.04', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-headers-generic-hwe-20.04-edge', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-headers-generic-lpae', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-headers-generic-lpae-hwe-20.04', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-headers-generic-lpae-hwe-20.04-edge', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-headers-gke', 'pkgver': '5.13.0.1008.9'},\n {'osver': '21.10', 'pkgname': 'linux-headers-kvm', 'pkgver': '5.13.0.1007.7'},\n {'osver': '21.10', 'pkgname': 'linux-headers-lowlatency', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-headers-lowlatency-hwe-20.04', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-headers-lowlatency-hwe-20.04-edge', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-headers-oem-20.04', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-headers-oracle', 'pkgver': '5.13.0.1011.13'},\n {'osver': '21.10', 'pkgname': 'linux-headers-raspi', 'pkgver': '5.13.0.1012.18'},\n {'osver': '21.10', 'pkgname': 'linux-headers-raspi-nolpae', 'pkgver': '5.13.0.1012.18'},\n {'osver': '21.10', 'pkgname': 'linux-headers-virtual', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-headers-virtual-hwe-20.04', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-headers-virtual-hwe-20.04-edge', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-image-5.13.0-1007-kvm', 'pkgver': '5.13.0-1007.7'},\n {'osver': '21.10', 'pkgname': 'linux-image-5.13.0-1008-aws', 'pkgver': '5.13.0-1008.9'},\n {'osver': '21.10', 'pkgname': 'linux-image-5.13.0-1008-gcp', 'pkgver': '5.13.0-1008.9'},\n {'osver': '21.10', 'pkgname': 'linux-image-5.13.0-1009-azure', 'pkgver': '5.13.0-1009.10'},\n {'osver': '21.10', 'pkgname': 'linux-image-5.13.0-1011-oracle', 'pkgver': '5.13.0-1011.13'},\n {'osver': '21.10', 'pkgname': 'linux-image-5.13.0-1012-raspi', 'pkgver': '5.13.0-1012.14'},\n {'osver': '21.10', 'pkgname': 'linux-image-5.13.0-1012-raspi-nolpae', 'pkgver': '5.13.0-1012.14'},\n {'osver': '21.10', 'pkgname': 'linux-image-5.13.0-23-generic', 'pkgver': '5.13.0-23.23'},\n {'osver': '21.10', 'pkgname': 'linux-image-5.13.0-23-generic-64k', 'pkgver': '5.13.0-23.23'},\n {'osver': '21.10', 'pkgname': 'linux-image-5.13.0-23-generic-lpae', 'pkgver': '5.13.0-23.23'},\n {'osver': '21.10', 'pkgname': 'linux-image-5.13.0-23-lowlatency', 'pkgver': '5.13.0-23.23'},\n {'osver': '21.10', 'pkgname': 'linux-image-aws', 'pkgver': '5.13.0.1008.10'},\n {'osver': '21.10', 'pkgname': 'linux-image-azure', 'pkgver': '5.13.0.1009.10'},\n {'osver': '21.10', 'pkgname': 'linux-image-extra-virtual', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-image-extra-virtual-hwe-20.04', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-image-extra-virtual-hwe-20.04-edge', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-image-gcp', 'pkgver': '5.13.0.1008.9'},\n {'osver': '21.10', 'pkgname': 'linux-image-generic', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-image-generic-64k', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-image-generic-64k-hwe-20.04', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-image-generic-64k-hwe-20.04-edge', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-image-generic-hwe-20.04', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-image-generic-hwe-20.04-edge', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-image-generic-lpae', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-image-generic-lpae-hwe-20.04', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-image-generic-lpae-hwe-20.04-edge', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-image-gke', 'pkgver': '5.13.0.1008.9'},\n {'osver': '21.10', 'pkgname': 'linux-image-kvm', 'pkgver': '5.13.0.1007.7'},\n {'osver': '21.10', 'pkgname': 'linux-image-lowlatency', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-image-lowlatency-hwe-20.04', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-image-lowlatency-hwe-20.04-edge', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-image-oem-20.04', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-image-oracle', 'pkgver': '5.13.0.1011.13'},\n {'osver': '21.10', 'pkgname': 'linux-image-raspi', 'pkgver': '5.13.0.1012.18'},\n {'osver': '21.10', 'pkgname': 'linux-image-raspi-nolpae', 'pkgver': '5.13.0.1012.18'},\n {'osver': '21.10', 'pkgname': 'linux-image-unsigned-5.13.0-1007-kvm', 'pkgver': '5.13.0-1007.7'},\n {'osver': '21.10', 'pkgname': 'linux-image-unsigned-5.13.0-1008-gcp', 'pkgver': '5.13.0-1008.9'},\n {'osver': '21.10', 'pkgname': 'linux-image-unsigned-5.13.0-1009-azure', 'pkgver': '5.13.0-1009.10'},\n {'osver': '21.10', 'pkgname': 'linux-image-unsigned-5.13.0-1011-oracle', 'pkgver': '5.13.0-1011.13'},\n {'osver': '21.10', 'pkgname': 'linux-image-unsigned-5.13.0-23-generic', 'pkgver': '5.13.0-23.23'},\n {'osver': '21.10', 'pkgname': 'linux-image-unsigned-5.13.0-23-generic-64k', 'pkgver': '5.13.0-23.23'},\n {'osver': '21.10', 'pkgname': 'linux-image-unsigned-5.13.0-23-lowlatency', 'pkgver': '5.13.0-23.23'},\n {'osver': '21.10', 'pkgname': 'linux-image-virtual', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-image-virtual-hwe-20.04', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-image-virtual-hwe-20.04-edge', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-kvm', 'pkgver': '5.13.0.1007.7'},\n {'osver': '21.10', 'pkgname': 'linux-kvm-headers-5.13.0-1007', 'pkgver': '5.13.0-1007.7'},\n {'osver': '21.10', 'pkgname': 'linux-kvm-tools-5.13.0-1007', 'pkgver': '5.13.0-1007.7'},\n {'osver': '21.10', 'pkgname': 'linux-libc-dev', 'pkgver': '5.13.0-23.23'},\n {'osver': '21.10', 'pkgname': 'linux-lowlatency', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-lowlatency-hwe-20.04', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-lowlatency-hwe-20.04-edge', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-modules-5.13.0-1007-kvm', 'pkgver': '5.13.0-1007.7'},\n {'osver': '21.10', 'pkgname': 'linux-modules-5.13.0-1008-aws', 'pkgver': '5.13.0-1008.9'},\n {'osver': '21.10', 'pkgname': 'linux-modules-5.13.0-1008-gcp', 'pkgver': '5.13.0-1008.9'},\n {'osver': '21.10', 'pkgname': 'linux-modules-5.13.0-1009-azure', 'pkgver': '5.13.0-1009.10'},\n {'osver': '21.10', 'pkgname': 'linux-modules-5.13.0-1011-oracle', 'pkgver': '5.13.0-1011.13'},\n {'osver': '21.10', 'pkgname': 'linux-modules-5.13.0-1012-raspi', 'pkgver': '5.13.0-1012.14'},\n {'osver': '21.10', 'pkgname': 'linux-modules-5.13.0-1012-raspi-nolpae', 'pkgver': '5.13.0-1012.14'},\n {'osver': '21.10', 'pkgname': 'linux-modules-5.13.0-23-generic', 'pkgver': '5.13.0-23.23'},\n {'osver': '21.10', 'pkgname': 'linux-modules-5.13.0-23-generic-64k', 'pkgver': '5.13.0-23.23'},\n {'osver': '21.10', 'pkgname': 'linux-modules-5.13.0-23-generic-lpae', 'pkgver': '5.13.0-23.23'},\n {'osver': '21.10', 'pkgname': 'linux-modules-5.13.0-23-lowlatency', 'pkgver': '5.13.0-23.23'},\n {'osver': '21.10', 'pkgname': 'linux-modules-extra-5.13.0-1008-aws', 'pkgver': '5.13.0-1008.9'},\n {'osver': '21.10', 'pkgname': 'linux-modules-extra-5.13.0-1008-gcp', 'pkgver': '5.13.0-1008.9'},\n {'osver': '21.10', 'pkgname': 'linux-modules-extra-5.13.0-1009-azure', 'pkgver': '5.13.0-1009.10'},\n {'osver': '21.10', 'pkgname': 'linux-modules-extra-5.13.0-1011-oracle', 'pkgver': '5.13.0-1011.13'},\n {'osver': '21.10', 'pkgname': 'linux-modules-extra-5.13.0-1012-raspi', 'pkgver': '5.13.0-1012.14'},\n {'osver': '21.10', 'pkgname': 'linux-modules-extra-5.13.0-1012-raspi-nolpae', 'pkgver': '5.13.0-1012.14'},\n {'osver': '21.10', 'pkgname': 'linux-modules-extra-5.13.0-23-generic', 'pkgver': '5.13.0-23.23'},\n {'osver': '21.10', 'pkgname': 'linux-modules-extra-aws', 'pkgver': '5.13.0.1008.10'},\n {'osver': '21.10', 'pkgname': 'linux-modules-extra-azure', 'pkgver': '5.13.0.1009.10'},\n {'osver': '21.10', 'pkgname': 'linux-modules-extra-gcp', 'pkgver': '5.13.0.1008.9'},\n {'osver': '21.10', 'pkgname': 'linux-modules-extra-gke', 'pkgver': '5.13.0.1008.9'},\n {'osver': '21.10', 'pkgname': 'linux-modules-extra-raspi', 'pkgver': '5.13.0.1012.18'},\n {'osver': '21.10', 'pkgname': 'linux-modules-extra-raspi-nolpae', 'pkgver': '5.13.0.1012.18'},\n {'osver': '21.10', 'pkgname': 'linux-oem-20.04', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-oracle', 'pkgver': '5.13.0.1011.13'},\n {'osver': '21.10', 'pkgname': 'linux-oracle-headers-5.13.0-1011', 'pkgver': '5.13.0-1011.13'},\n {'osver': '21.10', 'pkgname': 'linux-oracle-tools-5.13.0-1011', 'pkgver': '5.13.0-1011.13'},\n {'osver': '21.10', 'pkgname': 'linux-raspi', 'pkgver': '5.13.0.1012.18'},\n {'osver': '21.10', 'pkgname': 'linux-raspi-headers-5.13.0-1012', 'pkgver': '5.13.0-1012.14'},\n {'osver': '21.10', 'pkgname': 'linux-raspi-nolpae', 'pkgver': '5.13.0.1012.18'},\n {'osver': '21.10', 'pkgname': 'linux-raspi-tools-5.13.0-1012', 'pkgver': '5.13.0-1012.14'},\n {'osver': '21.10', 'pkgname': 'linux-source', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-source-5.13.0', 'pkgver': '5.13.0-23.23'},\n {'osver': '21.10', 'pkgname': 'linux-tools-5.13.0-1007-kvm', 'pkgver': '5.13.0-1007.7'},\n {'osver': '21.10', 'pkgname': 'linux-tools-5.13.0-1008-aws', 'pkgver': '5.13.0-1008.9'},\n {'osver': '21.10', 'pkgname': 'linux-tools-5.13.0-1008-gcp', 'pkgver': '5.13.0-1008.9'},\n {'osver': '21.10', 'pkgname': 'linux-tools-5.13.0-1009-azure', 'pkgver': '5.13.0-1009.10'},\n {'osver': '21.10', 'pkgname': 'linux-tools-5.13.0-1011-oracle', 'pkgver': '5.13.0-1011.13'},\n {'osver': '21.10', 'pkgname': 'linux-tools-5.13.0-1012-raspi', 'pkgver': '5.13.0-1012.14'},\n {'osver': '21.10', 'pkgname': 'linux-tools-5.13.0-1012-raspi-nolpae', 'pkgver': '5.13.0-1012.14'},\n {'osver': '21.10', 'pkgname': 'linux-tools-5.13.0-23', 'pkgver': '5.13.0-23.23'},\n {'osver': '21.10', 'pkgname': 'linux-tools-5.13.0-23-generic', 'pkgver': '5.13.0-23.23'},\n {'osver': '21.10', 'pkgname': 'linux-tools-5.13.0-23-generic-64k', 'pkgver': '5.13.0-23.23'},\n {'osver': '21.10', 'pkgname': 'linux-tools-5.13.0-23-generic-lpae', 'pkgver': '5.13.0-23.23'},\n {'osver': '21.10', 'pkgname': 'linux-tools-5.13.0-23-lowlatency', 'pkgver': '5.13.0-23.23'},\n {'osver': '21.10', 'pkgname': 'linux-tools-aws', 'pkgver': '5.13.0.1008.10'},\n {'osver': '21.10', 'pkgname': 'linux-tools-azure', 'pkgver': '5.13.0.1009.10'},\n {'osver': '21.10', 'pkgname': 'linux-tools-common', 'pkgver': '5.13.0-23.23'},\n {'osver': '21.10', 'pkgname': 'linux-tools-gcp', 'pkgver': '5.13.0.1008.9'},\n {'osver': '21.10', 'pkgname': 'linux-tools-generic', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-tools-generic-64k', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-tools-generic-64k-hwe-20.04', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-tools-generic-64k-hwe-20.04-edge', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-tools-generic-hwe-20.04', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-tools-generic-hwe-20.04-edge', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-tools-generic-lpae', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-tools-generic-lpae-hwe-20.04', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-tools-generic-lpae-hwe-20.04-edge', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-tools-gke', 'pkgver': '5.13.0.1008.9'},\n {'osver': '21.10', 'pkgname': 'linux-tools-host', 'pkgver': '5.13.0-23.23'},\n {'osver': '21.10', 'pkgname': 'linux-tools-kvm', 'pkgver': '5.13.0.1007.7'},\n {'osver': '21.10', 'pkgname': 'linux-tools-lowlatency', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-tools-lowlatency-hwe-20.04', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-tools-lowlatency-hwe-20.04-edge', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-tools-oem-20.04', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-tools-oracle', 'pkgver': '5.13.0.1011.13'},\n {'osver': '21.10', 'pkgname': 'linux-tools-raspi', 'pkgver': '5.13.0.1012.18'},\n {'osver': '21.10', 'pkgname': 'linux-tools-raspi-nolpae', 'pkgver': '5.13.0.1012.18'},\n {'osver': '21.10', 'pkgname': 'linux-tools-virtual', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-tools-virtual-hwe-20.04', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-tools-virtual-hwe-20.04-edge', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-virtual', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-virtual-hwe-20.04', 'pkgver': '5.13.0.23.34'},\n {'osver': '21.10', 'pkgname': 'linux-virtual-hwe-20.04-edge', 'pkgver': '5.13.0.23.34'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-aws / linux-aws-5.11-cloud-tools-5.11.0-1023 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:35:15", "description": "The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5165-1 advisory.\n\n - dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU display drivers debug filesystem. There are no checks on size within parse_write_buffer_into_params when it uses the size of copy_from_user to copy a userspace buffer into a 40-byte heap buffer. (CVE-2021-42327)\n\n - The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking. (CVE-2021-42739)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\n - An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter- Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type. (CVE-2021-43267)\n\n - An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (CVE-2021-43389)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-01T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5165-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3760", "CVE-2021-3772", "CVE-2021-42327", "CVE-2021-42739", "CVE-2021-43056", "CVE-2021-43267", "CVE-2021-43389"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.14.0-1008-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.14.0-1008-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-20.04d", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.14.0-1008-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04d", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.14.0-1008-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.14.0-1008-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-20.04d", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.14-headers-5.14.0-1008", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.14-tools-5.14.0-1008", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.14-tools-host", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.14.0-1008-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-20.04d"], "id": "UBUNTU_USN-5165-1.NASL", "href": "https://www.tenable.com/plugins/nessus/155750", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5165-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155750);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2021-3760\",\n \"CVE-2021-3772\",\n \"CVE-2021-42327\",\n \"CVE-2021-42739\",\n \"CVE-2021-43056\",\n \"CVE-2021-43267\",\n \"CVE-2021-43389\"\n );\n script_xref(name:\"USN\", value:\"5165-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5165-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-5165-1 advisory.\n\n - dp_link_settings_write in drivers/gpu/drm/amd/display/amdgpu_dm/amdgpu_dm_debugfs.c in the Linux kernel\n through 5.14.14 allows a heap-based buffer overflow by an attacker who can write a string to the AMD GPU\n display drivers debug filesystem. There are no checks on size within parse_write_buffer_into_params when\n it uses the size of copy_from_user to copy a userspace buffer into a 40-byte heap buffer. (CVE-2021-42327)\n\n - The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to\n drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt\n mishandles bounds checking. (CVE-2021-42739)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to\n crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S\n implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\n - An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-\n Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of\n user-supplied sizes for the MSG_CRYPTO message type. (CVE-2021-43267)\n\n - An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in\n the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (CVE-2021-43389)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5165-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-43267\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.14.0-1008-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.14.0-1008-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-20.04d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.14.0-1008-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.14.0-1008-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.14.0-1008-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-20.04d\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.14-headers-5.14.0-1008\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.14-tools-5.14.0-1008\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.14-tools-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.14.0-1008-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-20.04d\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('ubuntu.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2021-3760', 'CVE-2021-3772', 'CVE-2021-42327', 'CVE-2021-42739', 'CVE-2021-43056', 'CVE-2021-43267', 'CVE-2021-43389');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5165-1');\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.14.0-1008-oem', 'pkgver': '5.14.0-1008.8'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.14.0-1008-oem', 'pkgver': '5.14.0-1008.8'},\n {'osver': '20.04', 'pkgname': 'linux-headers-oem-20.04d', 'pkgver': '5.14.0.1008.8'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.14.0-1008-oem', 'pkgver': '5.14.0-1008.8'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem-20.04d', 'pkgver': '5.14.0.1008.8'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.14.0-1008-oem', 'pkgver': '5.14.0-1008.8'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.14.0-1008-oem', 'pkgver': '5.14.0-1008.8'},\n {'osver': '20.04', 'pkgname': 'linux-oem-20.04d', 'pkgver': '5.14.0.1008.8'},\n {'osver': '20.04', 'pkgname': 'linux-oem-5.14-headers-5.14.0-1008', 'pkgver': '5.14.0-1008.8'},\n {'osver': '20.04', 'pkgname': 'linux-oem-5.14-tools-5.14.0-1008', 'pkgver': '5.14.0-1008.8'},\n {'osver': '20.04', 'pkgname': 'linux-oem-5.14-tools-host', 'pkgver': '5.14.0-1008.8'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.14.0-1008-oem', 'pkgver': '5.14.0-1008.8'},\n {'osver': '20.04', 'pkgname': 'linux-tools-oem-20.04d', 'pkgver': '5.14.0.1008.8'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-buildinfo-5.14.0-1008-oem / linux-headers-5.14.0-1008-oem / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-13T14:24:14", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5210-1 advisory.\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability. (CVE-2021-3760)\n\n - A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.\n (CVE-2021-20321)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. (CVE-2021-41864)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-06T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5210-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-26541", "CVE-2021-20321", "CVE-2021-3760", "CVE-2021-4002", "CVE-2021-41864", "CVE-2021-43056", "CVE-2021-43389"], "modified": "2023-07-12T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-crashdump", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.4-headers-5.4.0-1059", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.4-tools-5.4.0-1059", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-headers-5.4.0-1059", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-gcp-tools-5.4.0-1059", "p-cpe:/a:canonical:ubuntu_linux:linux-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4-headers-5.4.0-1057", "p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4-tools-5.4.0-1057", "p-cpe:/a:canonical:ubuntu_linux:linux-gke-headers-5.4.0-1057", "p-cpe:/a:canonical:ubuntu_linux:linux-gke-tools-5.4.0-1057", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-cloud-tools-5.4.0-1029", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-headers-5.4.0-1029", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-source-5.4.0", "p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-tools-5.4.0-1029", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1010-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1029-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1048-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1051-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1057-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1059-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1059-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1061-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1065-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-92", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-92-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-92-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-92-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gke-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-gkeop-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-ibm-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-osp1", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi2-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi2-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-snapdragon-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-snapdragon-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-cloud-tools-5.4.0-92", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-cloud-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-headers-5.4.0-92", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-source-5.4.0", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-tools-5.4.0-92", "p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-cloud-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-headers-5.4.0-1010", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-source-5.4.0", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-tools-5.4.0-1010", "p-cpe:/a:canonical:ubuntu_linux:linux-ibm-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1010-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1029-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1048-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1051-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1057-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1059-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1059-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1065-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-92-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-92-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-92-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-osp1", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1010-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1029-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1051-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1057-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1059-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1059-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1061-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1065-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-92-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-92-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-kvm-headers-5.4.0-1051", "p-cpe:/a:canonical:ubuntu_linux:linux-kvm-tools-5.4.0-1051", "p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev", "p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1010-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1029-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1048-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1051-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1057-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1059-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1059-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1061-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1065-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-92-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-92-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-92-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1010-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1029-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1057-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1059-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1059-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1061-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1065-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-92-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gke-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gkeop-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-ibm-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-virtual-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-osp1", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-osp1-tools-host", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-tools-host", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.4-headers-5.4.0-1059", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.4-tools-5.4.0-1059", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-headers-5.4.0-1059", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-oracle-tools-5.4.0-1059", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi-headers-5.4.0-1048", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi-tools-5.4.0-1048", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi2-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-raspi2-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-signed-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-snapdragon-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-snapdragon-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-source", "p-cpe:/a:canonical:ubuntu_linux:linux-source-5.4.0", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1010-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1029-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1048-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1051-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1057-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1059-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1059-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1061-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1065-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-92", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-92-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-92-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-92-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gke-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-gkeop-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-host", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-ibm-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-osp1", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi2-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi2-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-snapdragon-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-snapdragon-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-virtual-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-virtual-hwe-18.04-edge", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.4-cloud-tools-5.4.0-1061", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.4-headers-5.4.0-1061", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.4-tools-5.4.0-1061", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-cloud-tools-5.4.0-1061", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-headers-5.4.0-1061", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-aws-tools-5.4.0-1061", "p-cpe:/a:canonical:ubuntu_linux:linux-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.4-cloud-tools-5.4.0-1065", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.4-headers-5.4.0-1065", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.4-tools-5.4.0-1065", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-cloud-tools-5.4.0-1065", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-headers-5.4.0-1065", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-azure-tools-5.4.0-1065", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1010-ibm", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1029-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1048-raspi", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1051-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1057-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1059-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1059-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1061-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1065-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-92-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-92-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-92-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-1029-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-1061-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-1065-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-92", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-92-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-92-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure-lts-20.04", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-common", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-18.04", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-18.04-edge", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-gkeop", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-gkeop-5.4", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-18.04"], "id": "UBUNTU_USN-5210-1.NASL", "href": "https://www.tenable.com/plugins/nessus/156481", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5210-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156481);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/12\");\n\n script_cve_id(\n \"CVE-2020-26541\",\n \"CVE-2021-3760\",\n \"CVE-2021-4002\",\n \"CVE-2021-20321\",\n \"CVE-2021-41864\",\n \"CVE-2021-43056\",\n \"CVE-2021-43389\"\n );\n script_xref(name:\"USN\", value:\"5210-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-5210-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the USN-5210-1 advisory.\n\n - The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database\n (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c.\n (CVE-2020-26541)\n\n - A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat\n to confidentiality, integrity, and system availability. (CVE-2021-3760)\n\n - A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users\n do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.