DATABASE RESOURCES PRICING ABOUT US

{"id": "CVE-2022-0322", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2022-0322", "description": "A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS).", "published": "2022-03-25T19:15:00", "modified": "2023-02-02T17:17:00", "epss": [{"cve": "CVE-2022-0322", "epss": 0.00043, "percentile": 0.07812, "modified": "2023-06-19"}], "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1}, "severity": "LOW", "exploitabilityScore": 3.9, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0322", "reporter": "secalert@redhat.com", "references": ["https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2d859e3fc97e79d907761550dbc03ff1b36479c", "https://bugzilla.redhat.com/show_bug.cgi?id=