\n (CVE-2021-20321)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows\n unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds\n write. (CVE-2021-41864)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to\n crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S\n implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5210-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3760\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-41864\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.4-cloud-tools-5.4.0-1061\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.4-headers-5.4.0-1061\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-5.4-tools-5.4.0-1061\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-cloud-tools-5.4.0-1061\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-headers-5.4.0-1061\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-aws-tools-5.4.0-1061\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.4-cloud-tools-5.4.0-1065\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.4-headers-5.4.0-1065\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-5.4-tools-5.4.0-1065\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-cloud-tools-5.4.0-1065\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-headers-5.4.0-1065\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-azure-tools-5.4.0-1065\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1010-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1029-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1048-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1051-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1057-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1059-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1059-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1061-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-1065-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-92-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-92-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.4.0-92-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-1029-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-1061-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-1065-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-92\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-92-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-5.4.0-92-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-azure-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-generic-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-gkeop-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-lowlatency-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-cloud-tools-virtual-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-crashdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.4-headers-5.4.0-1059\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-5.4-tools-5.4.0-1059\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-headers-5.4.0-1059\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gcp-tools-5.4.0-1059\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-generic-lpae-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4-headers-5.4.0-1057\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gke-5.4-tools-5.4.0-1057\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gke-headers-5.4.0-1057\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gke-tools-5.4.0-1057\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-cloud-tools-5.4.0-1029\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-headers-5.4.0-1029\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-source-5.4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-gkeop-tools-5.4.0-1029\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1010-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1029-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1048-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1051-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1057-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1059-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1059-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1061-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-1065-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-92\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-92-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-92-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.4.0-92-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-aws-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-azure-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gcp-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-generic-lpae-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gke-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-gkeop-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-ibm-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-lowlatency-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-osp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oracle-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi2-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-raspi2-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-snapdragon-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-snapdragon-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-virtual-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-cloud-tools-5.4.0-92\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-cloud-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-headers-5.4.0-92\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-source-5.4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-tools-5.4.0-92\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-hwe-5.4-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-cloud-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-headers-5.4.0-1010\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-source-5.4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-tools-5.4.0-1010\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-ibm-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1010-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1029-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1048-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1051-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1057-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1059-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1059-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-1065-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-92-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-92-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.4.0-92-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-extra-virtual-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gkeop-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-ibm-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-osp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1010-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1029-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1051-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1057-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1059-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1059-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1061-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-1065-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-92-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.4.0-92-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kvm-headers-5.4.0-1051\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-kvm-tools-5.4.0-1051\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-lowlatency-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1010-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1029-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1048-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1051-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1057-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1059-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1059-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1061-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-1065-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-92-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-92-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.4.0-92-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1010-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1029-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1057-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1059-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1059-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1061-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-1065-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-5.4.0-92-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-aws-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-azure-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gcp-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gke-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-gkeop-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-ibm-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-extra-virtual-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-osp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-osp1-tools-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-tools-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.4-headers-5.4.0-1059\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-5.4-tools-5.4.0-1059\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-headers-5.4.0-1059\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oracle-tools-5.4.0-1059\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi-headers-5.4.0-1048\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi-tools-5.4.0-1048\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi2-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-raspi2-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-image-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-signed-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-snapdragon-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-snapdragon-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-source-5.4.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1010-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1029-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1048-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1051-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1057-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1059-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1059-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1061-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-1065-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-92\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-92-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-92-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.4.0-92-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-aws-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-azure-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gcp-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-generic-lpae-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gke-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gkeop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-gkeop-5.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-ibm-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-lowlatency-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-osp1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oracle-lts-20.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi2-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-raspi2-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-snapdragon-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-snapdragon-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-virtual-hwe-18.04-edge\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-virtual-hwe-18.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-virtual-hwe-18.04-edge\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '18.04', 'pkgname': 'linux-aws', 'pkgver': '5.4.0.1061.44'},\n {'osver': '18.04', 'pkgname': 'linux-aws-5.4-cloud-tools-5.4.0-1061', 'pkgver': '5.4.0-1061.64~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-aws-5.4-headers-5.4.0-1061', 'pkgver': '5.4.0-1061.64~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-aws-5.4-tools-5.4.0-1061', 'pkgver': '5.4.0-1061.64~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-aws-edge', 'pkgver': '5.4.0.1061.44'},\n {'osver': '18.04', 'pkgname': 'linux-azure', 'pkgver': '5.4.0.1065.45'},\n {'osver': '18.04', 'pkgname': 'linux-azure-5.4-cloud-tools-5.4.0-1065', 'pkgver': '5.4.0-1065.68~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-azure-5.4-headers-5.4.0-1065', 'pkgver': '5.4.0-1065.68~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-azure-5.4-tools-5.4.0-1065', 'pkgver': '5.4.0-1065.68~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-azure-edge', 'pkgver': '5.4.0.1065.45'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-1029-gkeop', 'pkgver': '5.4.0-1029.30~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-1057-gke', 'pkgver': '5.4.0-1057.60~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-1059-gcp', 'pkgver': '5.4.0-1059.63~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-1059-oracle', 'pkgver': '5.4.0-1059.63~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-1061-aws', 'pkgver': '5.4.0-1061.64~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-1065-azure', 'pkgver': '5.4.0-1065.68~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-92-generic', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-92-generic-lpae', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-buildinfo-5.4.0-92-lowlatency', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-5.4.0-1029-gkeop', 'pkgver': '5.4.0-1029.30~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-5.4.0-1061-aws', 'pkgver': '5.4.0-1061.64~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-5.4.0-1065-azure', 'pkgver': '5.4.0-1065.68~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-5.4.0-92-generic', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-5.4.0-92-lowlatency', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-azure', 'pkgver': '5.4.0.1065.45'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-azure-edge', 'pkgver': '5.4.0.1065.45'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-generic-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-generic-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-gkeop-5.4', 'pkgver': '5.4.0.1029.30~18.04.30'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-virtual-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-cloud-tools-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-gcp', 'pkgver': '5.4.0.1059.45'},\n {'osver': '18.04', 'pkgname': 'linux-gcp-5.4-headers-5.4.0-1059', 'pkgver': '5.4.0-1059.63~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-gcp-5.4-tools-5.4.0-1059', 'pkgver': '5.4.0-1059.63~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-gcp-edge', 'pkgver': '5.4.0.1059.45'},\n {'osver': '18.04', 'pkgname': 'linux-generic-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-generic-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-gke-5.4', 'pkgver': '5.4.0.1057.60~18.04.22'},\n {'osver': '18.04', 'pkgname': 'linux-gke-5.4-headers-5.4.0-1057', 'pkgver': '5.4.0-1057.60~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-gke-5.4-tools-5.4.0-1057', 'pkgver': '5.4.0-1057.60~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-gkeop-5.4', 'pkgver': '5.4.0.1029.30~18.04.30'},\n {'osver': '18.04', 'pkgname': 'linux-gkeop-5.4-cloud-tools-5.4.0-1029', 'pkgver': '5.4.0-1029.30~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-gkeop-5.4-headers-5.4.0-1029', 'pkgver': '5.4.0-1029.30~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-gkeop-5.4-source-5.4.0', 'pkgver': '5.4.0-1029.30~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-gkeop-5.4-tools-5.4.0-1029', 'pkgver': '5.4.0-1029.30~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-1029-gkeop', 'pkgver': '5.4.0-1029.30~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-1057-gke', 'pkgver': '5.4.0-1057.60~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-1059-gcp', 'pkgver': '5.4.0-1059.63~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-1059-oracle', 'pkgver': '5.4.0-1059.63~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-1061-aws', 'pkgver': '5.4.0-1061.64~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-1065-azure', 'pkgver': '5.4.0-1065.68~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-92-generic', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-92-generic-lpae', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-headers-5.4.0-92-lowlatency', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-headers-aws', 'pkgver': '5.4.0.1061.44'},\n {'osver': '18.04', 'pkgname': 'linux-headers-aws-edge', 'pkgver': '5.4.0.1061.44'},\n {'osver': '18.04', 'pkgname': 'linux-headers-azure', 'pkgver': '5.4.0.1065.45'},\n {'osver': '18.04', 'pkgname': 'linux-headers-azure-edge', 'pkgver': '5.4.0.1065.45'},\n {'osver': '18.04', 'pkgname': 'linux-headers-gcp', 'pkgver': '5.4.0.1059.45'},\n {'osver': '18.04', 'pkgname': 'linux-headers-gcp-edge', 'pkgver': '5.4.0.1059.45'},\n {'osver': '18.04', 'pkgname': 'linux-headers-generic-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-headers-generic-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-headers-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-headers-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-headers-gke-5.4', 'pkgver': '5.4.0.1057.60~18.04.22'},\n {'osver': '18.04', 'pkgname': 'linux-headers-gkeop-5.4', 'pkgver': '5.4.0.1029.30~18.04.30'},\n {'osver': '18.04', 'pkgname': 'linux-headers-lowlatency-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-headers-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-headers-oem', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-headers-oem-osp1', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-headers-oracle', 'pkgver': '5.4.0.1059.63~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-headers-oracle-edge', 'pkgver': '5.4.0.1059.63~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-headers-snapdragon-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-headers-snapdragon-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-headers-virtual-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-headers-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-hwe-5.4-cloud-tools-5.4.0-92', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-hwe-5.4-cloud-tools-common', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-hwe-5.4-headers-5.4.0-92', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-hwe-5.4-source-5.4.0', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-hwe-5.4-tools-5.4.0-92', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-hwe-5.4-tools-common', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1029-gkeop', 'pkgver': '5.4.0-1029.30~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1057-gke', 'pkgver': '5.4.0-1057.60~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1059-gcp', 'pkgver': '5.4.0-1059.63~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1059-oracle', 'pkgver': '5.4.0-1059.63~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-1065-azure', 'pkgver': '5.4.0-1065.68~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-92-generic', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-92-generic-lpae', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-image-5.4.0-92-lowlatency', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-image-aws', 'pkgver': '5.4.0.1061.44'},\n {'osver': '18.04', 'pkgname': 'linux-image-aws-edge', 'pkgver': '5.4.0.1061.44'},\n {'osver': '18.04', 'pkgname': 'linux-image-azure', 'pkgver': '5.4.0.1065.45'},\n {'osver': '18.04', 'pkgname': 'linux-image-azure-edge', 'pkgver': '5.4.0.1065.45'},\n {'osver': '18.04', 'pkgname': 'linux-image-extra-virtual-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-image-extra-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-image-gcp', 'pkgver': '5.4.0.1059.45'},\n {'osver': '18.04', 'pkgname': 'linux-image-gcp-edge', 'pkgver': '5.4.0.1059.45'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-image-gke-5.4', 'pkgver': '5.4.0.1057.60~18.04.22'},\n {'osver': '18.04', 'pkgname': 'linux-image-gkeop-5.4', 'pkgver': '5.4.0.1029.30~18.04.30'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-image-oem', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-image-oem-osp1', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-image-oracle', 'pkgver': '5.4.0.1059.63~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-image-oracle-edge', 'pkgver': '5.4.0.1059.63~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-image-snapdragon-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-image-snapdragon-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-1029-gkeop', 'pkgver': '5.4.0-1029.30~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-1057-gke', 'pkgver': '5.4.0-1057.60~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-1059-gcp', 'pkgver': '5.4.0-1059.63~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-1059-oracle', 'pkgver': '5.4.0-1059.63~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-1061-aws', 'pkgver': '5.4.0-1061.64~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-1065-azure', 'pkgver': '5.4.0-1065.68~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-92-generic', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-image-unsigned-5.4.0-92-lowlatency', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-image-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-lowlatency-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-1029-gkeop', 'pkgver': '5.4.0-1029.30~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-1057-gke', 'pkgver': '5.4.0-1057.60~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-1059-gcp', 'pkgver': '5.4.0-1059.63~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-1059-oracle', 'pkgver': '5.4.0-1059.63~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-1061-aws', 'pkgver': '5.4.0-1061.64~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-1065-azure', 'pkgver': '5.4.0-1065.68~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-92-generic', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-92-generic-lpae', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-modules-5.4.0-92-lowlatency', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-5.4.0-1029-gkeop', 'pkgver': '5.4.0-1029.30~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-5.4.0-1057-gke', 'pkgver': '5.4.0-1057.60~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-5.4.0-1059-gcp', 'pkgver': '5.4.0-1059.63~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-5.4.0-1059-oracle', 'pkgver': '5.4.0-1059.63~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-5.4.0-1061-aws', 'pkgver': '5.4.0-1061.64~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-5.4.0-1065-azure', 'pkgver': '5.4.0-1065.68~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-5.4.0-92-generic', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-aws', 'pkgver': '5.4.0.1061.44'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-aws-edge', 'pkgver': '5.4.0.1061.44'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-azure', 'pkgver': '5.4.0.1065.45'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-azure-edge', 'pkgver': '5.4.0.1065.45'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-gcp', 'pkgver': '5.4.0.1059.45'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-gcp-edge', 'pkgver': '5.4.0.1059.45'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-gke-5.4', 'pkgver': '5.4.0.1057.60~18.04.22'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-gkeop-5.4', 'pkgver': '5.4.0.1029.30~18.04.30'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-oracle', 'pkgver': '5.4.0.1059.63~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-oracle-edge', 'pkgver': '5.4.0.1059.63~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-virtual-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-modules-extra-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-oem', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-oem-osp1', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-oracle', 'pkgver': '5.4.0.1059.63~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-oracle-5.4-headers-5.4.0-1059', 'pkgver': '5.4.0-1059.63~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-oracle-5.4-tools-5.4.0-1059', 'pkgver': '5.4.0-1059.63~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-oracle-edge', 'pkgver': '5.4.0.1059.63~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-signed-azure', 'pkgver': '5.4.0.1065.45'},\n {'osver': '18.04', 'pkgname': 'linux-signed-azure-edge', 'pkgver': '5.4.0.1065.45'},\n {'osver': '18.04', 'pkgname': 'linux-signed-image-azure', 'pkgver': '5.4.0.1065.45'},\n {'osver': '18.04', 'pkgname': 'linux-signed-image-azure-edge', 'pkgver': '5.4.0.1065.45'},\n {'osver': '18.04', 'pkgname': 'linux-signed-image-oracle', 'pkgver': '5.4.0.1059.63~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-signed-image-oracle-edge', 'pkgver': '5.4.0.1059.63~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-signed-oracle', 'pkgver': '5.4.0.1059.63~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-signed-oracle-edge', 'pkgver': '5.4.0.1059.63~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-snapdragon-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-snapdragon-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-1029-gkeop', 'pkgver': '5.4.0-1029.30~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-1057-gke', 'pkgver': '5.4.0-1057.60~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-1059-gcp', 'pkgver': '5.4.0-1059.63~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-1059-oracle', 'pkgver': '5.4.0-1059.63~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-1061-aws', 'pkgver': '5.4.0-1061.64~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-1065-azure', 'pkgver': '5.4.0-1065.68~18.04.1'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-92-generic', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-92-generic-lpae', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-tools-5.4.0-92-lowlatency', 'pkgver': '5.4.0-92.103~18.04.2'},\n {'osver': '18.04', 'pkgname': 'linux-tools-aws', 'pkgver': '5.4.0.1061.44'},\n {'osver': '18.04', 'pkgname': 'linux-tools-aws-edge', 'pkgver': '5.4.0.1061.44'},\n {'osver': '18.04', 'pkgname': 'linux-tools-azure', 'pkgver': '5.4.0.1065.45'},\n {'osver': '18.04', 'pkgname': 'linux-tools-azure-edge', 'pkgver': '5.4.0.1065.45'},\n {'osver': '18.04', 'pkgname': 'linux-tools-gcp', 'pkgver': '5.4.0.1059.45'},\n {'osver': '18.04', 'pkgname': 'linux-tools-gcp-edge', 'pkgver': '5.4.0.1059.45'},\n {'osver': '18.04', 'pkgname': 'linux-tools-generic-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-tools-generic-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-tools-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-tools-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-tools-gke-5.4', 'pkgver': '5.4.0.1057.60~18.04.22'},\n {'osver': '18.04', 'pkgname': 'linux-tools-gkeop-5.4', 'pkgver': '5.4.0.1029.30~18.04.30'},\n {'osver': '18.04', 'pkgname': 'linux-tools-lowlatency-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-tools-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-tools-oem', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-tools-oem-osp1', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-tools-oracle', 'pkgver': '5.4.0.1059.63~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-tools-oracle-edge', 'pkgver': '5.4.0.1059.63~18.04.39'},\n {'osver': '18.04', 'pkgname': 'linux-tools-snapdragon-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-tools-snapdragon-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-tools-virtual-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-tools-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-virtual-hwe-18.04', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '18.04', 'pkgname': 'linux-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.92.103~18.04.82'},\n {'osver': '20.04', 'pkgname': 'linux-aws-cloud-tools-5.4.0-1061', 'pkgver': '5.4.0-1061.64'},\n {'osver': '20.04', 'pkgname': 'linux-aws-headers-5.4.0-1061', 'pkgver': '5.4.0-1061.64'},\n {'osver': '20.04', 'pkgname': 'linux-aws-lts-20.04', 'pkgver': '5.4.0.1061.64'},\n {'osver': '20.04', 'pkgname': 'linux-aws-tools-5.4.0-1061', 'pkgver': '5.4.0-1061.64'},\n {'osver': '20.04', 'pkgname': 'linux-azure-cloud-tools-5.4.0-1065', 'pkgver': '5.4.0-1065.68'},\n {'osver': '20.04', 'pkgname': 'linux-azure-headers-5.4.0-1065', 'pkgver': '5.4.0-1065.68'},\n {'osver': '20.04', 'pkgname': 'linux-azure-lts-20.04', 'pkgver': '5.4.0.1065.63'},\n {'osver': '20.04', 'pkgname': 'linux-azure-tools-5.4.0-1065', 'pkgver': '5.4.0-1065.68'},\n {'osver': '20.04', 'pkgname': 'linux-bluefield', 'pkgver': '5.4.0.1023.24'},\n {'osver': '20.04', 'pkgname': 'linux-bluefield-headers-5.4.0-1023', 'pkgver': '5.4.0-1023.26'},\n {'osver': '20.04', 'pkgname': 'linux-bluefield-tools-5.4.0-1023', 'pkgver': '5.4.0-1023.26'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1010-ibm', 'pkgver': '5.4.0-1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1023-bluefield', 'pkgver': '5.4.0-1023.26'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1029-gkeop', 'pkgver': '5.4.0-1029.30'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1048-raspi', 'pkgver': '5.4.0-1048.53'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1051-kvm', 'pkgver': '5.4.0-1051.53'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1057-gke', 'pkgver': '5.4.0-1057.60'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1059-gcp', 'pkgver': '5.4.0-1059.63'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1059-oracle', 'pkgver': '5.4.0-1059.63'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1061-aws', 'pkgver': '5.4.0-1061.64'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-1065-azure', 'pkgver': '5.4.0-1065.68'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-92-generic', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-92-generic-lpae', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.4.0-92-lowlatency', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.4.0-1029-gkeop', 'pkgver': '5.4.0-1029.30'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.4.0-1061-aws', 'pkgver': '5.4.0-1061.64'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.4.0-1065-azure', 'pkgver': '5.4.0-1065.68'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.4.0-92', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.4.0-92-generic', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-5.4.0-92-lowlatency', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-azure-lts-20.04', 'pkgver': '5.4.0.1065.63'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-common', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-generic', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-generic-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-generic-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-gkeop', 'pkgver': '5.4.0.1029.32'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-gkeop-5.4', 'pkgver': '5.4.0.1029.32'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-lowlatency', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-virtual', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-virtual-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-cloud-tools-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-crashdump', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-gcp-headers-5.4.0-1059', 'pkgver': '5.4.0-1059.63'},\n {'osver': '20.04', 'pkgname': 'linux-gcp-lts-20.04', 'pkgver': '5.4.0.1059.69'},\n {'osver': '20.04', 'pkgname': 'linux-gcp-tools-5.4.0-1059', 'pkgver': '5.4.0-1059.63'},\n {'osver': '20.04', 'pkgname': 'linux-generic', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-generic-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-generic-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-generic-lpae', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-gke', 'pkgver': '5.4.0.1057.67'},\n {'osver': '20.04', 'pkgname': 'linux-gke-5.4', 'pkgver': '5.4.0.1057.67'},\n {'osver': '20.04', 'pkgname': 'linux-gke-headers-5.4.0-1057', 'pkgver': '5.4.0-1057.60'},\n {'osver': '20.04', 'pkgname': 'linux-gke-tools-5.4.0-1057', 'pkgver': '5.4.0-1057.60'},\n {'osver': '20.04', 'pkgname': 'linux-gkeop', 'pkgver': '5.4.0.1029.32'},\n {'osver': '20.04', 'pkgname': 'linux-gkeop-5.4', 'pkgver': '5.4.0.1029.32'},\n {'osver': '20.04', 'pkgname': 'linux-gkeop-cloud-tools-5.4.0-1029', 'pkgver': '5.4.0-1029.30'},\n {'osver': '20.04', 'pkgname': 'linux-gkeop-headers-5.4.0-1029', 'pkgver': '5.4.0-1029.30'},\n {'osver': '20.04', 'pkgname': 'linux-gkeop-source-5.4.0', 'pkgver': '5.4.0-1029.30'},\n {'osver': '20.04', 'pkgname': 'linux-gkeop-tools-5.4.0-1029', 'pkgver': '5.4.0-1029.30'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1010-ibm', 'pkgver': '5.4.0-1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1023-bluefield', 'pkgver': '5.4.0-1023.26'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1029-gkeop', 'pkgver': '5.4.0-1029.30'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1048-raspi', 'pkgver': '5.4.0-1048.53'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1051-kvm', 'pkgver': '5.4.0-1051.53'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1057-gke', 'pkgver': '5.4.0-1057.60'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1059-gcp', 'pkgver': '5.4.0-1059.63'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1059-oracle', 'pkgver': '5.4.0-1059.63'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1061-aws', 'pkgver': '5.4.0-1061.64'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-1065-azure', 'pkgver': '5.4.0-1065.68'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-92', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-92-generic', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-92-generic-lpae', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.4.0-92-lowlatency', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-headers-aws-lts-20.04', 'pkgver': '5.4.0.1061.64'},\n {'osver': '20.04', 'pkgname': 'linux-headers-azure-lts-20.04', 'pkgver': '5.4.0.1065.63'},\n {'osver': '20.04', 'pkgname': 'linux-headers-bluefield', 'pkgver': '5.4.0.1023.24'},\n {'osver': '20.04', 'pkgname': 'linux-headers-gcp-lts-20.04', 'pkgver': '5.4.0.1059.69'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic-lpae', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-headers-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-headers-gke', 'pkgver': '5.4.0.1057.67'},\n {'osver': '20.04', 'pkgname': 'linux-headers-gke-5.4', 'pkgver': '5.4.0.1057.67'},\n {'osver': '20.04', 'pkgname': 'linux-headers-gkeop', 'pkgver': '5.4.0.1029.32'},\n {'osver': '20.04', 'pkgname': 'linux-headers-gkeop-5.4', 'pkgver': '5.4.0.1029.32'},\n {'osver': '20.04', 'pkgname': 'linux-headers-ibm', 'pkgver': '5.4.0.1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-headers-ibm-lts-20.04', 'pkgver': '5.4.0.1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-headers-kvm', 'pkgver': '5.4.0.1051.50'},\n {'osver': '20.04', 'pkgname': 'linux-headers-lowlatency', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-headers-lowlatency-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-headers-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-headers-oem', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-headers-oem-osp1', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-headers-oracle-lts-20.04', 'pkgver': '5.4.0.1059.59'},\n {'osver': '20.04', 'pkgname': 'linux-headers-raspi', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-headers-raspi-hwe-18.04', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-headers-raspi-hwe-18.04-edge', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-headers-raspi2', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-headers-raspi2-hwe-18.04', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-headers-raspi2-hwe-18.04-edge', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-headers-virtual', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-headers-virtual-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-headers-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-ibm', 'pkgver': '5.4.0.1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-ibm-cloud-tools-common', 'pkgver': '5.4.0-1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-ibm-headers-5.4.0-1010', 'pkgver': '5.4.0-1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-ibm-lts-20.04', 'pkgver': '5.4.0.1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-ibm-source-5.4.0', 'pkgver': '5.4.0-1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-ibm-tools-5.4.0-1010', 'pkgver': '5.4.0-1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-ibm-tools-common', 'pkgver': '5.4.0-1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1010-ibm', 'pkgver': '5.4.0-1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1023-bluefield', 'pkgver': '5.4.0-1023.26'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1029-gkeop', 'pkgver': '5.4.0-1029.30'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1048-raspi', 'pkgver': '5.4.0-1048.53'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1051-kvm', 'pkgver': '5.4.0-1051.53'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1057-gke', 'pkgver': '5.4.0-1057.60'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1059-gcp', 'pkgver': '5.4.0-1059.63'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1059-oracle', 'pkgver': '5.4.0-1059.63'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-1065-azure', 'pkgver': '5.4.0-1065.68'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-92-generic', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-92-generic-lpae', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.4.0-92-lowlatency', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-image-aws-lts-20.04', 'pkgver': '5.4.0.1061.64'},\n {'osver': '20.04', 'pkgname': 'linux-image-azure-lts-20.04', 'pkgver': '5.4.0.1065.63'},\n {'osver': '20.04', 'pkgname': 'linux-image-bluefield', 'pkgver': '5.4.0.1023.24'},\n {'osver': '20.04', 'pkgname': 'linux-image-extra-virtual', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-image-extra-virtual-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-image-extra-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-image-gcp-lts-20.04', 'pkgver': '5.4.0.1059.69'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-image-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-image-gke', 'pkgver': '5.4.0.1057.67'},\n {'osver': '20.04', 'pkgname': 'linux-image-gke-5.4', 'pkgver': '5.4.0.1057.67'},\n {'osver': '20.04', 'pkgname': 'linux-image-gkeop', 'pkgver': '5.4.0.1029.32'},\n {'osver': '20.04', 'pkgname': 'linux-image-gkeop-5.4', 'pkgver': '5.4.0.1029.32'},\n {'osver': '20.04', 'pkgname': 'linux-image-ibm', 'pkgver': '5.4.0.1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-image-ibm-lts-20.04', 'pkgver': '5.4.0.1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-image-kvm', 'pkgver': '5.4.0.1051.50'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-image-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem-osp1', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-image-oracle-lts-20.04', 'pkgver': '5.4.0.1059.59'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi-hwe-18.04', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi-hwe-18.04-edge', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi2', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi2-hwe-18.04', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-image-raspi2-hwe-18.04-edge', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-1010-ibm', 'pkgver': '5.4.0-1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-1023-bluefield', 'pkgver': '5.4.0-1023.26'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-1029-gkeop', 'pkgver': '5.4.0-1029.30'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-1051-kvm', 'pkgver': '5.4.0-1051.53'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-1057-gke', 'pkgver': '5.4.0-1057.60'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-1059-gcp', 'pkgver': '5.4.0-1059.63'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-1059-oracle', 'pkgver': '5.4.0-1059.63'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-1061-aws', 'pkgver': '5.4.0-1061.64'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-1065-azure', 'pkgver': '5.4.0-1065.68'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-92-generic', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.4.0-92-lowlatency', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-image-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-kvm', 'pkgver': '5.4.0.1051.50'},\n {'osver': '20.04', 'pkgname': 'linux-kvm-headers-5.4.0-1051', 'pkgver': '5.4.0-1051.53'},\n {'osver': '20.04', 'pkgname': 'linux-kvm-tools-5.4.0-1051', 'pkgver': '5.4.0-1051.53'},\n {'osver': '20.04', 'pkgname': 'linux-libc-dev', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-lowlatency', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-lowlatency-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1010-ibm', 'pkgver': '5.4.0-1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1023-bluefield', 'pkgver': '5.4.0-1023.26'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1029-gkeop', 'pkgver': '5.4.0-1029.30'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1048-raspi', 'pkgver': '5.4.0-1048.53'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1051-kvm', 'pkgver': '5.4.0-1051.53'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1057-gke', 'pkgver': '5.4.0-1057.60'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1059-gcp', 'pkgver': '5.4.0-1059.63'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1059-oracle', 'pkgver': '5.4.0-1059.63'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1061-aws', 'pkgver': '5.4.0-1061.64'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-1065-azure', 'pkgver': '5.4.0-1065.68'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-92-generic', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-92-generic-lpae', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.4.0-92-lowlatency', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.4.0-1010-ibm', 'pkgver': '5.4.0-1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.4.0-1029-gkeop', 'pkgver': '5.4.0-1029.30'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.4.0-1057-gke', 'pkgver': '5.4.0-1057.60'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.4.0-1059-gcp', 'pkgver': '5.4.0-1059.63'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.4.0-1059-oracle', 'pkgver': '5.4.0-1059.63'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.4.0-1061-aws', 'pkgver': '5.4.0-1061.64'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.4.0-1065-azure', 'pkgver': '5.4.0-1065.68'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-5.4.0-92-generic', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-aws-lts-20.04', 'pkgver': '5.4.0.1061.64'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-azure-lts-20.04', 'pkgver': '5.4.0.1065.63'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-gcp-lts-20.04', 'pkgver': '5.4.0.1059.69'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-gke', 'pkgver': '5.4.0.1057.67'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-gke-5.4', 'pkgver': '5.4.0.1057.67'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-gkeop', 'pkgver': '5.4.0.1029.32'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-gkeop-5.4', 'pkgver': '5.4.0.1029.32'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-ibm', 'pkgver': '5.4.0.1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-modules-extra-ibm-lts-20.04', 'pkgver': '5.4.0.1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-oem', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-oem-osp1', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-oem-osp1-tools-host', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-oem-tools-host', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-oracle-headers-5.4.0-1059', 'pkgver': '5.4.0-1059.63'},\n {'osver': '20.04', 'pkgname': 'linux-oracle-lts-20.04', 'pkgver': '5.4.0.1059.59'},\n {'osver': '20.04', 'pkgname': 'linux-oracle-tools-5.4.0-1059', 'pkgver': '5.4.0-1059.63'},\n {'osver': '20.04', 'pkgname': 'linux-raspi', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-raspi-headers-5.4.0-1048', 'pkgver': '5.4.0-1048.53'},\n {'osver': '20.04', 'pkgname': 'linux-raspi-hwe-18.04', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-raspi-hwe-18.04-edge', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-raspi-tools-5.4.0-1048', 'pkgver': '5.4.0-1048.53'},\n {'osver': '20.04', 'pkgname': 'linux-raspi2', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-raspi2-hwe-18.04', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-raspi2-hwe-18.04-edge', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-source', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-source-5.4.0', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1010-ibm', 'pkgver': '5.4.0-1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1023-bluefield', 'pkgver': '5.4.0-1023.26'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1029-gkeop', 'pkgver': '5.4.0-1029.30'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1048-raspi', 'pkgver': '5.4.0-1048.53'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1051-kvm', 'pkgver': '5.4.0-1051.53'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1057-gke', 'pkgver': '5.4.0-1057.60'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1059-gcp', 'pkgver': '5.4.0-1059.63'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1059-oracle', 'pkgver': '5.4.0-1059.63'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1061-aws', 'pkgver': '5.4.0-1061.64'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-1065-azure', 'pkgver': '5.4.0-1065.68'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-92', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-92-generic', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-92-generic-lpae', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.4.0-92-lowlatency', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-tools-aws-lts-20.04', 'pkgver': '5.4.0.1061.64'},\n {'osver': '20.04', 'pkgname': 'linux-tools-azure-lts-20.04', 'pkgver': '5.4.0.1065.63'},\n {'osver': '20.04', 'pkgname': 'linux-tools-bluefield', 'pkgver': '5.4.0.1023.24'},\n {'osver': '20.04', 'pkgname': 'linux-tools-common', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-tools-gcp-lts-20.04', 'pkgver': '5.4.0.1059.69'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic-lpae', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic-lpae-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-tools-generic-lpae-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-tools-gke', 'pkgver': '5.4.0.1057.67'},\n {'osver': '20.04', 'pkgname': 'linux-tools-gke-5.4', 'pkgver': '5.4.0.1057.67'},\n {'osver': '20.04', 'pkgname': 'linux-tools-gkeop', 'pkgver': '5.4.0.1029.32'},\n {'osver': '20.04', 'pkgname': 'linux-tools-gkeop-5.4', 'pkgver': '5.4.0.1029.32'},\n {'osver': '20.04', 'pkgname': 'linux-tools-host', 'pkgver': '5.4.0-92.103'},\n {'osver': '20.04', 'pkgname': 'linux-tools-ibm', 'pkgver': '5.4.0.1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-tools-ibm-lts-20.04', 'pkgver': '5.4.0.1010.11'},\n {'osver': '20.04', 'pkgname': 'linux-tools-kvm', 'pkgver': '5.4.0.1051.50'},\n {'osver': '20.04', 'pkgname': 'linux-tools-lowlatency', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-tools-lowlatency-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-tools-lowlatency-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-tools-oem', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-tools-oem-osp1', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-tools-oracle-lts-20.04', 'pkgver': '5.4.0.1059.59'},\n {'osver': '20.04', 'pkgname': 'linux-tools-raspi', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-tools-raspi-hwe-18.04', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-tools-raspi-hwe-18.04-edge', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-tools-raspi2', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-tools-raspi2-hwe-18.04', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-tools-raspi2-hwe-18.04-edge', 'pkgver': '5.4.0.1048.83'},\n {'osver': '20.04', 'pkgname': 'linux-tools-virtual', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-tools-virtual-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-tools-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-virtual', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-virtual-hwe-18.04', 'pkgver': '5.4.0.92.96'},\n {'osver': '20.04', 'pkgname': 'linux-virtual-hwe-18.04-edge', 'pkgver': '5.4.0.92.96'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-aws / linux-aws-5.4-cloud-tools-5.4.0-1061 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-13T14:23:19", "description": "The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5218-1 advisory.\n\n - An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter- Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of user-supplied sizes for the MSG_CRYPTO message type. (CVE-2021-43267)\n\n - A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability. (CVE-2021-3760)\n\n - A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.\n (CVE-2021-20321)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. (CVE-2021-41864)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-11T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5218-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-20321", "CVE-2021-3760", "CVE-2021-4002", "CVE-2021-41864", "CVE-2021-4204", "CVE-2021-43056", "CVE-2021-43267", "CVE-2021-43389"], "modified": "2023-07-12T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1026-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-1026-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-20.04c", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1026-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04c", "p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-1026-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-1026-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-20.04c", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.13-headers-5.13.0-1026", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.13-tools-5.13.0-1026", "p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.13-tools-host", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-1026-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-20.04c"], "id": "UBUNTU_USN-5218-1.NASL", "href": "https://www.tenable.com/plugins/nessus/156613", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5218-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156613);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/12\");\n\n script_cve_id(\n \"CVE-2021-3760\",\n \"CVE-2021-4002\",\n \"CVE-2021-4204\",\n \"CVE-2021-20321\",\n \"CVE-2021-41864\",\n \"CVE-2021-43056\",\n \"CVE-2021-43267\",\n \"CVE-2021-43389\"\n );\n script_xref(name:\"USN\", value:\"5218-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5218-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-5218-1 advisory.\n\n - An issue was discovered in net/tipc/crypto.c in the Linux kernel before 5.14.16. The Transparent Inter-\n Process Communication (TIPC) functionality allows remote attackers to exploit insufficient validation of\n user-supplied sizes for the MSG_CRYPTO message type. (CVE-2021-43267)\n\n - A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat\n to confidentiality, integrity, and system availability. (CVE-2021-3760)\n\n - A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users\n do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.\n (CVE-2021-20321)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows\n unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds\n write. (CVE-2021-41864)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to\n crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S\n implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5218-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-43267\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-buildinfo-5.13.0-1026-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-5.13.0-1026-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-headers-oem-20.04c\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.13.0-1026-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem-20.04c\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-unsigned-5.13.0-1026-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-modules-5.13.0-1026-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-20.04c\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.13-headers-5.13.0-1026\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.13-tools-5.13.0-1026\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-oem-5.13-tools-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-5.13.0-1026-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-tools-oem-20.04c\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '20.04', 'pkgname': 'linux-buildinfo-5.13.0-1026-oem', 'pkgver': '5.13.0-1026.32'},\n {'osver': '20.04', 'pkgname': 'linux-headers-5.13.0-1026-oem', 'pkgver': '5.13.0-1026.32'},\n {'osver': '20.04', 'pkgname': 'linux-headers-oem-20.04c', 'pkgver': '5.13.0.1026.29'},\n {'osver': '20.04', 'pkgname': 'linux-image-5.13.0-1026-oem', 'pkgver': '5.13.0-1026.32'},\n {'osver': '20.04', 'pkgname': 'linux-image-oem-20.04c', 'pkgver': '5.13.0.1026.29'},\n {'osver': '20.04', 'pkgname': 'linux-image-unsigned-5.13.0-1026-oem', 'pkgver': '5.13.0-1026.32'},\n {'osver': '20.04', 'pkgname': 'linux-modules-5.13.0-1026-oem', 'pkgver': '5.13.0-1026.32'},\n {'osver': '20.04', 'pkgname': 'linux-oem-20.04c', 'pkgver': '5.13.0.1026.29'},\n {'osver': '20.04', 'pkgname': 'linux-oem-5.13-headers-5.13.0-1026', 'pkgver': '5.13.0-1026.32'},\n {'osver': '20.04', 'pkgname': 'linux-oem-5.13-tools-5.13.0-1026', 'pkgver': '5.13.0-1026.32'},\n {'osver': '20.04', 'pkgname': 'linux-oem-5.13-tools-host', 'pkgver': '5.13.0-1026.32'},\n {'osver': '20.04', 'pkgname': 'linux-tools-5.13.0-1026-oem', 'pkgver': '5.13.0-1026.32'},\n {'osver': '20.04', 'pkgname': 'linux-tools-oem-20.04c', 'pkgver': '5.13.0.1026.29'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-buildinfo-5.13.0-1026-oem / linux-headers-5.13.0-1026-oem / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:37:36", "description": "The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3754-1 advisory.\n\n - A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)\n\n - A flaw was found in the Routing decision classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition.\n This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3715)\n\n - A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability. (CVE-2021-3760)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. (CVE-2021-41864)\n\n - The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.\n (CVE-2021-42008)\n\n - An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes. (CVE-2021-42252)\n\n - A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-42739)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-20T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:3754-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3542", "CVE-2021-3655", "CVE-2021-3715", "CVE-2021-3760", "CVE-2021-3772", "CVE-2021-3896", "CVE-2021-41864", "CVE-2021-42008", "CVE-2021-42252", "CVE-2021-42739", "CVE-2021-43056"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_93-default", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-preempt", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel", "p-cpe:/a:novell:suse_linux:kernel-preempt-extra", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-3754-1.NASL", "href": "https://www.tenable.com/plugins/nessus/155643", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:3754-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155643);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2021-3542\",\n \"CVE-2021-3655\",\n \"CVE-2021-3715\",\n \"CVE-2021-3760\",\n \"CVE-2021-3772\",\n \"CVE-2021-3896\",\n \"CVE-2021-41864\",\n \"CVE-2021-42008\",\n \"CVE-2021-42252\",\n \"CVE-2021-42739\",\n \"CVE-2021-43056\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:3754-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:3754-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2021:3754-1 advisory.\n\n - A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on\n inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)\n\n - A flaw was found in the Routing decision classifier in the Linux kernel's Traffic Control networking\n subsystem in the way it handled changing of classification filters, leading to a use-after-free condition.\n This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat\n from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3715)\n\n - A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat\n to confidentiality, integrity, and system availability. (CVE-2021-3760)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP\n association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and\n the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows\n unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds\n write. (CVE-2021-41864)\n\n - The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab\n out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.\n (CVE-2021-42008)\n\n - An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux\n kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite\n memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a\n certain comparison uses values that are not memory sizes. (CVE-2021-42252)\n\n - A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user\n calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or\n escalate privileges on the system. The highest threat from this vulnerability is to confidentiality,\n integrity, as well as system availability. (CVE-2021-42739)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to\n crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S\n implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1085030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1157177\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1167773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1172073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188563\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189841\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190795\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191229\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191450\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191731\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191800\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191934\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192267\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-42008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-42252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-42739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43056\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-November/009757.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b0e25397\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3760\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-42252\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_93-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-default-5.3.18-24.93.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.2']},\n {'reference':'dlm-kmp-default-5.3.18-24.93.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.2']},\n {'reference':'gfs2-kmp-default-5.3.18-24.93.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.2']},\n {'reference':'ocfs2-kmp-default-5.3.18-24.93.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.2']},\n {'reference':'kernel-default-5.3.18-24.93.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'kernel-default-5.3.18-24.93.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'kernel-default-base-5.3.18-24.93.1.9.42.5', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'kernel-default-base-5.3.18-24.93.1.9.42.5', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'kernel-default-devel-5.3.18-24.93.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'kernel-default-devel-5.3.18-24.93.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'kernel-devel-5.3.18-24.93.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'kernel-devel-5.3.18-24.93.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'kernel-macros-5.3.18-24.93.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'kernel-macros-5.3.18-24.93.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'kernel-preempt-5.3.18-24.93.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'kernel-preempt-5.3.18-24.93.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'kernel-preempt-5.3.18-24.93.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'kernel-preempt-5.3.18-24.93.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.2']},\n {'reference':'kernel-obs-build-5.3.18-24.93.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.2']},\n {'reference':'kernel-obs-build-5.3.18-24.93.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.2']},\n {'reference':'kernel-preempt-devel-5.3.18-24.93.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.2']},\n {'reference':'kernel-preempt-devel-5.3.18-24.93.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.2']},\n {'reference':'kernel-preempt-devel-5.3.18-24.93.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.2']},\n {'reference':'kernel-preempt-devel-5.3.18-24.93.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.2']},\n {'reference':'kernel-source-5.3.18-24.93.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.2']},\n {'reference':'kernel-source-5.3.18-24.93.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.2']},\n {'reference':'kernel-syms-5.3.18-24.93.1', 'sp':'2', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.2']},\n {'reference':'kernel-syms-5.3.18-24.93.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.2']},\n {'reference':'reiserfs-kmp-default-5.3.18-24.93.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-legacy-release-15.2']},\n {'reference':'kernel-default-livepatch-5.3.18-24.93.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']},\n {'reference':'kernel-default-livepatch-devel-5.3.18-24.93.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']},\n {'reference':'kernel-livepatch-5_3_18-24_93-default-1-5.3.5', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']},\n {'reference':'kernel-default-extra-5.3.18-24.93.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.2']},\n {'reference':'kernel-default-extra-5.3.18-24.93.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.2']},\n {'reference':'kernel-preempt-extra-5.3.18-24.93.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.2']},\n {'reference':'kernel-preempt-extra-5.3.18-24.93.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:37:36", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3658-1 advisory.\n\n - A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)\n\n - A flaw was found in the Routing decision classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition.\n This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3715)\n\n - A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability. (CVE-2021-3760)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. (CVE-2021-41864)\n\n - The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.\n (CVE-2021-42008)\n\n - An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes. (CVE-2021-42252)\n\n - A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-42739)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-12T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2021:3658-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3542", "CVE-2021-3655", "CVE-2021-3715", "CVE-2021-3760", "CVE-2021-3772", "CVE-2021-3896", "CVE-2021-41864", "CVE-2021-42008", "CVE-2021-42252", "CVE-2021-42739", "CVE-2021-43056"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:kernel-devel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel", "p-cpe:/a:novell:suse_linux:kernel-source-rt", "p-cpe:/a:novell:suse_linux:kernel-syms-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-3658-1.NASL", "href": "https://www.tenable.com/plugins/nessus/155303", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:3658-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155303);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2021-3542\",\n \"CVE-2021-3655\",\n \"CVE-2021-3715\",\n \"CVE-2021-3760\",\n \"CVE-2021-3772\",\n \"CVE-2021-3896\",\n \"CVE-2021-41864\",\n \"CVE-2021-42008\",\n \"CVE-2021-42252\",\n \"CVE-2021-42739\",\n \"CVE-2021-43056\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:3658-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2021:3658-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2021:3658-1 advisory.\n\n - A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on\n inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)\n\n - A flaw was found in the Routing decision classifier in the Linux kernel's Traffic Control networking\n subsystem in the way it handled changing of classification filters, leading to a use-after-free condition.\n This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat\n from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3715)\n\n - A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat\n to confidentiality, integrity, and system availability. (CVE-2021-3760)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP\n association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and\n the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows\n unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds\n write. (CVE-2021-41864)\n\n - The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab\n out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.\n (CVE-2021-42008)\n\n - An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux\n kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite\n memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a\n certain comparison uses values that are not memory sizes. (CVE-2021-42252)\n\n - A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user\n calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or\n escalate privileges on the system. The highest threat from this vulnerability is to confidentiality,\n integrity, as well as system availability. (CVE-2021-42739)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to\n crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S\n implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1085030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1157177\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1167773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1172073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188563\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189841\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190795\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191229\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191450\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191731\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191800\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191934\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-42008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-42252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-42739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43056\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-November/009719.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c078e277\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3760\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-42252\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-rt-5.3.18-57.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.2']},\n {'reference':'dlm-kmp-rt-5.3.18-57.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.2']},\n {'reference':'gfs2-kmp-rt-5.3.18-57.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.2']},\n {'reference':'kernel-devel-rt-5.3.18-57.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.2']},\n {'reference':'kernel-rt-5.3.18-57.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.2']},\n {'reference':'kernel-rt-devel-5.3.18-57.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.2']},\n {'reference':'kernel-rt_debug-5.3.18-57.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.2']},\n {'reference':'kernel-rt_debug-devel-5.3.18-57.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.2']},\n {'reference':'kernel-source-rt-5.3.18-57.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.2']},\n {'reference':'kernel-syms-rt-5.3.18-57.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.2']},\n {'reference':'ocfs2-kmp-rt-5.3.18-57.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-rt / dlm-kmp-rt / gfs2-kmp-rt / kernel-devel-rt / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:38:15", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3640-1 advisory.\n\n - A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)\n\n - A flaw was found in the Routing decision classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition.\n This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3715)\n\n - A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability. (CVE-2021-3760)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. (CVE-2021-41864)\n\n - The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.\n (CVE-2021-42008)\n\n - An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes. (CVE-2021-42252)\n\n - A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-42739)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-10T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2021:3640-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3542", "CVE-2021-3655", "CVE-2021-3715", "CVE-2021-3760", "CVE-2021-3772", "CVE-2021-3896", "CVE-2021-41864", "CVE-2021-42008", "CVE-2021-42252", "CVE-2021-42739", "CVE-2021-43056"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-devel-azure", "p-cpe:/a:novell:suse_linux:kernel-source-azure", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-3640-1.NASL", "href": "https://www.tenable.com/plugins/nessus/155007", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:3640-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155007);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2021-3542\",\n \"CVE-2021-3655\",\n \"CVE-2021-3715\",\n \"CVE-2021-3760\",\n \"CVE-2021-3772\",\n \"CVE-2021-3896\",\n \"CVE-2021-41864\",\n \"CVE-2021-42008\",\n \"CVE-2021-42252\",\n \"CVE-2021-42739\",\n \"CVE-2021-43056\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:3640-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2021:3640-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2021:3640-1 advisory.\n\n - A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on\n inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)\n\n - A flaw was found in the Routing decision classifier in the Linux kernel's Traffic Control networking\n subsystem in the way it handled changing of classification filters, leading to a use-after-free condition.\n This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat\n from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3715)\n\n - A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat\n to confidentiality, integrity, and system availability. (CVE-2021-3760)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP\n association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and\n the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows\n unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds\n write. (CVE-2021-41864)\n\n - The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab\n out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.\n (CVE-2021-42008)\n\n - An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux\n kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite\n memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a\n certain comparison uses values that are not memory sizes. (CVE-2021-42252)\n\n - A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user\n calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or\n escalate privileges on the system. The highest threat from this vulnerability is to confidentiality,\n integrity, as well as system availability. (CVE-2021-42739)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to\n crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S\n implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1085030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1133021\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1157177\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1167773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1172073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188563\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189841\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190795\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191229\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191450\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191731\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191800\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191934\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-42008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-42252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-42739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43056\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-November/009710.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?733f06ff\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3760\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-42252\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/08/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-azure-5.3.18-18.72.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-public-cloud-release-15.2']},\n {'reference':'kernel-azure-devel-5.3.18-18.72.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-public-cloud-release-15.2']},\n {'reference':'kernel-devel-azure-5.3.18-18.72.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-public-cloud-release-15.2']},\n {'reference':'kernel-source-azure-5.3.18-18.72.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-public-cloud-release-15.2']},\n {'reference':'kernel-syms-azure-5.3.18-18.72.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-public-cloud-release-15.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-azure / kernel-azure-devel / kernel-devel-azure / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:38:04", "description": "The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3655-1 advisory.\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. (CVE-2021-33033)\n\n - This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs, which can result in a type confusion condition. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-14689. (CVE-2021-34866)\n\n - A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)\n\n - A flaw was found in the Routing decision classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition.\n This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3715)\n\n - A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability. (CVE-2021-3760)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. (CVE-2021-41864)\n\n - The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.\n (CVE-2021-42008)\n\n - An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes. (CVE-2021-42252)\n\n - A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-42739)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-12T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:3655-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-33033", "CVE-2021-34866", "CVE-2021-3542", "CVE-2021-3655", "CVE-2021-3715", "CVE-2021-3760", "CVE-2021-3772", "CVE-2021-3896", "CVE-2021-41864", "CVE-2021-42008", "CVE-2021-42252", "CVE-2021-42739", "CVE-2021-43056"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-64kb", "p-cpe:/a:novell:suse_linux:kernel-64kb-devel", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-59_30-default", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-preempt", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel", "p-cpe:/a:novell:suse_linux:kernel-preempt-extra", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-3655-1.NASL", "href": "https://www.tenable.com/plugins/nessus/155302", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:3655-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155302);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2021-3542\",\n \"CVE-2021-3655\",\n \"CVE-2021-3715\",\n \"CVE-2021-3760\",\n \"CVE-2021-3772\",\n \"CVE-2021-3896\",\n \"CVE-2021-33033\",\n \"CVE-2021-34866\",\n \"CVE-2021-41864\",\n \"CVE-2021-42008\",\n \"CVE-2021-42252\",\n \"CVE-2021-42739\",\n \"CVE-2021-43056\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:3655-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:3655-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2021:3655-1 advisory.\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because\n the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads\n to writing an arbitrary value. (CVE-2021-33033)\n\n - This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel\n 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the target system in\n order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The\n issue results from the lack of proper validation of user-supplied eBPF programs, which can result in a\n type confusion condition. An attacker can leverage this vulnerability to escalate privileges and execute\n arbitrary code in the context of the kernel. Was ZDI-CAN-14689. (CVE-2021-34866)\n\n - A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on\n inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)\n\n - A flaw was found in the Routing decision classifier in the Linux kernel's Traffic Control networking\n subsystem in the way it handled changing of classification filters, leading to a use-after-free condition.\n This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat\n from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3715)\n\n - A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat\n to confidentiality, integrity, and system availability. (CVE-2021-3760)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP\n association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and\n the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows\n unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds\n write. (CVE-2021-41864)\n\n - The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab\n out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.\n (CVE-2021-42008)\n\n - An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux\n kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite\n memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a\n certain comparison uses values that are not memory sizes. (CVE-2021-42252)\n\n - A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user\n calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or\n escalate privileges on the system. The highest threat from this vulnerability is to confidentiality,\n integrity, as well as system availability. (CVE-2021-42739)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to\n crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S\n implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1085030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1172073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176914\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178134\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181147\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188563\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189841\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190795\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191229\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191450\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191731\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191800\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191934\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-34866\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-42008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-42252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-42739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43056\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-November/009720.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?97ec4084\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3760\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-42252\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-64kb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-64kb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-59_30-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-default-5.3.18-59.30.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.3']},\n {'reference':'dlm-kmp-default-5.3.18-59.30.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.3']},\n {'reference':'gfs2-kmp-default-5.3.18-59.30.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.3']},\n {'reference':'ocfs2-kmp-default-5.3.18-59.30.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.3']},\n {'reference':'kernel-64kb-5.3.18-59.30.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-64kb-5.3.18-59.30.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-64kb-devel-5.3.18-59.30.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-64kb-devel-5.3.18-59.30.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-default-5.3.18-59.30.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-default-5.3.18-59.30.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-default-base-5.3.18-59.30.1.18.17.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-default-base-5.3.18-59.30.1.18.17.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-default-devel-5.3.18-59.30.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-default-devel-5.3.18-59.30.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-devel-5.3.18-59.30.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-devel-5.3.18-59.30.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-macros-5.3.18-59.30.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-macros-5.3.18-59.30.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-59.30.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-59.30.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-59.30.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-59.30.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-zfcpdump-5.3.18-59.30.1', 'sp':'3', 'cpu':'s390x', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-zfcpdump-5.3.18-59.30.1', 'sp':'3', 'cpu':'s390x', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-obs-build-5.3.18-59.30.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'kernel-obs-build-5.3.18-59.30.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-59.30.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-59.30.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-59.30.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-59.30.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'kernel-source-5.3.18-59.30.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'kernel-source-5.3.18-59.30.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'kernel-syms-5.3.18-59.30.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'kernel-syms-5.3.18-59.30.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'reiserfs-kmp-default-5.3.18-59.30.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-legacy-release-15.3']},\n {'reference':'kernel-default-livepatch-5.3.18-59.30.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']},\n {'reference':'kernel-default-livepatch-devel-5.3.18-59.30.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']},\n {'reference':'kernel-livepatch-5_3_18-59_30-default-1-7.3.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']},\n {'reference':'kernel-default-extra-5.3.18-59.30.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.3']},\n {'reference':'kernel-default-extra-5.3.18-59.30.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.3']},\n {'reference':'kernel-preempt-extra-5.3.18-59.30.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.3']},\n {'reference':'kernel-preempt-extra-5.3.18-59.30.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-15T18:45:38", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3641-1 advisory.\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. (CVE-2021-33033)\n\n - This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs, which can result in a type confusion condition. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-14689. (CVE-2021-34866)\n\n - A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)\n\n - A flaw was found in the Routing decision classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition.\n This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3715)\n\n - A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability. (CVE-2021-3760)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. (CVE-2021-41864)\n\n - The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.\n (CVE-2021-42008)\n\n - An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes. (CVE-2021-42252)\n\n - A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-42739)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-10T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2021:3641-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-33033", "CVE-2021-34866", "CVE-2021-3542", "CVE-2021-3655", "CVE-2021-3715", "CVE-2021-3760", "CVE-2021-3772", "CVE-2021-3896", "CVE-2021-41864", "CVE-2021-42008", "CVE-2021-42252", "CVE-2021-42739", "CVE-2021-43056"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-devel-azure", "p-cpe:/a:novell:suse_linux:kernel-source-azure", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-3641-1.NASL", "href": "https://www.tenable.com/plugins/nessus/155006", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:3641-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155006);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2021-3542\",\n \"CVE-2021-3655\",\n \"CVE-2021-3715\",\n \"CVE-2021-3760\",\n \"CVE-2021-3772\",\n \"CVE-2021-3896\",\n \"CVE-2021-33033\",\n \"CVE-2021-34866\",\n \"CVE-2021-41864\",\n \"CVE-2021-42008\",\n \"CVE-2021-42252\",\n \"CVE-2021-42739\",\n \"CVE-2021-43056\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:3641-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2021:3641-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2021:3641-1 advisory.\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because\n the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads\n to writing an arbitrary value. (CVE-2021-33033)\n\n - This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel\n 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the target system in\n order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The\n issue results from the lack of proper validation of user-supplied eBPF programs, which can result in a\n type confusion condition. An attacker can leverage this vulnerability to escalate privileges and execute\n arbitrary code in the context of the kernel. Was ZDI-CAN-14689. (CVE-2021-34866)\n\n - A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on\n inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)\n\n - A flaw was found in the Routing decision classifier in the Linux kernel's Traffic Control networking\n subsystem in the way it handled changing of classification filters, leading to a use-after-free condition.\n This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat\n from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3715)\n\n - A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat\n to confidentiality, integrity, and system availability. (CVE-2021-3760)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP\n association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and\n the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows\n unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds\n write. (CVE-2021-41864)\n\n - The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab\n out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.\n (CVE-2021-42008)\n\n - An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux\n kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite\n memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a\n certain comparison uses values that are not memory sizes. (CVE-2021-42252)\n\n - A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user\n calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or\n escalate privileges on the system. The highest threat from this vulnerability is to confidentiality,\n integrity, as well as system availability. (CVE-2021-42739)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to\n crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S\n implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1085030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1172073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176914\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178134\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181147\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188563\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189841\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190795\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191229\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191450\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191731\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191800\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191934\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-34866\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-42008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-42252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-42739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43056\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-November/009709.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?badb6b03\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3760\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-42252\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-azure-5.3.18-38.28.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-public-cloud-release-15.3']},\n {'reference':'kernel-azure-devel-5.3.18-38.28.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-public-cloud-release-15.3']},\n {'reference':'kernel-devel-azure-5.3.18-38.28.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-public-cloud-release-15.3']},\n {'reference':'kernel-source-azure-5.3.18-38.28.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-public-cloud-release-15.3']},\n {'reference':'kernel-syms-azure-5.3.18-38.28.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-public-cloud-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-azure / kernel-azure-devel / kernel-devel-azure / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:37:28", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3642-1 advisory.\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. (CVE-2021-33033)\n\n - This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs, which can result in a type confusion condition. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-14689. (CVE-2021-34866)\n\n - A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)\n\n - A flaw was found in the Routing decision classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition.\n This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3715)\n\n - A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability. (CVE-2021-3760)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. (CVE-2021-41864)\n\n - The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.\n (CVE-2021-42008)\n\n - An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes. (CVE-2021-42252)\n\n - A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-42739)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-10T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2021:3642-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-33033", "CVE-2021-34866", "CVE-2021-3542", "CVE-2021-3655", "CVE-2021-3715", "CVE-2021-3760", "CVE-2021-3772", "CVE-2021-3896", "CVE-2021-41864", "CVE-2021-42008", "CVE-2021-42252", "CVE-2021-42739", "CVE-2021-43056"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:kernel-devel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel", "p-cpe:/a:novell:suse_linux:kernel-source-rt", "p-cpe:/a:novell:suse_linux:kernel-syms-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-3642-1.NASL", "href": "https://www.tenable.com/plugins/nessus/155003", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:3642-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155003);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2021-3542\",\n \"CVE-2021-3655\",\n \"CVE-2021-3715\",\n \"CVE-2021-3760\",\n \"CVE-2021-3772\",\n \"CVE-2021-3896\",\n \"CVE-2021-33033\",\n \"CVE-2021-34866\",\n \"CVE-2021-41864\",\n \"CVE-2021-42008\",\n \"CVE-2021-42252\",\n \"CVE-2021-42739\",\n \"CVE-2021-43056\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:3642-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2021:3642-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2021:3642-1 advisory.\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because\n the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads\n to writing an arbitrary value. (CVE-2021-33033)\n\n - This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel\n 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the target system in\n order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The\n issue results from the lack of proper validation of user-supplied eBPF programs, which can result in a\n type confusion condition. An attacker can leverage this vulnerability to escalate privileges and execute\n arbitrary code in the context of the kernel. Was ZDI-CAN-14689. (CVE-2021-34866)\n\n - A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on\n inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)\n\n - A flaw was found in the Routing decision classifier in the Linux kernel's Traffic Control networking\n subsystem in the way it handled changing of classification filters, leading to a use-after-free condition.\n This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat\n from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3715)\n\n - A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat\n to confidentiality, integrity, and system availability. (CVE-2021-3760)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP\n association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and\n the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows\n unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds\n write. (CVE-2021-41864)\n\n - The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab\n out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.\n (CVE-2021-42008)\n\n - An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux\n kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite\n memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a\n certain comparison uses values that are not memory sizes. (CVE-2021-42252)\n\n - A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user\n calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or\n escalate privileges on the system. The highest threat from this vulnerability is to confidentiality,\n integrity, as well as system availability. (CVE-2021-42739)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to\n crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S\n implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1085030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1172073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176914\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178134\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181147\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188563\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189841\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190795\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191229\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191450\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191731\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191800\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191934\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-34866\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-42008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-42252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-42739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43056\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-November/009708.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?92aec9e6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3760\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-42252\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-rt-5.3.18-60.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.3']},\n {'reference':'dlm-kmp-rt-5.3.18-60.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.3']},\n {'reference':'gfs2-kmp-rt-5.3.18-60.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.3']},\n {'reference':'kernel-devel-rt-5.3.18-60.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.3']},\n {'reference':'kernel-rt-5.3.18-60.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.3']},\n {'reference':'kernel-rt-devel-5.3.18-60.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.3']},\n {'reference':'kernel-rt_debug-devel-5.3.18-60.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.3']},\n {'reference':'kernel-source-rt-5.3.18-60.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.3']},\n {'reference':'kernel-syms-rt-5.3.18-60.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.3']},\n {'reference':'ocfs2-kmp-rt-5.3.18-60.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-rt / dlm-kmp-rt / gfs2-kmp-rt / kernel-devel-rt / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:16:29", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3641-1 advisory.\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. (CVE-2021-33033)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-42739. Reason: This candidate is a reservation duplicate of CVE-2021-42739. Notes: All CVE users should reference CVE-2021-42739 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2021-3542)\n\n - A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)\n\n - kernel: use-after-free in route4_change() in net/sched/cls_route.c (CVE-2021-3715)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43389. Reason: This candidate is a reservation duplicate of CVE-2021-43389. Notes: All CVE users should reference CVE-2021-43389 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2021-3896)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel through 5.14.9 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. (CVE-2021-41864)\n\n - The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.\n (CVE-2021-42008)\n\n - An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes. (CVE-2021-42252)\n\n - The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking. (CVE-2021-42739)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-10T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : kernel (openSUSE-SU-2021:3641-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-33033", "CVE-2021-34866", "CVE-2021-3542", "CVE-2021-3655", "CVE-2021-3715", "CVE-2021-3760", "CVE-2021-3772", "CVE-2021-3896", "CVE-2021-41864", "CVE-2021-42008", "CVE-2021-42252", "CVE-2021-42739", "CVE-2021-43056", "CVE-2021-43389"], "modified": "2022-02-01T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:cluster-md-kmp-azure", "p-cpe:/a:novell:opensuse:dlm-kmp-azure", "p-cpe:/a:novell:opensuse:gfs2-kmp-azure", "p-cpe:/a:novell:opensuse:kernel-azure", "p-cpe:/a:novell:opensuse:kernel-azure-devel", "p-cpe:/a:novell:opensuse:kernel-azure-extra", "p-cpe:/a:novell:opensuse:kernel-azure-livepatch-devel", "p-cpe:/a:novell:opensuse:kernel-azure-optional", "p-cpe:/a:novell:opensuse:kernel-devel-azure", "p-cpe:/a:novell:opensuse:kernel-source-azure", "p-cpe:/a:novell:opensuse:kernel-syms-azure", "p-cpe:/a:novell:opensuse:kselftests-kmp-azure", "p-cpe:/a:novell:opensuse:ocfs2-kmp-azure", "p-cpe:/a:novell:opensuse:reiserfs-kmp-azure", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-3641.NASL", "href": "https://www.tenable.com/plugins/nessus/155009", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:3641-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155009);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/01\");\n\n script_cve_id(\n \"CVE-2021-3542\",\n \"CVE-2021-3655\",\n \"CVE-2021-3715\",\n \"CVE-2021-3760\",\n \"CVE-2021-3772\",\n \"CVE-2021-3896\",\n \"CVE-2021-33033\",\n \"CVE-2021-34866\",\n \"CVE-2021-41864\",\n \"CVE-2021-42008\",\n \"CVE-2021-42252\",\n \"CVE-2021-42739\",\n \"CVE-2021-43056\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : kernel (openSUSE-SU-2021:3641-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:3641-1 advisory.\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because\n the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads\n to writing an arbitrary value. (CVE-2021-33033)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-42739. Reason: This candidate is a\n reservation duplicate of CVE-2021-42739. Notes: All CVE users should reference CVE-2021-42739 instead of\n this candidate. All references and descriptions in this candidate have been removed to prevent accidental\n usage. (CVE-2021-3542)\n\n - A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on\n inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)\n\n - kernel: use-after-free in route4_change() in net/sched/cls_route.c (CVE-2021-3715)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43389. Reason: This candidate is a\n reservation duplicate of CVE-2021-43389. Notes: All CVE users should reference CVE-2021-43389 instead of\n this candidate. All references and descriptions in this candidate have been removed to prevent accidental\n usage. (CVE-2021-3896)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel through 5.14.9 allows\n unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds\n write. (CVE-2021-41864)\n\n - The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab\n out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.\n (CVE-2021-42008)\n\n - An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux\n kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite\n memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a\n certain comparison uses values that are not memory sizes. (CVE-2021-42252)\n\n - The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to\n drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt\n mishandles bounds checking. (CVE-2021-42739)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to\n crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S\n implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1085030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1172073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176914\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178134\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181147\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188563\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189841\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190795\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191229\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191450\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191731\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191800\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191934\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192145\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RDPFUBRGNGPD3YZQTYFCSNGZKH75ZKUP/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6f8e7d85\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-34866\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-42008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-42252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-42739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43056\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-34866\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cluster-md-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dlm-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gfs2-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-azure-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-azure-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-azure-optional\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ocfs2-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:reiserfs-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-azure-5.3.18-38.28.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dlm-kmp-azure-5.3.18-38.28.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gfs2-kmp-azure-5.3.18-38.28.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-azure-5.3.18-38.28.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-azure-devel-5.3.18-38.28.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-azure-extra-5.3.18-38.28.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-azure-livepatch-devel-5.3.18-38.28.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-azure-optional-5.3.18-38.28.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-azure-5.3.18-38.28.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-source-azure-5.3.18-38.28.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-syms-azure-5.3.18-38.28.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kselftests-kmp-azure-5.3.18-38.28.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocfs2-kmp-azure-5.3.18-38.28.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'reiserfs-kmp-azure-5.3.18-38.28.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-azure / dlm-kmp-azure / gfs2-kmp-azure / kernel-azure / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:17:21", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3675-1 advisory.\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. (CVE-2021-33033)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-42739. Reason: This candidate is a reservation duplicate of CVE-2021-42739. Notes: All CVE users should reference CVE-2021-42739 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2021-3542)\n\n - A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)\n\n - kernel: use-after-free in route4_change() in net/sched/cls_route.c (CVE-2021-3715)\n\n - hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.\n (CVE-2021-37159)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43389. Reason: This candidate is a reservation duplicate of CVE-2021-43389. Notes: All CVE users should reference CVE-2021-43389 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2021-3896)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel through 5.14.9 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. (CVE-2021-41864)\n\n - The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.\n (CVE-2021-42008)\n\n - An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes. (CVE-2021-42252)\n\n - The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking. (CVE-2021-42739)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\n - An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (CVE-2021-43389)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-17T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : kernel (openSUSE-SU-2021:3675-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-33033", "CVE-2021-34866", "CVE-2021-3542", "CVE-2021-3655", "CVE-2021-3715", "CVE-2021-37159", "CVE-2021-3760", "CVE-2021-3772", "CVE-2021-3896", "CVE-2021-41864", "CVE-2021-42008", "CVE-2021-42252", "CVE-2021-42739", "CVE-2021-43056", "CVE-2021-43389"], "modified": "2022-02-01T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:cluster-md-kmp-64kb", "p-cpe:/a:novell:opensuse:cluster-md-kmp-default", "p-cpe:/a:novell:opensuse:cluster-md-kmp-preempt", "p-cpe:/a:novell:opensuse:dlm-kmp-64kb", "p-cpe:/a:novell:opensuse:dlm-kmp-default", "p-cpe:/a:novell:opensuse:dlm-kmp-preempt", "p-cpe:/a:novell:opensuse:dtb-al", "p-cpe:/a:novell:opensuse:dtb-allwinner", "p-cpe:/a:novell:opensuse:dtb-altera", "p-cpe:/a:novell:opensuse:dtb-amd", "p-cpe:/a:novell:opensuse:dtb-amlogic", "p-cpe:/a:novell:opensuse:dtb-apm", "p-cpe:/a:novell:opensuse:dtb-zte", "p-cpe:/a:novell:opensuse:dtb-arm", "p-cpe:/a:novell:opensuse:dtb-broadcom", "p-cpe:/a:novell:opensuse:dtb-cavium", "p-cpe:/a:novell:opensuse:gfs2-kmp-64kb", "p-cpe:/a:novell:opensuse:dtb-exynos", "p-cpe:/a:novell:opensuse:gfs2-kmp-default", "p-cpe:/a:novell:opensuse:dtb-freescale", "p-cpe:/a:novell:opensuse:dtb-hisilicon", "p-cpe:/a:novell:opensuse:gfs2-kmp-preempt", "p-cpe:/a:novell:opensuse:dtb-lg", "p-cpe:/a:novell:opensuse:dtb-marvell", "p-cpe:/a:novell:opensuse:dtb-mediatek", "p-cpe:/a:novell:opensuse:kernel-64kb", "p-cpe:/a:novell:opensuse:dtb-nvidia", "p-cpe:/a:novell:opensuse:kernel-64kb-devel", "p-cpe:/a:novell:opensuse:dtb-qcom", "p-cpe:/a:novell:opensuse:dtb-renesas", "p-cpe:/a:novell:opensuse:dtb-rockchip", "p-cpe:/a:novell:opensuse:kernel-64kb-extra", "p-cpe:/a:novell:opensuse:dtb-socionext", "p-cpe:/a:novell:opensuse:kernel-64kb-livepatch-devel", "p-cpe:/a:novell:opensuse:dtb-sprd", "p-cpe:/a:novell:opensuse:dtb-xilinx", "p-cpe:/a:novell:opensuse:kernel-64kb-optional", "cpe:/o:novell:opensuse:15.3", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-livepatch-devel", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-rebuild", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-extra", "p-cpe:/a:novell:opensuse:kernel-default-livepatch", "p-cpe:/a:novell:opensuse:kernel-default-livepatch-devel", "p-cpe:/a:novell:opensuse:kernel-default-optional", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-livepatch-devel", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-preempt", "p-cpe:/a:novell:opensuse:kernel-preempt-devel", "p-cpe:/a:novell:opensuse:kernel-preempt-extra", "p-cpe:/a:novell:opensuse:kernel-preempt-livepatch-devel", "p-cpe:/a:novell:opensuse:kernel-preempt-optional", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-zfcpdump", "p-cpe:/a:novell:opensuse:kselftests-kmp-64kb", "p-cpe:/a:novell:opensuse:kselftests-kmp-default", "p-cpe:/a:novell:opensuse:kselftests-kmp-preempt", "p-cpe:/a:novell:opensuse:ocfs2-kmp-64kb", "p-cpe:/a:novell:opensuse:ocfs2-kmp-default", "p-cpe:/a:novell:opensuse:ocfs2-kmp-preempt", "p-cpe:/a:novell:opensuse:reiserfs-kmp-64kb", "p-cpe:/a:novell:opensuse:reiserfs-kmp-default", "p-cpe:/a:novell:opensuse:reiserfs-kmp-preempt"], "id": "OPENSUSE-2021-3675.NASL", "href": "https://www.tenable.com/plugins/nessus/155383", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:3675-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155383);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/01\");\n\n script_cve_id(\n \"CVE-2021-3542\",\n \"CVE-2021-3655\",\n \"CVE-2021-3715\",\n \"CVE-2021-3760\",\n \"CVE-2021-3772\",\n \"CVE-2021-3896\",\n \"CVE-2021-33033\",\n \"CVE-2021-34866\",\n \"CVE-2021-37159\",\n \"CVE-2021-41864\",\n \"CVE-2021-42008\",\n \"CVE-2021-42252\",\n \"CVE-2021-42739\",\n \"CVE-2021-43056\",\n \"CVE-2021-43389\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : kernel (openSUSE-SU-2021:3675-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:3675-1 advisory.\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because\n the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads\n to writing an arbitrary value. (CVE-2021-33033)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-42739. Reason: This candidate is a\n reservation duplicate of CVE-2021-42739. Notes: All CVE users should reference CVE-2021-42739 instead of\n this candidate. All references and descriptions in this candidate have been removed to prevent accidental\n usage. (CVE-2021-3542)\n\n - A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on\n inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)\n\n - kernel: use-after-free in route4_change() in net/sched/cls_route.c (CVE-2021-3715)\n\n - hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev\n without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.\n (CVE-2021-37159)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43389. Reason: This candidate is a\n reservation duplicate of CVE-2021-43389. Notes: All CVE users should reference CVE-2021-43389 instead of\n this candidate. All references and descriptions in this candidate have been removed to prevent accidental\n usage. (CVE-2021-3896)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel through 5.14.9 allows\n unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds\n write. (CVE-2021-41864)\n\n - The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab\n out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.\n (CVE-2021-42008)\n\n - An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux\n kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite\n memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a\n certain comparison uses values that are not memory sizes. (CVE-2021-42252)\n\n - The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to\n drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt\n mishandles bounds checking. (CVE-2021-42739)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to\n crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S\n implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\n - An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in\n the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (CVE-2021-43389)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1085030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1089118\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1094840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1133021\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1157177\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1167773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1172073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176914\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178134\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181147\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188563\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189841\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190795\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191229\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191450\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191731\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191800\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191851\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191934\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191980\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192229\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192267\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192288\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192549\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/YKWZ52CYLL6JHU7XBR4T2MCMZQTD4U57/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?48131813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-34866\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-42008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-42252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-42739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43389\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-34866\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cluster-md-kmp-64kb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cluster-md-kmp-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dlm-kmp-64kb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dlm-kmp-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-al\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-allwinner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-altera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-amd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-amlogic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-apm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-broadcom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-cavium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-exynos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-freescale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-hisilicon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-lg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-mediatek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-nvidia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-qcom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-renesas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-rockchip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-socionext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-sprd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-xilinx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-zte\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gfs2-kmp-64kb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gfs2-kmp-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-64kb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-64kb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-64kb-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-64kb-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-64kb-optional\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-rebuild\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-optional\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-optional\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-64kb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ocfs2-kmp-64kb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ocfs2-kmp-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:reiserfs-kmp-64kb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:reiserfs-kmp-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-64kb-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cluster-md-kmp-default-5.3.18-59.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cluster-md-kmp-preempt-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cluster-md-kmp-preempt-5.3.18-59.34.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dlm-kmp-64kb-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dlm-kmp-default-5.3.18-59.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dlm-kmp-preempt-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dlm-kmp-preempt-5.3.18-59.34.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-al-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-allwinner-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-altera-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-amd-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-amlogic-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-apm-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-arm-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-broadcom-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-cavium-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-exynos-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-freescale-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-hisilicon-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-lg-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-marvell-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-mediatek-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-nvidia-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-qcom-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-renesas-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-rockchip-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-socionext-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-sprd-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-xilinx-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-zte-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gfs2-kmp-64kb-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gfs2-kmp-default-5.3.18-59.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gfs2-kmp-preempt-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gfs2-kmp-preempt-5.3.18-59.34.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-64kb-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-64kb-devel-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-64kb-extra-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-64kb-livepatch-devel-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-64kb-optional-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-5.3.18-59.34.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-5.3.18-59.34.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-livepatch-devel-5.3.18-59.34.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-default-5.3.18-59.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-default-base-5.3.18-59.34.1.18.21.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-default-base-rebuild-5.3.18-59.34.1.18.21.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-default-devel-5.3.18-59.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-default-extra-5.3.18-59.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-default-livepatch-5.3.18-59.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-default-livepatch-devel-5.3.18-59.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-default-optional-5.3.18-59.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-5.3.18-59.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kvmsmall-5.3.18-59.34.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kvmsmall-devel-5.3.18-59.34.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kvmsmall-livepatch-devel-5.3.18-59.34.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-macros-5.3.18-59.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-obs-build-5.3.18-59.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-obs-qa-5.3.18-59.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-preempt-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-preempt-5.3.18-59.34.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-preempt-devel-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-preempt-devel-5.3.18-59.34.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-preempt-extra-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-preempt-extra-5.3.18-59.34.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-preempt-livepatch-devel-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-preempt-livepatch-devel-5.3.18-59.34.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-preempt-optional-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-preempt-optional-5.3.18-59.34.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-source-5.3.18-59.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-source-vanilla-5.3.18-59.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-syms-5.3.18-59.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-5.3.18-59.34.1', 'cpu':'s390x', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kselftests-kmp-64kb-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kselftests-kmp-default-5.3.18-59.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kselftests-kmp-preempt-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kselftests-kmp-preempt-5.3.18-59.34.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocfs2-kmp-64kb-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocfs2-kmp-default-5.3.18-59.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocfs2-kmp-preempt-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocfs2-kmp-preempt-5.3.18-59.34.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'reiserfs-kmp-64kb-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'reiserfs-kmp-default-5.3.18-59.34.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'reiserfs-kmp-preempt-5.3.18-59.34.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'reiserfs-kmp-preempt-5.3.18-59.34.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-64kb / cluster-md-kmp-default / cluster-md-kmp-preempt / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-16T15:14:39", "description": "The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3675-1 advisory.\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. (CVE-2021-33033)\n\n - This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs, which can result in a type confusion condition. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-14689. (CVE-2021-34866)\n\n - A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)\n\n - A flaw was found in the Routing decision classifier in the Linux kernel's Traffic Control networking subsystem in the way it handled changing of classification filters, leading to a use-after-free condition.\n This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3715)\n\n - hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.\n (CVE-2021-37159)\n\n - A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability. (CVE-2021-3760)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. (CVE-2021-41864)\n\n - The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.\n (CVE-2021-42008)\n\n - An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes. (CVE-2021-42252)\n\n - A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-42739)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\n - An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (CVE-2021-43389)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-17T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:3675-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-33033", "CVE-2021-34866", "CVE-2021-3542", "CVE-2021-3655", "CVE-2021-3715", "CVE-2021-37159", "CVE-2021-3760", "CVE-2021-3772", "CVE-2021-3896", "CVE-2021-41864", "CVE-2021-42008", "CVE-2021-42252", "CVE-2021-42739", "CVE-2021-43056", "CVE-2021-43389"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-64kb", "p-cpe:/a:novell:suse_linux:kernel-64kb-devel", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-59_34-default", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-preempt", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel", "p-cpe:/a:novell:suse_linux:kernel-preempt-extra", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-3675-1.NASL", "href": "https://www.tenable.com/plugins/nessus/155467", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:3675-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155467);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2021-3542\",\n \"CVE-2021-3655\",\n \"CVE-2021-3715\",\n \"CVE-2021-3760\",\n \"CVE-2021-3772\",\n \"CVE-2021-3896\",\n \"CVE-2021-33033\",\n \"CVE-2021-34866\",\n \"CVE-2021-37159\",\n \"CVE-2021-41864\",\n \"CVE-2021-42008\",\n \"CVE-2021-42252\",\n \"CVE-2021-42739\",\n \"CVE-2021-43056\",\n \"CVE-2021-43389\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:3675-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:3675-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2021:3675-1 advisory.\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because\n the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads\n to writing an arbitrary value. (CVE-2021-33033)\n\n - This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel\n 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the target system in\n order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The\n issue results from the lack of proper validation of user-supplied eBPF programs, which can result in a\n type confusion condition. An attacker can leverage this vulnerability to escalate privileges and execute\n arbitrary code in the context of the kernel. Was ZDI-CAN-14689. (CVE-2021-34866)\n\n - A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on\n inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)\n\n - A flaw was found in the Routing decision classifier in the Linux kernel's Traffic Control networking\n subsystem in the way it handled changing of classification filters, leading to a use-after-free condition.\n This flaw allows unprivileged local users to escalate their privileges on the system. The highest threat\n from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3715)\n\n - hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev\n without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.\n (CVE-2021-37159)\n\n - A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat\n to confidentiality, integrity, and system availability. (CVE-2021-3760)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP\n association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and\n the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows\n unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds\n write. (CVE-2021-41864)\n\n - The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab\n out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.\n (CVE-2021-42008)\n\n - An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux\n kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite\n memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a\n certain comparison uses values that are not memory sizes. (CVE-2021-42252)\n\n - A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user\n calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or\n escalate privileges on the system. The highest threat from this vulnerability is to confidentiality,\n integrity, as well as system availability. (CVE-2021-42739)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to\n crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S\n implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\n - An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in\n the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (CVE-2021-43389)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1085030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1089118\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1094840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1133021\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1157177\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1167773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1172073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176914\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178134\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180749\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181147\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188563\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189841\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190795\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191229\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191450\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191731\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191800\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191851\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191934\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191980\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192229\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192267\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192288\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-34866\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-37159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-42008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-42252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-42739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43389\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-November/009734.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3b76fee2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3760\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-42252\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-64kb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-64kb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-59_34-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-default-5.3.18-59.34.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.3']},\n {'reference':'dlm-kmp-default-5.3.18-59.34.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.3']},\n {'reference':'gfs2-kmp-default-5.3.18-59.34.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.3']},\n {'reference':'ocfs2-kmp-default-5.3.18-59.34.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.3']},\n {'reference':'kernel-64kb-5.3.18-59.34.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-64kb-5.3.18-59.34.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-64kb-devel-5.3.18-59.34.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-64kb-devel-5.3.18-59.34.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-default-5.3.18-59.34.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-default-5.3.18-59.34.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-default-base-5.3.18-59.34.1.18.21.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-default-base-5.3.18-59.34.1.18.21.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-default-devel-5.3.18-59.34.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-default-devel-5.3.18-59.34.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-devel-5.3.18-59.34.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-devel-5.3.18-59.34.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-macros-5.3.18-59.34.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-macros-5.3.18-59.34.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-59.34.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-59.34.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-59.34.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-59.34.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-zfcpdump-5.3.18-59.34.1', 'sp':'3', 'cpu':'s390x', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-zfcpdump-5.3.18-59.34.1', 'sp':'3', 'cpu':'s390x', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-obs-build-5.3.18-59.34.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'kernel-obs-build-5.3.18-59.34.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-59.34.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-59.34.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-59.34.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-59.34.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'kernel-source-5.3.18-59.34.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'kernel-source-5.3.18-59.34.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'kernel-syms-5.3.18-59.34.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'kernel-syms-5.3.18-59.34.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'reiserfs-kmp-default-5.3.18-59.34.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-legacy-release-15.3']},\n {'reference':'kernel-default-livepatch-5.3.18-59.34.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']},\n {'reference':'kernel-default-livepatch-devel-5.3.18-59.34.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']},\n {'reference':'kernel-livepatch-5_3_18-59_34-default-1-7.3.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']},\n {'reference':'kernel-default-extra-5.3.18-59.34.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.3']},\n {'reference':'kernel-default-extra-5.3.18-59.34.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.3']},\n {'reference':'kernel-preempt-extra-5.3.18-59.34.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.3']},\n {'reference':'kernel-preempt-extra-5.3.18-59.34.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:35:57", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3655-1 advisory.\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. (CVE-2021-33033)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-42739. Reason: This candidate is a reservation duplicate of CVE-2021-42739. Notes: All CVE users should reference CVE-2021-42739 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2021-3542)\n\n - A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)\n\n - kernel: use-after-free in route4_change() in net/sched/cls_route.c (CVE-2021-3715)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43389. Reason: This candidate is a reservation duplicate of CVE-2021-43389. Notes: All CVE users should reference CVE-2021-43389 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2021-3896)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel through 5.14.9 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. (CVE-2021-41864)\n\n - The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.\n (CVE-2021-42008)\n\n - An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes. (CVE-2021-42252)\n\n - The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking. (CVE-2021-42739)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-12T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : kernel (openSUSE-SU-2021:3655-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-33033", "CVE-2021-34866", "CVE-2021-3542", "CVE-2021-3655", "CVE-2021-3715", "CVE-2021-3760", "CVE-2021-3772", "CVE-2021-3896", "CVE-2021-41864", "CVE-2021-42008", "CVE-2021-42252", "CVE-2021-42739", "CVE-2021-43056", "CVE-2021-43389"], "modified": "2022-02-01T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:cluster-md-kmp-64kb", "p-cpe:/a:novell:opensuse:cluster-md-kmp-default", "p-cpe:/a:novell:opensuse:cluster-md-kmp-preempt", "p-cpe:/a:novell:opensuse:dlm-kmp-64kb", "p-cpe:/a:novell:opensuse:dlm-kmp-default", "p-cpe:/a:novell:opensuse:dlm-kmp-preempt", "p-cpe:/a:novell:opensuse:dtb-al", "p-cpe:/a:novell:opensuse:dtb-allwinner", "p-cpe:/a:novell:opensuse:dtb-altera", "p-cpe:/a:novell:opensuse:dtb-amd", "p-cpe:/a:novell:opensuse:dtb-amlogic", "p-cpe:/a:novell:opensuse:dtb-apm", "p-cpe:/a:novell:opensuse:dtb-arm", "p-cpe:/a:novell:opensuse:dtb-broadcom", "p-cpe:/a:novell:opensuse:dtb-cavium", "p-cpe:/a:novell:opensuse:dtb-exynos", "p-cpe:/a:novell:opensuse:dtb-freescale", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:dtb-hisilicon", "p-cpe:/a:novell:opensuse:dtb-lg", "p-cpe:/a:novell:opensuse:dtb-marvell", "p-cpe:/a:novell:opensuse:dtb-mediatek", "p-cpe:/a:novell:opensuse:kernel-zfcpdump", "p-cpe:/a:novell:opensuse:dtb-nvidia", "p-cpe:/a:novell:opensuse:dtb-qcom", "p-cpe:/a:novell:opensuse:kselftests-kmp-64kb", "p-cpe:/a:novell:opensuse:dtb-renesas", "p-cpe:/a:novell:opensuse:dtb-rockchip", "p-cpe:/a:novell:opensuse:kselftests-kmp-default", "p-cpe:/a:novell:opensuse:dtb-socionext", "p-cpe:/a:novell:opensuse:dtb-sprd", "p-cpe:/a:novell:opensuse:dtb-xilinx", "p-cpe:/a:novell:opensuse:kselftests-kmp-preempt", "p-cpe:/a:novell:opensuse:dtb-zte", "p-cpe:/a:novell:opensuse:ocfs2-kmp-64kb", "p-cpe:/a:novell:opensuse:gfs2-kmp-64kb", "p-cpe:/a:novell:opensuse:gfs2-kmp-default", "p-cpe:/a:novell:opensuse:ocfs2-kmp-default", "p-cpe:/a:novell:opensuse:gfs2-kmp-preempt", "p-cpe:/a:novell:opensuse:kernel-64kb", "p-cpe:/a:novell:opensuse:ocfs2-kmp-preempt", "p-cpe:/a:novell:opensuse:kernel-64kb-devel", "p-cpe:/a:novell:opensuse:reiserfs-kmp-64kb", "p-cpe:/a:novell:opensuse:kernel-64kb-extra", "p-cpe:/a:novell:opensuse:reiserfs-kmp-default", "p-cpe:/a:novell:opensuse:kernel-64kb-livepatch-devel", "p-cpe:/a:novell:opensuse:kernel-64kb-optional", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:reiserfs-kmp-preempt", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-livepatch-devel", "cpe:/o:novell:opensuse:15.3", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-rebuild", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-extra", "p-cpe:/a:novell:opensuse:kernel-default-livepatch", "p-cpe:/a:novell:opensuse:kernel-default-livepatch-devel", "p-cpe:/a:novell:opensuse:kernel-default-optional", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-livepatch-devel", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-preempt", "p-cpe:/a:novell:opensuse:kernel-preempt-devel", "p-cpe:/a:novell:opensuse:kernel-preempt-extra", "p-cpe:/a:novell:opensuse:kernel-preempt-livepatch-devel", "p-cpe:/a:novell:opensuse:kernel-preempt-optional", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla"], "id": "OPENSUSE-2021-3655.NASL", "href": "https://www.tenable.com/plugins/nessus/155299", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:3655-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155299);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/01\");\n\n script_cve_id(\n \"CVE-2021-3542\",\n \"CVE-2021-3655\",\n \"CVE-2021-3715\",\n \"CVE-2021-3760\",\n \"CVE-2021-3772\",\n \"CVE-2021-3896\",\n \"CVE-2021-33033\",\n \"CVE-2021-34866\",\n \"CVE-2021-41864\",\n \"CVE-2021-42008\",\n \"CVE-2021-42252\",\n \"CVE-2021-42739\",\n \"CVE-2021-43056\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : kernel (openSUSE-SU-2021:3655-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:3655-1 advisory.\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because\n the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads\n to writing an arbitrary value. (CVE-2021-33033)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-42739. Reason: This candidate is a\n reservation duplicate of CVE-2021-42739. Notes: All CVE users should reference CVE-2021-42739 instead of\n this candidate. All references and descriptions in this candidate have been removed to prevent accidental\n usage. (CVE-2021-3542)\n\n - A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on\n inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)\n\n - kernel: use-after-free in route4_change() in net/sched/cls_route.c (CVE-2021-3715)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43389. Reason: This candidate is a\n reservation duplicate of CVE-2021-43389. Notes: All CVE users should reference CVE-2021-43389 instead of\n this candidate. All references and descriptions in this candidate have been removed to prevent accidental\n usage. (CVE-2021-3896)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel through 5.14.9 allows\n unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds\n write. (CVE-2021-41864)\n\n - The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab\n out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.\n (CVE-2021-42008)\n\n - An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux\n kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite\n memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a\n certain comparison uses values that are not memory sizes. (CVE-2021-42252)\n\n - The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to\n drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt\n mishandles bounds checking. (CVE-2021-42739)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to\n crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S\n implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1085030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1172073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176914\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178134\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181147\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188563\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189841\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190795\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191229\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191450\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191731\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191800\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191934\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192145\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ET2XZDZ74SKULHCBR4GCFG3KJRMSHJQQ/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7172afb4\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-34866\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-42008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-42252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-42739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43056\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-34866\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cluster-md-kmp-64kb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cluster-md-kmp-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dlm-kmp-64kb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dlm-kmp-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-al\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-allwinner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-altera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-amd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-amlogic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-apm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-broadcom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-cavium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-exynos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-freescale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-hisilicon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-lg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-mediatek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-nvidia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-qcom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-renesas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-rockchip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-socionext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-sprd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-xilinx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-zte\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gfs2-kmp-64kb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gfs2-kmp-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-64kb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-64kb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-64kb-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-64kb-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-64kb-optional\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-rebuild\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-optional\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-optional\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-64kb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ocfs2-kmp-64kb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ocfs2-kmp-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:reiserfs-kmp-64kb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:reiserfs-kmp-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-64kb-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cluster-md-kmp-default-5.3.18-59.30.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cluster-md-kmp-preempt-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cluster-md-kmp-preempt-5.3.18-59.30.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dlm-kmp-64kb-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dlm-kmp-default-5.3.18-59.30.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dlm-kmp-preempt-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dlm-kmp-preempt-5.3.18-59.30.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-al-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-allwinner-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-altera-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-amd-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-amlogic-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-apm-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-arm-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-broadcom-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-cavium-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-exynos-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-freescale-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-hisilicon-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-lg-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-marvell-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-mediatek-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-nvidia-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-qcom-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-renesas-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-rockchip-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-socionext-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-sprd-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-xilinx-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-zte-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gfs2-kmp-64kb-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gfs2-kmp-default-5.3.18-59.30.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gfs2-kmp-preempt-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gfs2-kmp-preempt-5.3.18-59.30.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-64kb-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-64kb-devel-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-64kb-extra-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-64kb-livepatch-devel-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-64kb-optional-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-5.3.18-59.30.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-5.3.18-59.30.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-livepatch-devel-5.3.18-59.30.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-default-5.3.18-59.30.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-default-base-5.3.18-59.30.1.18.17.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-default-base-rebuild-5.3.18-59.30.1.18.17.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-default-devel-5.3.18-59.30.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-default-extra-5.3.18-59.30.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-default-livepatch-5.3.18-59.30.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-default-livepatch-devel-5.3.18-59.30.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-default-optional-5.3.18-59.30.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-5.3.18-59.30.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kvmsmall-5.3.18-59.30.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kvmsmall-devel-5.3.18-59.30.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kvmsmall-livepatch-devel-5.3.18-59.30.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-macros-5.3.18-59.30.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-obs-build-5.3.18-59.30.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-obs-qa-5.3.18-59.30.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-preempt-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-preempt-5.3.18-59.30.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-preempt-devel-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-preempt-devel-5.3.18-59.30.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-preempt-extra-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-preempt-extra-5.3.18-59.30.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-preempt-livepatch-devel-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-preempt-livepatch-devel-5.3.18-59.30.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-preempt-optional-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-preempt-optional-5.3.18-59.30.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-source-5.3.18-59.30.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-source-vanilla-5.3.18-59.30.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-syms-5.3.18-59.30.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-5.3.18-59.30.1', 'cpu':'s390x', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kselftests-kmp-64kb-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kselftests-kmp-default-5.3.18-59.30.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kselftests-kmp-preempt-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kselftests-kmp-preempt-5.3.18-59.30.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocfs2-kmp-64kb-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocfs2-kmp-default-5.3.18-59.30.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocfs2-kmp-preempt-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocfs2-kmp-preempt-5.3.18-59.30.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'reiserfs-kmp-64kb-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'reiserfs-kmp-default-5.3.18-59.30.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'reiserfs-kmp-preempt-5.3.18-59.30.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'reiserfs-kmp-preempt-5.3.18-59.30.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-64kb / cluster-md-kmp-default / cluster-md-kmp-preempt / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:35:01", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1460-1 advisory.\n\n - The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID. (CVE-2018-13405)\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. (CVE-2021-33033)\n\n - In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack. (CVE-2021-34556)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-42739. Reason: This candidate is a reservation duplicate of CVE-2021-42739. Notes: All CVE users should reference CVE-2021-42739 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2021-3542)\n\n - In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value.\n (CVE-2021-35477)\n\n - A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)\n\n - kernel: use-after-free in route4_change() in net/sched/cls_route.c (CVE-2021-3715)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43389. Reason: This candidate is a reservation duplicate of CVE-2021-43389. Notes: All CVE users should reference CVE-2021-43389 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2021-3896)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel through 5.14.9 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. (CVE-2021-41864)\n\n - The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.\n (CVE-2021-42008)\n\n - An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes. (CVE-2021-42252)\n\n - The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking. (CVE-2021-42739)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-09T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : kernel (openSUSE-SU-2021:1460-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-13405", "CVE-2021-33033", "CVE-2021-34556", "CVE-2021-3542", "CVE-2021-35477", "CVE-2021-3655", "CVE-2021-3715", "CVE-2021-3760", "CVE-2021-3772", "CVE-2021-3896", "CVE-2021-41864", "CVE-2021-42008", "CVE-2021-42252", "CVE-2021-42739", "CVE-2021-43056", "CVE-2021-43389"], "modified": "2022-02-28T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-rebuild", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-preempt", "p-cpe:/a:novell:opensuse:kernel-preempt-devel", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-1460.NASL", "href": "https://www.tenable.com/plugins/nessus/154975", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1460-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154975);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/28\");\n\n script_cve_id(\n \"CVE-2018-13405\",\n \"CVE-2021-3542\",\n \"CVE-2021-3655\",\n \"CVE-2021-3715\",\n \"CVE-2021-3760\",\n \"CVE-2021-3772\",\n \"CVE-2021-3896\",\n \"CVE-2021-33033\",\n \"CVE-2021-34556\",\n \"CVE-2021-35477\",\n \"CVE-2021-41864\",\n \"CVE-2021-42008\",\n \"CVE-2021-42252\",\n \"CVE-2021-42739\",\n \"CVE-2021-43056\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : kernel (openSUSE-SU-2021:1460-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1460-1 advisory.\n\n - The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create\n files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and\n is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a\n plain file whose group ownership is that group. The intended behavior was that the non-member can trigger\n creation of a directory (but not a plain file) whose group ownership is that group. The non-member can\n escalate privileges by making the plain file executable and SGID. (CVE-2018-13405)\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because\n the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads\n to writing an arbitrary value. (CVE-2021-33033)\n\n - In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from\n kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects\n the possibility of uninitialized memory locations on the BPF stack. (CVE-2021-34556)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-42739. Reason: This candidate is a\n reservation duplicate of CVE-2021-42739. Notes: All CVE users should reference CVE-2021-42739 instead of\n this candidate. All references and descriptions in this candidate have been removed to prevent accidental\n usage. (CVE-2021-3542)\n\n - In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from\n kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store\n operation does not necessarily occur before a store operation that has an attacker-controlled value.\n (CVE-2021-35477)\n\n - A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on\n inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)\n\n - kernel: use-after-free in route4_change() in net/sched/cls_route.c (CVE-2021-3715)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43389. Reason: This candidate is a\n reservation duplicate of CVE-2021-43389. Notes: All CVE users should reference CVE-2021-43389 instead of\n this candidate. All references and descriptions in this candidate have been removed to prevent accidental\n usage. (CVE-2021-3896)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel through 5.14.9 allows\n unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds\n write. (CVE-2021-41864)\n\n - The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab\n out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.\n (CVE-2021-42008)\n\n - An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux\n kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite\n memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a\n certain comparison uses values that are not memory sizes. (CVE-2021-42252)\n\n - The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to\n drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt\n mishandles bounds checking. (CVE-2021-42739)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to\n crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S\n implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1085030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1100416\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1129735\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1157177\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1167773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1172073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188563\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188876\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189841\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190795\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191229\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191238\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191343\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191450\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191731\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191800\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191934\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192267\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MLGTNISZMAYBWA26GZHGZYQYWHM3VSZI/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?28df09d4\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-13405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-34556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-35477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-42008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-42252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-42739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43056\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3760\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-rebuild\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'kernel-debug-5.3.18-lp152.98.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-5.3.18-lp152.98.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-default-5.3.18-lp152.98.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-default-base-5.3.18-lp152.98.1.lp152.8.46.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-default-base-rebuild-5.3.18-lp152.98.1.lp152.8.46.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-default-devel-5.3.18-lp152.98.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-5.3.18-lp152.98.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kvmsmall-5.3.18-lp152.98.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kvmsmall-devel-5.3.18-lp152.98.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-macros-5.3.18-lp152.98.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-obs-build-5.3.18-lp152.98.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-obs-qa-5.3.18-lp152.98.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-preempt-5.3.18-lp152.98.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-preempt-devel-5.3.18-lp152.98.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-source-5.3.18-lp152.98.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-source-vanilla-5.3.18-lp152.98.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-syms-5.3.18-lp152.98.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-debug / kernel-debug-devel / kernel-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:35:59", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1477-1 advisory.\n\n - The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID. (CVE-2018-13405)\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. (CVE-2021-33033)\n\n - In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects the possibility of uninitialized memory locations on the BPF stack. (CVE-2021-34556)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-42739. Reason: This candidate is a reservation duplicate of CVE-2021-42739. Notes: All CVE users should reference CVE-2021-42739 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2021-3542)\n\n - In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store operation does not necessarily occur before a store operation that has an attacker-controlled value.\n (CVE-2021-35477)\n\n - A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)\n\n - kernel: use-after-free in route4_change() in net/sched/cls_route.c (CVE-2021-3715)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43389. Reason: This candidate is a reservation duplicate of CVE-2021-43389. Notes: All CVE users should reference CVE-2021-43389 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. (CVE-2021-3896)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel through 5.14.9 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. (CVE-2021-41864)\n\n - The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.\n (CVE-2021-42008)\n\n - An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a certain comparison uses values that are not memory sizes. (CVE-2021-42252)\n\n - The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking. (CVE-2021-42739)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-16T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : kernel (openSUSE-SU-2021:1477-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-13405", "CVE-2021-33033", "CVE-2021-34556", "CVE-2021-3542", "CVE-2021-35477", "CVE-2021-3655", "CVE-2021-3715", "CVE-2021-3760", "CVE-2021-3772", "CVE-2021-3896", "CVE-2021-41864", "CVE-2021-42008", "CVE-2021-42252", "CVE-2021-42739", "CVE-2021-43056", "CVE-2021-43389"], "modified": "2022-02-28T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-rebuild", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-preempt", "p-cpe:/a:novell:opensuse:kernel-preempt-devel", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-1477.NASL", "href": "https://www.tenable.com/plugins/nessus/155358", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1477-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155358);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/28\");\n\n script_cve_id(\n \"CVE-2018-13405\",\n \"CVE-2021-3542\",\n \"CVE-2021-3655\",\n \"CVE-2021-3715\",\n \"CVE-2021-3760\",\n \"CVE-2021-3772\",\n \"CVE-2021-3896\",\n \"CVE-2021-33033\",\n \"CVE-2021-34556\",\n \"CVE-2021-35477\",\n \"CVE-2021-41864\",\n \"CVE-2021-42008\",\n \"CVE-2021-42252\",\n \"CVE-2021-42739\",\n \"CVE-2021-43056\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : kernel (openSUSE-SU-2021:1477-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1477-1 advisory.\n\n - The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create\n files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and\n is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a\n plain file whose group ownership is that group. The intended behavior was that the non-member can trigger\n creation of a directory (but not a plain file) whose group ownership is that group. The non-member can\n escalate privileges by making the plain file executable and SGID. (CVE-2018-13405)\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because\n the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads\n to writing an arbitrary value. (CVE-2021-33033)\n\n - In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from\n kernel memory via a Speculative Store Bypass side-channel attack because the protection mechanism neglects\n the possibility of uninitialized memory locations on the BPF stack. (CVE-2021-34556)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-42739. Reason: This candidate is a\n reservation duplicate of CVE-2021-42739. Notes: All CVE users should reference CVE-2021-42739 instead of\n this candidate. All references and descriptions in this candidate have been removed to prevent accidental\n usage. (CVE-2021-3542)\n\n - In the Linux kernel through 5.13.7, an unprivileged BPF program can obtain sensitive information from\n kernel memory via a Speculative Store Bypass side-channel attack because a certain preempting store\n operation does not necessarily occur before a store operation that has an attacker-controlled value.\n (CVE-2021-35477)\n\n - A vulnerability was found in the Linux kernel in versions prior to v5.14-rc1. Missing size validations on\n inbound SCTP packets may allow the kernel to read uninitialized memory. (CVE-2021-3655)\n\n - kernel: use-after-free in route4_change() in net/sched/cls_route.c (CVE-2021-3715)\n\n - ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-43389. Reason: This candidate is a\n reservation duplicate of CVE-2021-43389. Notes: All CVE users should reference CVE-2021-43389 instead of\n this candidate. All references and descriptions in this candidate have been removed to prevent accidental\n usage. (CVE-2021-3896)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel through 5.14.9 allows\n unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds\n write. (CVE-2021-41864)\n\n - The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab\n out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.\n (CVE-2021-42008)\n\n - An issue was discovered in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in the Linux\n kernel before 5.14.6. Local attackers able to access the Aspeed LPC control interface could overwrite\n memory in the kernel and potentially execute privileges, aka CID-b49a0e69a7b1. This occurs because a\n certain comparison uses values that are not memory sizes. (CVE-2021-42252)\n\n - The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to\n drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt\n mishandles bounds checking. (CVE-2021-42739)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to\n crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S\n implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1085030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1100416\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1129735\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1157177\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1167773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1172073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188563\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188876\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188983\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189841\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190006\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190067\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190795\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191229\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191238\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191315\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191343\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191450\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191731\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191800\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191934\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192040\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192041\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192267\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192549\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/J325P6NPH7BF7P7B3LO6FGQNCTFNGKEW/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7ad35c01\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-13405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-34556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3542\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-35477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-42008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-42252\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-42739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43056\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3760\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-rebuild\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'kernel-debug-5.3.18-lp152.102.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-5.3.18-lp152.102.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-default-5.3.18-lp152.102.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-default-base-5.3.18-lp152.102.1.lp152.8.49.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-default-base-rebuild-5.3.18-lp152.102.1.lp152.8.49.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-default-devel-5.3.18-lp152.102.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-5.3.18-lp152.102.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kvmsmall-5.3.18-lp152.102.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kvmsmall-devel-5.3.18-lp152.102.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-macros-5.3.18-lp152.102.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-obs-build-5.3.18-lp152.102.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-obs-qa-5.3.18-lp152.102.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-preempt-5.3.18-lp152.102.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-preempt-devel-5.3.18-lp152.102.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-source-5.3.18-lp152.102.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-source-vanilla-5.3.18-lp152.102.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-syms-5.3.18-lp152.102.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-debug / kernel-debug-devel / kernel-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-27T15:20:57", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1988 advisory.\n\n - kernel: avoid cyclic entity chains due to malformed USB descriptors (CVE-2020-0404)\n\n - kernel: integer overflow in k_ascii() in drivers/tty/vt/keyboard.c (CVE-2020-13974)\n\n - kernel: use-after-free in nouveau kernel module (CVE-2020-27820)\n\n - kernel: speculation on incompletely validated data on IBM Power9 (CVE-2020-4788)\n\n - kernel: out-of-bounds read in bpf_skb_change_head() of filter.c due to a use-after-free (CVE-2021-0941)\n\n - kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies (CVE-2021-20322)\n\n - kernel: arm: SIGPAGE information disclosure vulnerability (CVE-2021-21781)\n\n - hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715 (CVE-2021-26401)\n\n - kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation (CVE-2021-29154)\n\n - kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP() (CVE-2021-3612)\n\n - kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts (CVE-2021-3669)\n\n - kernel: use-after-free in hso_free_net_device() in drivers/net/usb/hso.c (CVE-2021-37159)\n\n - kernel: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c (CVE-2021-3743)\n\n - kernel: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() (CVE-2021-3744)\n\n - kernel: possible use-after-free in bluetooth module (CVE-2021-3752)\n\n - kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks (CVE-2021-3759)\n\n - kernel: DoS in ccp_run_aes_gcm_cmd() function (CVE-2021-3764)\n\n - kernel: sctp: Invalid chunks may be used to remotely remove existing associations (CVE-2021-3772)\n\n - kernel: lack of port sanity checking in natd and netfilter leads to exploit of OpenVPN clients (CVE-2021-3773)\n\n - kernel: possible leak or coruption of data residing on hugetlbfs (CVE-2021-4002)\n\n - kernel: security regression for CVE-2018-13405 (CVE-2021-4037)\n\n - kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)\n\n - kernel: KVM: SVM: out-of-bounds read/write in sev_es_string_io (CVE-2021-4093)\n\n - kernel: Buffer overwrite in decode_nfs_fh function (CVE-2021-4157)\n\n - kernel: eBPF multiplication integer overflow in prealloc_elems_and_freelist() in kernel/bpf/stackmap.c leads to out-of-bounds write (CVE-2021-41864)\n\n - kernel: cgroup: Use open-time creds and namespace for migration perm checks (CVE-2021-4197)\n\n - kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses (CVE-2021-4203)\n\n - kernel: Heap buffer overflow in firedtv driver (CVE-2021-42739)\n\n - kernel: ppc: kvm: allows a malicious KVM guest to crash the host (CVE-2021-43056)\n\n - kernel: an array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (CVE-2021-43389)\n\n - kernel: mwifiex_usb_recv() in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker to cause DoS via crafted USB device (CVE-2021-43976)\n\n - kernel: use-after-free in the TEE subsystem (CVE-2021-44733)\n\n - kernel: information leak in the IPv6 implementation (CVE-2021-45485)\n\n - kernel: information leak in the IPv4 implementation (CVE-2021-45486)\n\n - hw: cpu: intel: Branch History Injection (BHI) (CVE-2022-0001)\n\n - hw: cpu: intel: Intra-Mode BTI (CVE-2022-0002)\n\n - kernel: Local denial of service in bond_ipsec_add_sa (CVE-2022-0286)\n\n - kernel: DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c (CVE-2022-0322)\n\n - kernel: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes (CVE-2022-1011)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-11T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel (RHSA-2022:1988)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2018-13405", "CVE-2020-0404", "CVE-2020-13974", "CVE-2020-27820", "CVE-2020-4788", "CVE-2021-0941", "CVE-2021-20322", "CVE-2021-21781", "CVE-2021-26401", "CVE-2021-29154", "CVE-2021-3612", "CVE-2021-3669", "CVE-2021-37159", "CVE-2021-3743", "CVE-2021-3744", "CVE-2021-3752", "CVE-2021-3759", "CVE-2021-3764", "CVE-2021-3772", "CVE-2021-3773", "CVE-2021-4002", "CVE-2021-4037", "CVE-2021-4083", "CVE-2021-4093", "CVE-2021-4157", "CVE-2021-41864", "CVE-2021-4197", "CVE-2021-4203", "CVE-2021-42739", "CVE-2021-43056", "CVE-2021-43389", "CVE-2021-43976", "CVE-2021-44733", "CVE-2021-45485", "CVE-2021-45486", "CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0286", "CVE-2022-0322", "CVE-2022-1011"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists", "p-cpe:/a:redhat:enterprise_linux:kernel-core", "p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python3-perf"], "id": "REDHAT-RHSA-2022-1988.NASL", "href": "https://www.tenable.com/plugins/nessus/161047", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:1988. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161047);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2020-0404\",\n \"CVE-2020-4788\",\n \"CVE-2020-13974\",\n \"CVE-2020-27820\",\n \"CVE-2021-0941\",\n \"CVE-2021-3612\",\n \"CVE-2021-3669\",\n \"CVE-2021-3743\",\n \"CVE-2021-3744\",\n \"CVE-2021-3752\",\n \"CVE-2021-3759\",\n \"CVE-2021-3764\",\n \"CVE-2021-3772\",\n \"CVE-2021-3773\",\n \"CVE-2021-4002\",\n \"CVE-2021-4037\",\n \"CVE-2021-4083\",\n \"CVE-2021-4157\",\n \"CVE-2021-4197\",\n \"CVE-2021-4203\",\n \"CVE-2021-20322\",\n \"CVE-2021-21781\",\n \"CVE-2021-26401\",\n \"CVE-2021-29154\",\n \"CVE-2021-37159\",\n \"CVE-2021-41864\",\n \"CVE-2021-42739\",\n \"CVE-2021-43056\",\n \"CVE-2021-43389\",\n \"CVE-2021-43976\",\n \"CVE-2021-44733\",\n \"CVE-2021-45485\",\n \"CVE-2021-45486\",\n \"CVE-2022-0001\",\n \"CVE-2022-0002\",\n \"CVE-2022-0286\",\n \"CVE-2022-0322\",\n \"CVE-2022-1011\"\n );\n script_xref(name:\"RHSA\", value:\"2022:1988\");\n\n script_name(english:\"RHEL 8 : kernel (RHSA-2022:1988)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:1988 advisory.\n\n - kernel: avoid cyclic entity chains due to malformed USB descriptors (CVE-2020-0404)\n\n - kernel: integer overflow in k_ascii() in drivers/tty/vt/keyboard.c (CVE-2020-13974)\n\n - kernel: use-after-free in nouveau kernel module (CVE-2020-27820)\n\n - kernel: speculation on incompletely validated data on IBM Power9 (CVE-2020-4788)\n\n - kernel: out-of-bounds read in bpf_skb_change_head() of filter.c due to a use-after-free (CVE-2021-0941)\n\n - kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies (CVE-2021-20322)\n\n - kernel: arm: SIGPAGE information disclosure vulnerability (CVE-2021-21781)\n\n - hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715 (CVE-2021-26401)\n\n - kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation\n (CVE-2021-29154)\n\n - kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP() (CVE-2021-3612)\n\n - kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts (CVE-2021-3669)\n\n - kernel: use-after-free in hso_free_net_device() in drivers/net/usb/hso.c (CVE-2021-37159)\n\n - kernel: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c (CVE-2021-3743)\n\n - kernel: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() (CVE-2021-3744)\n\n - kernel: possible use-after-free in bluetooth module (CVE-2021-3752)\n\n - kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks\n (CVE-2021-3759)\n\n - kernel: DoS in ccp_run_aes_gcm_cmd() function (CVE-2021-3764)\n\n - kernel: sctp: Invalid chunks may be used to remotely remove existing associations (CVE-2021-3772)\n\n - kernel: lack of port sanity checking in natd and netfilter leads to exploit of OpenVPN clients\n (CVE-2021-3773)\n\n - kernel: possible leak or coruption of data residing on hugetlbfs (CVE-2021-4002)\n\n - kernel: security regression for CVE-2018-13405 (CVE-2021-4037)\n\n - kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)\n\n - kernel: KVM: SVM: out-of-bounds read/write in sev_es_string_io (CVE-2021-4093)\n\n - kernel: Buffer overwrite in decode_nfs_fh function (CVE-2021-4157)\n\n - kernel: eBPF multiplication integer overflow in prealloc_elems_and_freelist() in kernel/bpf/stackmap.c\n leads to out-of-bounds write (CVE-2021-41864)\n\n - kernel: cgroup: Use open-time creds and namespace for migration perm checks (CVE-2021-4197)\n\n - kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses (CVE-2021-4203)\n\n - kernel: Heap buffer overflow in firedtv driver (CVE-2021-42739)\n\n - kernel: ppc: kvm: allows a malicious KVM guest to crash the host (CVE-2021-43056)\n\n - kernel: an array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (CVE-2021-43389)\n\n - kernel: mwifiex_usb_recv() in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker to cause DoS\n via crafted USB device (CVE-2021-43976)\n\n - kernel: use-after-free in the TEE subsystem (CVE-2021-44733)\n\n - kernel: information leak in the IPv6 implementation (CVE-2021-45485)\n\n - kernel: information leak in the IPv4 implementation (CVE-2021-45486)\n\n - hw: cpu: intel: Branch History Injection (BHI) (CVE-2022-0001)\n\n - hw: cpu: intel: Intra-Mode BTI (CVE-2022-0002)\n\n - kernel: Local denial of service in bond_ipsec_add_sa (CVE-2022-0286)\n\n - kernel: DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c (CVE-2022-0322)\n\n - kernel: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes\n (CVE-2022-1011)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0404\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-4788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-13974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-0941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3743\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3759\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3764\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4037\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4083\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4093\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21781\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-26401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-37159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-41864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-42739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-44733\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-45485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-45486\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:1988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1888433\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1901726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1919791\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1946684\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1951739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1974079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1981950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1985353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986473\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1997467\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1997961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1999544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1999675\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2000627\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2000694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2004949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2010463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2013180\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2014230\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016169\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2017073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2018205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2025003\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2025726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2027239\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2028584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2029923\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030747\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2034342\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2035652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2036934\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2037019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2039911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2039914\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2042822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2061700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2061712\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2061721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2064855\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3752\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3773\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 125, 129, 190, 200, 252, 284, 287, 327, 330, 354, 362, 400, 401, 416, 459, 476, 681, 787, 908);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-0404', 'CVE-2020-4788', 'CVE-2020-13974', 'CVE-2020-27820', 'CVE-2021-0941', 'CVE-2021-3612', 'CVE-2021-3669', 'CVE-2021-3743', 'CVE-2021-3744', 'CVE-2021-3752', 'CVE-2021-3759', 'CVE-2021-3764', 'CVE-2021-3772', 'CVE-2021-3773', 'CVE-2021-4002', 'CVE-2021-4037', 'CVE-2021-4083', 'CVE-2021-4093', 'CVE-2021-4157', 'CVE-2021-4197', 'CVE-2021-4203', 'CVE-2021-20322', 'CVE-2021-21781', 'CVE-2021-26401', 'CVE-2021-29154', 'CVE-2021-37159', 'CVE-2021-41864', 'CVE-2021-42739', 'CVE-2021-43056', 'CVE-2021-43389', 'CVE-2021-43976', 'CVE-2021-44733', 'CVE-2021-45485', 'CVE-2021-45486', 'CVE-2022-0001', 'CVE-2022-0002', 'CVE-2022-0286', 'CVE-2022-0322', 'CVE-2022-1011');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2022:1988');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.9.1.el8', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.9.1.el8', 'sp':'6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.9.1.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.9.1.el8', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.9.1.el8', 'sp':'6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.9.1.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-372.9.1.el8', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-372.9.1.el8', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-372.9.1.el8', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-372.9.1.el8', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-372.9.1.el8', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.9.1.el8', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.9.1.el8', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-372.9.1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-372.9.1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-372.9.1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-372.9.1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-372.9.1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / kernel-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-27T15:20:18", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-1988 advisory.\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\n - IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.\n (CVE-2020-4788)\n\n - An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3612)\n\n - hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.\n (CVE-2021-37159)\n\n - An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel.\n A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. (CVE-2021-3743)\n\n - LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.\n (CVE-2021-26401)\n\n - A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. (CVE-2021-20322)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3752)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. (CVE-2021-44733)\n\n - A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4002)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks (CVE-2021-3759)\n\n - A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks. (CVE-2021-3773)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel (CVE-2020-0404)\n\n - An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case. (CVE-2020-13974)\n\n - A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if unbind the driver). (CVE-2020-27820)\n\n - In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154177719References:\n Upstream kernel (CVE-2021-0941)\n\n - kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts (CVE-2021-3669)\n\n - kernel: DoS in ccp_run_aes_gcm_cmd() function (CVE-2021-3764)\n\n - kernel: security regression for CVE-2018-13405 (CVE-2021-4037)\n\n - An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process's memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11 (CVE-2021-21781)\n\n - An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (CVE-2021-43389)\n\n - In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).\n (CVE-2021-43976)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. (CVE-2021-45486)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service. (CVE-2022-0286)\n\n - A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().\n This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. (CVE-2022-1011)\n\n - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).\n This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. (CVE-2021-41864)\n\n - A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-42739)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-18T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : kernel (ELSA-2022-1988)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2018-13405", "CVE-2019-18808", "CVE-2020-0404", "CVE-2020-13974", "CVE-2020-27820", "CVE-2020-4788", "CVE-2021-0941", "CVE-2021-20322", "CVE-2021-21781", "CVE-2021-26401", "CVE-2021-29154", "CVE-2021-3612", "CVE-2021-3669", "CVE-2021-37159", "CVE-2021-3743", "CVE-2021-3744", "CVE-2021-3752", "CVE-2021-3759", "CVE-2021-3764", "CVE-2021-3772", "CVE-2021-3773", "CVE-2021-4002", "CVE-2021-4037", "CVE-2021-4083", "CVE-2021-4157", "CVE-2021-41864", "CVE-2021-4197", "CVE-2021-4203", "CVE-2021-42739", "CVE-2021-43056", "CVE-2021-43389", "CVE-2021-43976", "CVE-2021-44733", "CVE-2021-45485", "CVE-2021-45486", "CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0286", "CVE-2022-0322", "CVE-2022-1011"], "modified": "2022-05-19T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-stablelists", "p-cpe:/a:oracle:linux:kernel-core", "p-cpe:/a:oracle:linux:kernel-cross-headers", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-core", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-debug-modules", "p-cpe:/a:oracle:linux:kernel-debug-modules-extra", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-modules", "p-cpe:/a:oracle:linux:kernel-modules-extra", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python3-perf"], "id": "ORACLELINUX_ELSA-2022-1988.NASL", "href": "https://www.tenable.com/plugins/nessus/161305", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-1988.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161305);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2020-0404\",\n \"CVE-2020-4788\",\n \"CVE-2020-13974\",\n \"CVE-2020-27820\",\n \"CVE-2021-0941\",\n \"CVE-2021-3612\",\n \"CVE-2021-3669\",\n \"CVE-2021-3743\",\n \"CVE-2021-3744\",\n \"CVE-2021-3752\",\n \"CVE-2021-3759\",\n \"CVE-2021-3764\",\n \"CVE-2021-3772\",\n \"CVE-2021-3773\",\n \"CVE-2021-4002\",\n \"CVE-2021-4037\",\n \"CVE-2021-4083\",\n \"CVE-2021-4157\",\n \"CVE-2021-4197\",\n \"CVE-2021-4203\",\n \"CVE-2021-20322\",\n \"CVE-2021-21781\",\n \"CVE-2021-26401\",\n \"CVE-2021-29154\",\n \"CVE-2021-37159\",\n \"CVE-2021-41864\",\n \"CVE-2021-42739\",\n \"CVE-2021-43056\",\n \"CVE-2021-43389\",\n \"CVE-2021-43976\",\n \"CVE-2021-44733\",\n \"CVE-2021-45485\",\n \"CVE-2021-45486\",\n \"CVE-2022-0001\",\n \"CVE-2022-0002\",\n \"CVE-2022-0286\",\n \"CVE-2022-0322\",\n \"CVE-2022-1011\"\n );\n\n script_name(english:\"Oracle Linux 8 : kernel (ELSA-2022-1988)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-1988 advisory.\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements,\n allowing them to execute arbitrary code within the kernel context. This affects\n arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\n - IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive\n information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.\n (CVE-2020-4788)\n\n - An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions\n before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the\n system or possibly escalate their privileges on the system. The highest threat from this vulnerability is\n to confidentiality, integrity, as well as system availability. (CVE-2021-3612)\n\n - hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev\n without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.\n (CVE-2021-37159)\n\n - An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel.\n A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system\n crash or a leak of internal kernel information. The highest threat from this vulnerability is to system\n availability. (CVE-2021-3743)\n\n - LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.\n (CVE-2021-26401)\n\n - A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux\n kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an\n off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this\n vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source\n port randomization are indirectly affected as well. (CVE-2021-20322)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP\n association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and\n the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket\n file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race\n condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to\n the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the\n system or escalate their privileges. The highest threat from this vulnerability is to confidentiality,\n integrity, as well as system availability. (CVE-2021-3752)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory\n object. (CVE-2021-44733)\n\n - A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some\n regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the\n memory pages. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4002)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in\n the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could\n potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and\n SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a\n user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks\n (CVE-2021-3759)\n\n - A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint\n information for further use in traditional network attacks. (CVE-2021-3773)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces\n subsystem was found in the way users have access to some less privileged process that are controlled by\n cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of\n control groups. A local user could use this flaw to crash the system or escalate their privileges on the\n system. (CVE-2021-4197)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to\n crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S\n implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network\n protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more\n buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual\n root cause. This could lead to local escalation of privilege in the kernel with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-111893654References: Upstream kernel (CVE-2020-0404)\n\n - An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer\n overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community\n argue that the integer overflow does not lead to a security issue in this case. (CVE-2020-13974)\n\n - A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could\n happen if removing device (that is not common to remove video card physically without power-off, but same\n happens if unbind the driver). (CVE-2020-27820)\n\n - In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This\n could lead to local escalation of privilege with System execution privileges needed. User interaction is\n not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154177719References:\n Upstream kernel (CVE-2021-0941)\n\n - kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts (CVE-2021-3669)\n\n - kernel: DoS in ccp_run_aes_gcm_cmd() function (CVE-2021-3764)\n\n - kernel: security regression for CVE-2018-13405 (CVE-2021-4037)\n\n - An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66\n and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read\n the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process's\n memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222\n 4.19.177 5.4.99 5.10.17 5.11 (CVE-2021-21781)\n\n - An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in\n the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (CVE-2021-43389)\n\n - In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows\n an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).\n (CVE-2021-43976)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information\n leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based\n attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak\n because the hash table is very small. (CVE-2021-45486)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may\n allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an\n authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local\n denial of service. (CVE-2022-0286)\n\n - A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().\n This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in\n privilege escalation. (CVE-2022-1011)\n\n - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in\n drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).\n This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows\n unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds\n write. (CVE-2021-41864)\n\n - A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user\n calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or\n escalate privileges on the system. The highest threat from this vulnerability is to confidentiality,\n integrity, as well as system availability. (CVE-2021-42739)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-1988.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3752\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3773\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.18.0-372.9.1.el8'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-1988');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.18';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-4.18.0'},\n {'reference':'kernel-abi-stablelists-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-stablelists-4.18.0'},\n {'reference':'kernel-core-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-core-4.18.0'},\n {'reference':'kernel-cross-headers-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-cross-headers-4.18.0'},\n {'reference':'kernel-cross-headers-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-cross-headers-4.18.0'},\n {'reference':'kernel-debug-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-4.18.0'},\n {'reference':'kernel-debug-core-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-core-4.18.0'},\n {'reference':'kernel-debug-devel-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-4.18.0'},\n {'reference':'kernel-debug-modules-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-4.18.0'},\n {'reference':'kernel-debug-modules-extra-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-extra-4.18.0'},\n {'reference':'kernel-devel-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-4.18.0'},\n {'reference':'kernel-headers-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-4.18.0'},\n {'reference':'kernel-headers-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-4.18.0'},\n {'reference':'kernel-modules-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-4.18.0'},\n {'reference':'kernel-modules-extra-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-extra-4.18.0'},\n {'reference':'kernel-tools-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-4.18.0'},\n {'reference':'kernel-tools-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-4.18.0'},\n {'reference':'kernel-tools-libs-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-4.18.0'},\n {'reference':'kernel-tools-libs-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-4.18.0'},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-4.18.0'},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-4.18.0'},\n {'reference':'perf-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-27T15:20:19", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:1988 advisory.\n\n - In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel (CVE-2020-0404)\n\n - IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.\n (CVE-2020-4788)\n\n - An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case. (CVE-2020-13974)\n\n - A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if unbind the driver). (CVE-2020-27820)\n\n - In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154177719References:\n Upstream kernel (CVE-2021-0941)\n\n - An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3612)\n\n - An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel.\n A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. (CVE-2021-3743)\n\n - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).\n This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)\n\n - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3752)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks. (CVE-2021-3773)\n\n - A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4002)\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. (CVE-2021-20322)\n\n - An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process's memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11 (CVE-2021-21781)\n\n - LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.\n (CVE-2021-26401)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\n - hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.\n (CVE-2021-37159)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. (CVE-2021-41864)\n\n - A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-42739)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\n - An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (CVE-2021-43389)\n\n - In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).\n (CVE-2021-43976)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. (CVE-2021-44733)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. (CVE-2021-45486)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service. (CVE-2022-0286)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().\n This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. (CVE-2022-1011)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-12T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : kernel (ALSA-2022:1988)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2019-18808", "CVE-2020-0404", "CVE-2020-13974", "CVE-2020-27820", "CVE-2020-4788", "CVE-2021-0941", "CVE-2021-20322", "CVE-2021-21781", "CVE-2021-26401", "CVE-2021-29154", "CVE-2021-3612", "CVE-2021-3669", "CVE-2021-37159", "CVE-2021-3743", "CVE-2021-3744", "CVE-2021-3752", "CVE-2021-3759", "CVE-2021-3764", "CVE-2021-3772", "CVE-2021-3773", "CVE-2021-4002", "CVE-2021-4037", "CVE-2021-4083", "CVE-2021-4157", "CVE-2021-41864", "CVE-2021-4197", "CVE-2021-4203", "CVE-2021-42739", "CVE-2021-43056", "CVE-2021-43389", "CVE-2021-43976", "CVE-2021-44733", "CVE-2021-45485", "CVE-2021-45486", "CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0286", "CVE-2022-0322", "CVE-2022-1011"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:alma:linux:bpftool", "p-cpe:/a:alma:linux:kernel", "p-cpe:/a:alma:linux:kernel-abi-stablelists", "p-cpe:/a:alma:linux:kernel-core", "p-cpe:/a:alma:linux:kernel-cross-headers", "p-cpe:/a:alma:linux:kernel-debug", "p-cpe:/a:alma:linux:kernel-debug-core", "p-cpe:/a:alma:linux:kernel-debug-devel", "p-cpe:/a:alma:linux:kernel-debug-modules", "p-cpe:/a:alma:linux:kernel-debug-modules-extra", "p-cpe:/a:alma:linux:kernel-devel", "p-cpe:/a:alma:linux:kernel-headers", "p-cpe:/a:alma:linux:kernel-modules", "p-cpe:/a:alma:linux:kernel-modules-extra", "p-cpe:/a:alma:linux:kernel-tools", "p-cpe:/a:alma:linux:kernel-tools-libs", "p-cpe:/a:alma:linux:perf", "p-cpe:/a:alma:linux:python3-perf", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2022-1988.NASL", "href": "https://www.tenable.com/plugins/nessus/161093", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:1988.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161093);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2020-0404\",\n \"CVE-2020-4788\",\n \"CVE-2020-13974\",\n \"CVE-2020-27820\",\n \"CVE-2021-0941\",\n \"CVE-2021-3612\",\n \"CVE-2021-3669\",\n \"CVE-2021-3743\",\n \"CVE-2021-3744\",\n \"CVE-2021-3752\",\n \"CVE-2021-3759\",\n \"CVE-2021-3764\",\n \"CVE-2021-3772\",\n \"CVE-2021-3773\",\n \"CVE-2021-4002\",\n \"CVE-2021-4037\",\n \"CVE-2021-4083\",\n \"CVE-2021-4157\",\n \"CVE-2021-4197\",\n \"CVE-2021-4203\",\n \"CVE-2021-20322\",\n \"CVE-2021-21781\",\n \"CVE-2021-26401\",\n \"CVE-2021-29154\",\n \"CVE-2021-37159\",\n \"CVE-2021-41864\",\n \"CVE-2021-42739\",\n \"CVE-2021-43056\",\n \"CVE-2021-43389\",\n \"CVE-2021-43976\",\n \"CVE-2021-44733\",\n \"CVE-2021-45485\",\n \"CVE-2021-45486\",\n \"CVE-2022-0001\",\n \"CVE-2022-0002\",\n \"CVE-2022-0286\",\n \"CVE-2022-0322\",\n \"CVE-2022-1011\"\n );\n script_xref(name:\"ALSA\", value:\"2022:1988\");\n\n script_name(english:\"AlmaLinux 8 : kernel (ALSA-2022:1988)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2022:1988 advisory.\n\n - In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual\n root cause. This could lead to local escalation of privilege in the kernel with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-111893654References: Upstream kernel (CVE-2020-0404)\n\n - IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive\n information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.\n (CVE-2020-4788)\n\n - An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer\n overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community\n argue that the integer overflow does not lead to a security issue in this case. (CVE-2020-13974)\n\n - A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could\n happen if removing device (that is not common to remove video card physically without power-off, but same\n happens if unbind the driver). (CVE-2020-27820)\n\n - In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This\n could lead to local escalation of privilege with System execution privileges needed. User interaction is\n not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154177719References:\n Upstream kernel (CVE-2021-0941)\n\n - An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions\n before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the\n system or possibly escalate their privileges on the system. The highest threat from this vulnerability is\n to confidentiality, integrity, as well as system availability. (CVE-2021-3612)\n\n - An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel.\n A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system\n crash or a leak of internal kernel information. The highest threat from this vulnerability is to system\n availability. (CVE-2021-3743)\n\n - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in\n drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).\n This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)\n\n - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to\n the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the\n system or escalate their privileges. The highest threat from this vulnerability is to confidentiality,\n integrity, as well as system availability. (CVE-2021-3752)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP\n association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and\n the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint\n information for further use in traditional network attacks. (CVE-2021-3773)\n\n - A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some\n regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the\n memory pages. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4002)\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket\n file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race\n condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in\n the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could\n potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces\n subsystem was found in the way users have access to some less privileged process that are controlled by\n cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of\n control groups. A local user could use this flaw to crash the system or escalate their privileges on the\n system. (CVE-2021-4197)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and\n SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a\n user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux\n kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an\n off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this\n vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source\n port randomization are indirectly affected as well. (CVE-2021-20322)\n\n - An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66\n and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read\n the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process's\n memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222\n 4.19.177 5.4.99 5.10.17 5.11 (CVE-2021-21781)\n\n - LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.\n (CVE-2021-26401)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements,\n allowing them to execute arbitrary code within the kernel context. This affects\n arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\n - hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev\n without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.\n (CVE-2021-37159)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows\n unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds\n write. (CVE-2021-41864)\n\n - A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user\n calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or\n escalate privileges on the system. The highest threat from this vulnerability is to confidentiality,\n integrity, as well as system availability. (CVE-2021-42739)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to\n crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S\n implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\n - An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in\n the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (CVE-2021-43389)\n\n - In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows\n an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).\n (CVE-2021-43976)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory\n object. (CVE-2021-44733)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information\n leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based\n attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak\n because the hash table is very small. (CVE-2021-45486)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may\n allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an\n authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local\n denial of service. (CVE-2022-0286)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network\n protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more\n buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().\n This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in\n privilege escalation. (CVE-2022-1011)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2022-1988.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3752\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3773\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-0404', 'CVE-2020-4788', 'CVE-2020-13974', 'CVE-2020-27820', 'CVE-2021-0941', 'CVE-2021-3612', 'CVE-2021-3669', 'CVE-2021-3743', 'CVE-2021-3744', 'CVE-2021-3752', 'CVE-2021-3759', 'CVE-2021-3764', 'CVE-2021-3772', 'CVE-2021-3773', 'CVE-2021-4002', 'CVE-2021-4037', 'CVE-2021-4083', 'CVE-2021-4157', 'CVE-2021-4197', 'CVE-2021-4203', 'CVE-2021-20322', 'CVE-2021-21781', 'CVE-2021-26401', 'CVE-2021-29154', 'CVE-2021-37159', 'CVE-2021-41864', 'CVE-2021-42739', 'CVE-2021-43056', 'CVE-2021-43389', 'CVE-2021-43976', 'CVE-2021-44733', 'CVE-2021-45485', 'CVE-2021-45486', 'CVE-2022-0001', 'CVE-2022-0002', 'CVE-2022-0286', 'CVE-2022-0322', 'CVE-2022-1011');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ALSA-2022:1988');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / kernel-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "ubuntu": [{"lastseen": "2023-06-06T15:32:39", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n * Ubuntu 18.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-aws-5.4 \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-azure \\- Linux kernel for Microsoft Azure Cloud systems\n * linux-azure-5.4 \\- Linux kernel for Microsoft Azure cloud systems\n * linux-bluefield \\- Linux kernel for NVIDIA BlueField platforms\n * linux-gcp \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-gcp-5.4 \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-gke \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-gke-5.4 \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-gkeop \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-gkeop-5.4 \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-hwe-5.4 \\- Linux hardware enablement (HWE) kernel\n * linux-ibm \\- Linux kernel for IBM cloud systems\n * linux-kvm \\- Linux kernel for cloud environments\n * linux-oracle \\- Linux kernel for Oracle Cloud systems\n * linux-oracle-5.4 \\- Linux kernel for Oracle Cloud systems\n * linux-raspi \\- Linux kernel for Raspberry Pi systems\n * linux-raspi-5.4 \\- Linux kernel for Raspberry Pi systems\n\nNadav Amit discovered that the hugetlb implementation in the Linux kernel \ndid not perform TLB flushes under certain conditions. A local attacker \ncould use this to leak or alter data from other processes that use huge \npages. (CVE-2021-4002)\n\nIt was discovered that the Linux kernel did not properly enforce certain \ntypes of entries in the Secure Boot Forbidden Signature Database (aka dbx) \nprotection mechanism. An attacker could use this to bypass UEFI Secure Boot \nrestrictions. (CVE-2020-26541)\n\nIt was discovered that a race condition existed in the overlay file system \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash). (CVE-2021-20321)\n\nIt was discovered that the NFC subsystem in the Linux kernel contained a \nuse-after-free vulnerability in its NFC Controller Interface (NCI) \nimplementation. A local attacker could possibly use this to cause a denial \nof service (system crash) or execute arbitrary code. (CVE-2021-3760)\n\nIt was discovered that an integer overflow could be triggered in the eBPF \nimplementation in the Linux kernel when preallocating objects for stack \nmaps. A privileged local attacker could use this to cause a denial of \nservice or possibly execute arbitrary code. (CVE-2021-41864)\n\nIt was discovered that the KVM implementation for POWER8 processors in the \nLinux kernel did not properly keep track if a wakeup event could be \nresolved by a guest. An attacker in a guest VM could possibly use this to \ncause a denial of service (host OS crash). (CVE-2021-43056)\n\nIt was discovered that the ISDN CAPI implementation in the Linux kernel \ncontained a race condition in certain situations that could trigger an \narray out-of-bounds bug. A privileged local attacker could possibly use \nthis to cause a denial of service or execute arbitrary code. \n(CVE-2021-43389)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-06T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-26541", "CVE-2021-20321", "CVE-2021-3760", "CVE-2021-4002", "CVE-2021-41864", "CVE-2021-43056", "CVE-2021-43389"], "modified": "2022-01-06T00:00:00", "id": "USN-5210-1", "href": "https://ubuntu.com/security/notices/USN-5210-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-24T10:38:07", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n\n## Packages\n\n * linux-oem-5.14 \\- Linux kernel for OEM systems\n\nIt was discovered that the NFC subsystem in the Linux kernel contained a \nuse-after-free vulnerability in its NFC Controller Interface (NCI) \nimplementation. A local attacker could possibly use this to cause a denial \nof service (system crash) or execute arbitrary code. (CVE-2021-3760)\n\nIt was discovered that the SCTP protocol implementation in the Linux kernel \ndid not properly verify VTAGs in some situations. A remote attacker could \npossibly use this to cause a denial of service (connection disassociation). \n(CVE-2021-3772)\n\nIt was discovered that the AMD Radeon GPU driver in the Linux kernel did \nnot properly validate writes in the debugfs file system. A privileged \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2021-42327)\n\nLuo Likang discovered that the FireDTV Firewire driver in the Linux kernel \ndid not properly perform bounds checking in some situations. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2021-42739)\n\nIt was discovered that the KVM implementation for POWER8 processors in the \nLinux kernel did not properly keep track if a wakeup event could be \nresolved by a guest. An attacker in a guest VM could possibly use this to \ncause a denial of service (host OS crash). (CVE-2021-43056)\n\nIt was discovered that the TIPC Protocol implementation in the Linux kernel \ndid not properly validate MSG_CRYPTO messages in some situations. An \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2021-43267)\n\nIt was discovered that the ISDN CAPI implementation in the Linux kernel \ncontained a race condition in certain situations that could trigger an \narray out-of-bounds bug. A privileged local attacker could possibly use \nthis to cause a denial of service or execute arbitrary code. \n(CVE-2021-43389)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-30T00:00:00", "type": "ubuntu", "title": "Linux kernel (OEM) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3760", "CVE-2021-3772", "CVE-2021-42327", "CVE-2021-42739", "CVE-2021-43056", "CVE-2021-43267", "CVE-2021-43389"], "modified": "2021-11-30T00:00:00", "id": "USN-5165-1", "href": "https://ubuntu.com/security/notices/USN-5165-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-06T15:32:32", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n * Ubuntu 18.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-gcp \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-gcp-5.4 \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-hwe-5.4 \\- Linux hardware enablement (HWE) kernel\n\nUSN-5210-1 fixed vulnerabilities in the Linux kernel. Unfortunately, \nthat update introduced a regression that caused failures to boot in \nenvironments with AMD Secure Encrypted Virtualization (SEV) enabled. \nThis update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nNadav Amit discovered that the hugetlb implementation in the Linux kernel \ndid not perform TLB flushes under certain conditions. A local attacker \ncould use this to leak or alter data from other processes that use huge \npages. (CVE-2021-4002)\n\nIt was discovered that the Linux kernel did not properly enforce certain \ntypes of entries in the Secure Boot Forbidden Signature Database (aka dbx) \nprotection mechanism. An attacker could use this to bypass UEFI Secure Boot \nrestrictions. (CVE-2020-26541)\n\nIt was discovered that a race condition existed in the overlay file system \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash). (CVE-2021-20321)\n\nIt was discovered that the NFC subsystem in the Linux kernel contained a \nuse-after-free vulnerability in its NFC Controller Interface (NCI) \nimplementation. A local attacker could possibly use this to cause a denial \nof service (system crash) or execute arbitrary code. (CVE-2021-3760)\n\nIt was discovered that an integer overflow could be triggered in the eBPF \nimplementation in the Linux kernel when preallocating objects for stack \nmaps. A privileged local attacker could use this to cause a denial of \nservice or possibly execute arbitrary code. (CVE-2021-41864)\n\nIt was discovered that the KVM implementation for POWER8 processors in the \nLinux kernel did not properly keep track if a wakeup event could be \nresolved by a guest. An attacker in a guest VM could possibly use this to \ncause a denial of service (host OS crash). (CVE-2021-43056)\n\nIt was discovered that the ISDN CAPI implementation in the Linux kernel \ncontained a race condition in certain situations that could trigger an \narray out-of-bounds bug. A privileged local attacker could possibly use \nthis to cause a denial of service or execute arbitrary code. \n(CVE-2021-43389)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-12T00:00:00", "type": "ubuntu", "title": "Linux kernel regression", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-26541", "CVE-2021-20321", "CVE-2021-3760", "CVE-2021-4002", "CVE-2021-41864", "CVE-2021-43056", "CVE-2021-43389"], "modified": "2022-01-12T00:00:00", "id": "USN-5210-2", "href": "https://ubuntu.com/security/notices/USN-5210-2", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T16:39:06", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n\n## Packages\n\n * linux-oem-5.10 \\- Linux kernel for OEM systems\n\nIlja Van Sprundel discovered that the SCTP implementation in the Linux \nkernel did not properly perform size validations on incoming packets in \nsome situations. An attacker could possibly use this to expose sensitive \ninformation (kernel memory). (CVE-2021-3655)\n\nIt was discovered that the AMD Cryptographic Coprocessor (CCP) driver in \nthe Linux kernel did not properly deallocate memory in some error \nconditions. A local attacker could use this to cause a denial of service \n(memory exhaustion). (CVE-2021-3744, CVE-2021-3764)\n\nIt was discovered that the NFC subsystem in the Linux kernel contained a \nuse-after-free vulnerability in its NFC Controller Interface (NCI) \nimplementation. A local attacker could possibly use this to cause a denial \nof service (system crash) or execute arbitrary code. (CVE-2021-3760)\n\nIt was discovered that an integer overflow could be triggered in the eBPF \nimplementation in the Linux kernel when preallocating objects for stack \nmaps. A privileged local attacker could use this to cause a denial of \nservice or possibly execute arbitrary code. (CVE-2021-41864)\n\nIt was discovered that the KVM implementation for POWER8 processors in the \nLinux kernel did not properly keep track if a wakeup event could be \nresolved by a guest. An attacker in a guest VM could possibly use this to \ncause a denial of service (host OS crash). (CVE-2021-43056)\n\nIt was discovered that the ISDN CAPI implementation in the Linux kernel \ncontained a race condition in certain situations that could trigger an \narray out-of-bounds bug. A privileged local attacker could possibly use \nthis to cause a denial of service or execute arbitrary code. \n(CVE-2021-43389)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-11T00:00:00", "type": "ubuntu", "title": "Linux kernel (OEM 5.10) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3655", "CVE-2021-3744", "CVE-2021-3760", "CVE-2021-3764", "CVE-2021-41864", "CVE-2021-43056", "CVE-2021-43389"], "modified": "2021-11-11T00:00:00", "id": "USN-5139-1", "href": "https://ubuntu.com/security/notices/USN-5139-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-27T14:57:26", "description": "## Releases\n\n * Ubuntu 21.10 \n * Ubuntu 21.04 \n * Ubuntu 20.04 LTS\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-aws-5.11 \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-azure \\- Linux kernel for Microsoft Azure Cloud systems\n * linux-azure-5.11 \\- Linux kernel for Microsoft Azure cloud systems\n * linux-gcp \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-gcp-5.11 \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-hwe-5.11 \\- Linux hardware enablement (HWE) kernel\n * linux-kvm \\- Linux kernel for cloud environments\n * linux-oracle \\- Linux kernel for Oracle Cloud systems\n * linux-oracle-5.11 \\- Linux kernel for Oracle Cloud systems\n * linux-raspi \\- Linux kernel for Raspberry Pi systems\n\nNadav Amit discovered that the hugetlb implementation in the Linux kernel \ndid not perform TLB flushes under certain conditions. A local attacker \ncould use this to leak or alter data from other processes that use huge \npages. (CVE-2021-4002)\n\nIt was discovered that a race condition existed in the overlay file system \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash). (CVE-2021-20321)\n\nIt was discovered that the NFC subsystem in the Linux kernel contained a \nuse-after-free vulnerability in its NFC Controller Interface (NCI) \nimplementation. A local attacker could possibly use this to cause a denial \nof service (system crash) or execute arbitrary code. (CVE-2021-3760)\n\nIt was discovered that an integer overflow could be triggered in the eBPF \nimplementation in the Linux kernel when preallocating objects for stack \nmaps. A privileged local attacker could use this to cause a denial of \nservice or possibly execute arbitrary code. (CVE-2021-41864)\n\nIt was discovered that the KVM implementation for POWER8 processors in the \nLinux kernel did not properly keep track if a wakeup event could be \nresolved by a guest. An attacker in a guest VM could possibly use this to \ncause a denial of service (host OS crash). (CVE-2021-43056)\n\nIt was discovered that the TIPC Protocol implementation in the Linux kernel \ndid not properly validate MSG_CRYPTO messages in some situations. An \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2021-43267)\n\nIt was discovered that the ISDN CAPI implementation in the Linux kernel \ncontained a race condition in certain situations that could trigger an \narray out-of-bounds bug. A privileged local attacker could possibly use \nthis to cause a denial of service or execute arbitrary code. \n(CVE-2021-43389)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-06T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20321", "CVE-2021-3760", "CVE-2021-4002", "CVE-2021-41864", "CVE-2021-43056", "CVE-2021-43267", "CVE-2021-43389"], "modified": "2022-01-06T00:00:00", "id": "USN-5208-1", "href": "https://ubuntu.com/security/notices/USN-5208-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-07-27T00:33:40", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n\n## Packages\n\n * linux-oem-5.13 \\- Linux kernel for OEM systems\n\nNadav Amit discovered that the hugetlb implementation in the Linux kernel \ndid not perform TLB flushes under certain conditions. A local attacker \ncould use this to leak or alter data from other processes that use huge \npages. (CVE-2021-4002)\n\nIt was discovered that the eBPF implementation in the Linux kernel did \nnot properly validate the memory size of certain ring buffer operation \narguments. A local attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2021-4204)\n\nIt was discovered that a race condition existed in the overlay file system \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash). (CVE-2021-20321)\n\nIt was discovered that the NFC subsystem in the Linux kernel contained a \nuse-after-free vulnerability in its NFC Controller Interface (NCI) \nimplementation. A local attacker could possibly use this to cause a denial \nof service (system crash) or execute arbitrary code. (CVE-2021-3760)\n\nIt was discovered that an integer overflow could be triggered in the eBPF \nimplementation in the Linux kernel when preallocating objects for stack \nmaps. A privileged local attacker could use this to cause a denial of \nservice or possibly execute arbitrary code. (CVE-2021-41864)\n\nIt was discovered that the KVM implementation for POWER8 processors in the \nLinux kernel did not properly keep track if a wakeup event could be \nresolved by a guest. An attacker in a guest VM could possibly use this to \ncause a denial of service (host OS crash). (CVE-2021-43056)\n\nIt was discovered that the TIPC Protocol implementation in the Linux kernel \ndid not properly validate MSG_CRYPTO messages in some situations. An \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2021-43267)\n\nIt was discovered that the ISDN CAPI implementation in the Linux kernel \ncontained a race condition in certain situations that could trigger an \narray out-of-bounds bug. A privileged local attacker could possibly use \nthis to cause a denial of service or execute arbitrary code. \n(CVE-2021-43389)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-11T00:00:00", "type": "ubuntu", "title": "Linux kernel (OEM) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20321", "CVE-2021-3760", "CVE-2021-4002", "CVE-2021-41864", "CVE-2021-4204", "CVE-2021-43056", "CVE-2021-43267", "CVE-2021-43389"], "modified": "2022-01-11T00:00:00", "id": "USN-5218-1", "href": "https://ubuntu.com/security/notices/USN-5218-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2023-06-06T15:21:07", "description": "## Severity\n\nUnknown\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 18.04\n\n## Description\n\nUSN-5210-1 fixed vulnerabilities in the Linux kernel. Unfortunately, that update introduced a regression that caused failures to boot in environments with AMD Secure Encrypted Virtualization (SEV) enabled. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Nadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. (CVE-2021-4002) It was discovered that the Linux kernel did not properly enforce certain types of entries in the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. An attacker could use this to bypass UEFI Secure Boot restrictions. (CVE-2020-26541) It was discovered that a race condition existed in the overlay file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-20321) It was discovered that the NFC subsystem in the Linux kernel contained a use-after-free vulnerability in its NFC Controller Interface (NCI) implementation. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-3760) It was discovered that an integer overflow could be triggered in the eBPF implementation in the Linux kernel when preallocating objects for stack maps. A privileged local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-41864) It was discovered that the KVM implementation for POWER8 processors in the Linux kernel did not properly keep track if a wakeup event could be resolved by a guest. An attacker in a guest VM could possibly use this to cause a denial of service (host OS crash). (CVE-2021-43056) It was discovered that the ISDN CAPI implementation in the Linux kernel contained a race condition in certain situations that could trigger an array out-of-bounds bug. A privileged local attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2021-43389)\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is unknown unless otherwise noted._\n\n * Bionic Stemcells \n * 1.x versions\n * All other stemcells not listed.\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * Bionic Stemcells \n * There are no fixed versions of this product\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells>).\n\n## References\n\n * [USN Notice](<https://ubuntu.com/security/notices/USN-5210-2>)\n\n## History\n\n2022-01-20: Initial vulnerability report published.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-20T00:00:00", "type": "cloudfoundry", "title": "USN-5210-2: Linux kernel regression | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-26541", "CVE-2021-20321", "CVE-2021-3760", "CVE-2021-4002", "CVE-2021-41864", "CVE-2021-43056", "CVE-2021-43389"], "modified": "2022-01-20T00:00:00", "id": "CFOUNDRY:53F8A02950D1071788BF2E23EFF823EF", "href": "https://www.cloudfoundry.org/blog/usn-5210-2-linux-kernel-regression/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-06T15:21:08", "description": "## Severity\n\nHigh\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 18.04\n\n## Description\n\nNadav Amit discovered that the hugetlb implementation in the Linux kernel did not perform TLB flushes under certain conditions. A local attacker could use this to leak or alter data from other processes that use huge pages. (CVE-2021-4002) It was discovered that the Linux kernel did not properly enforce certain types of entries in the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. An attacker could use this to bypass UEFI Secure Boot restrictions. (CVE-2020-26541) It was discovered that a race condition existed in the overlay file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2021-20321) It was discovered that the NFC subsystem in the Linux kernel contained a use-after-free vulnerability in its NFC Controller Interface (NCI) implementation. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2021-3760) It was discovered that an integer overflow could be triggered in the eBPF implementation in the Linux kernel when preallocating objects for stack maps. A privileged local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2021-41864) It was discovered that the KVM implementation for POWER8 processors in the Linux kernel did not properly keep track if a wakeup event could be resolved by a guest. An attacker in a guest VM could possibly use this to cause a denial of service (host OS crash). (CVE-2021-43056) It was discovered that the ISDN CAPI implementation in the Linux kernel contained a race condition in certain situations that could trigger an array out-of-bounds bug. A privileged local attacker could possibly use this to cause a denial of service or execute arbitrary code. (CVE-2021-43389)\n\nCVEs contained in this USN include: CVE-2020-26541, CVE-2021-3760, CVE-2021-43056, CVE-2021-43389, CVE-2021-4002, CVE-2021-20321, CVE-2021-41864.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is high unless otherwise noted._\n\n * Bionic Stemcells \n * 1.x versions prior to 1.54\n * All other stemcells not listed.\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * Bionic Stemcells \n * Upgrade 1.x versions to 1.54 or greater\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells>).\n\n## References\n\n * [USN Notice](<https://ubuntu.com/security/notices/USN-5210-1>)\n * [CVE-2020-26541](<https://people.canonical.com/~ubuntu-security/cve/CVE-2020-26541>)\n * [CVE-2021-3760](<https://ubuntu.com/security/CVE-2021-3760>)\n * [CVE-2021-43056](<https://ubuntu.com/security/CVE-2021-43056>)\n * [CVE-2021-43389](<https://ubuntu.com/security/CVE-2021-43389>)\n * [CVE-2021-4002](<https://ubuntu.com/security/CVE-2021-4002>)\n * [CVE-2021-20321](<https://ubuntu.com/security/CVE-2021-20321>)\n * [CVE-2021-41864](<https://ubuntu.com/security/CVE-2021-41864>)\n\n## History\n\n2022-01-20: Initial vulnerability report published.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-20T00:00:00", "type": "cloudfoundry", "title": "USN-5210-1: Linux kernel vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-26541", "CVE-2021-20321", "CVE-2021-3760", "CVE-2021-4002", "CVE-2021-41864", "CVE-2021-43056", "CVE-2021-43389"], "modified": "2022-01-20T00:00:00", "id": "CFOUNDRY:C7BE92CF45CB8F4FCBCEA8F043427BCF", "href": "https://www.cloudfoundry.org/blog/usn-5210-1-linux-kernel-vulnerabilities/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2022-11-06T19:34:23", "description": "An update that solves 13 vulnerabilities and has 43 fixes\n is now available.\n\nDescription:\n\n The SUSE Linux Enterprise 15 SP3 Azure kernel was updated to receive\n various security and bugfixes.\n\n\n The following security bugs were fixed:\n\n - CVE-2021-3772: Fixed sctp vtag check in sctp_sf_ootb (bsc#1190351).\n - CVE-2021-3655: Fixed a missing size validations on inbound SCTP packets,\n which may have allowed the kernel to read uninitialized memory\n (bsc#1188563).\n - CVE-2021-43056: Fixed possible KVM host crash via malicious KVM guest on\n Power8 (bnc#1192107).\n - CVE-2021-3896: Fixed a array-index-out-bounds in detach_capi_ctr in\n drivers/isdn/capi/kcapi.c (bsc#1191958).\n - CVE-2021-3760: Fixed a use-after-free vulnerability with the\n ndev->rf_conn_info object (bsc#1190067).\n - CVE-2021-42739: The firewire subsystem had a buffer overflow related to\n drivers/media/firewire/firedtv-avc.c and\n drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandled\n bounds checking (bsc#1184673).\n - CVE-2021-3542: Fixed heap buffer overflow in firedtv driver\n (bsc#1186063).\n - CVE-2021-33033: Fixed a use-after-free in cipso_v4_genopt in\n net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the\n DOI definitions is mishandled (bsc#1186109).\n - CVE-2021-3715: Fixed a use-after-free in route4_change() in\n net/sched/cls_route.c (bsc#1190349).\n - CVE-2021-34866: Fixed eBPF Type Confusion Privilege Escalation\n Vulnerability (bsc#1191645).\n - CVE-2021-42252: Fixed an issue inside aspeed_lpc_ctrl_mmap that could\n have allowed local attackers to access the Aspeed LPC control interface\n to overwrite memory in the kernel and potentially execute privileges\n (bnc#1190479).\n - CVE-2021-41864: Fixed prealloc_elems_and_freelist that allowed\n unprivileged users to trigger an eBPF multiplication integer overflow\n with a resultant out-of-bounds write (bnc#1191317).\n - CVE-2021-42008: Fixed a slab out-of-bounds write in the decode_data\n function in drivers/net/hamradio/6pack.c. Input from a process that had\n the CAP_NET_ADMIN capability could have lead to root access\n (bsc#1191315).\n\n The following non-security bugs were fixed:\n\n - ACPI: NFIT: Use fallback node id when numa info in NFIT table is\n incorrect (git-fixes).\n - ACPI: bgrt: Fix CFI violation (git-fixes).\n - ACPI: fix NULL pointer dereference (git-fixes).\n - ACPI: fix NULL pointer dereference (git-fixes).\n - ALSA: hda - Enable headphone mic on Dell Latitude laptops with ALC3254\n (git-fixes).\n - ALSA: hda/realtek - ALC236 headset MIC recording issue (git-fixes).\n - ALSA: hda/realtek: Add quirk for Clevo PC50HS (git-fixes).\n - ALSA: hda/realtek: Add quirk for Clevo X170KM-G (git-fixes).\n - ALSA: hda/realtek: Add quirk for TongFang PHxTxX1 (git-fixes).\n - ALSA: hda/realtek: Complete partial device name to avoid ambiguity\n (git-fixes).\n - ALSA: hda/realtek: Enable 4-speaker output for Dell Precision 5560\n laptop (git-fixes).\n - ALSA: hda/realtek: Fix for quirk to enable speaker output on the Lenovo\n 13s Gen2 (git-fixes).\n - ALSA: hda/realtek: Fix the mic type detection issue for ASUS G551JW\n (git-fixes).\n - ALSA: hda/realtek: Quirks to enable speaker output for Lenovo Legion 7i\n 15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops (git-fixes).\n - ALSA: hda: avoid write to STATESTS if controller is in reset (git-fixes).\n - ALSA: hda: intel: Allow repeatedly probing on codec configuration errors\n (bsc#1190801).\n - ALSA: pcm: Workaround for a wrong offset in SYNC_PTR compat ioctl\n (git-fixes).\n - ALSA: seq: Fix a potential UAF by wrong private_free call order\n (git-fixes).\n - ALSA: usb-audio: Add quirk for VF0770 (git-fixes).\n - ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset (git-fixes).\n - ASoC: DAPM: Fix missing kctl change notifications (git-fixes).\n - ASoC: Intel: Skylake: Fix module configuration for KPB and MIXER\n (git-fixes).\n - ASoC: Intel: Skylake: Fix passing loadable flag for module (git-fixes).\n - ASoC: Intel: bytcr_rt5640: Move \"Platform Clock\" routes to the maps for\n the matching in-/output (git-fixes).\n - ASoC: Intel: sof_sdw: tag SoundWire BEs as non-atomic (git-fixes).\n - ASoC: SOF: imx: imx8: Bar index is only valid for IRAM and SRAM types\n (git-fixes).\n - ASoC: SOF: imx: imx8m: Bar index is only valid for IRAM and SRAM types\n (git-fixes).\n - ASoC: SOF: loader: release_firmware() on load failure to avoid batching\n (git-fixes).\n - ASoC: atmel: ATMEL drivers do not need HAS_DMA (git-fixes).\n - ASoC: dapm: use component prefix when checking widget names (git-fixes).\n - ASoC: fsl_spdif: register platform component before registering cpu dai\n (git-fixes).\n - ASoC: wm8960: Fix clock configuration on slave mode (git-fixes).\n - Add obsolete_rebuilds_subpackage (boo#1172073 bsc#1191731).\n - Configure mpi3mr as currently unsupported (jsc#SLE-18120)\n - HID: apple: Fix logical maximum and usage maximum of Magic Keyboard JIS\n (git-fixes).\n - HID: betop: fix slab-out-of-bounds Write in betop_probe (git-fixes).\n - HID: u2fzero: ignore incomplete packets without data (git-fixes).\n - HID: usbhid: free raw_report buffers in usbhid_stop (git-fixes).\n - HID: wacom: Add new Intuos BT (CTL-4100WL/CTL-6100WL) device IDs\n (git-fixes).\n - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241).\n - ICMPv6: Add ICMPv6 Parameter Problem, code 3 definition (bsc#1191241).\n - IPv6: reply ICMP error if the first fragment do not include all headers\n (bsc#1191241).\n - IPv6: reply ICMP error if the first fragment do not include all headers\n (bsc#1191241).\n - Input: snvs_pwrkey - add clk handling (git-fixes).\n - Input: xpad - add support for another USB ID of Nacon GC-100 (git-fixes).\n - KVM: PPC: Book3S HV Nested: Reflect guest PMU in-use to L0 when guest\n SPRs are live (bsc#1156395).\n - KVM: PPC: Book3S HV Nested: Sanitise H_ENTER_NESTED TM state\n (bsc#1156395).\n - KVM: PPC: Book3S HV: Fix copy_tofrom_guest routines (jsc#SLE-12936\n git-fixes).\n - KVM: PPC: Book3S HV: Save host FSCR in the P7/8 path (bsc#1065729).\n - KVM: PPC: Book3S HV: Tolerate treclaim. in fake-suspend mode changing\n registers (bsc#1156395).\n - KVM: PPC: Fix clearing never mapped TCEs in realmode (bsc#1156395).\n - KVM: PPC: Fix kvm_arch_vcpu_ioctl vcpu_load leak (bsc#1156395).\n - NFC: digital:

CVE-2021-43056

Description

Affected Software

Related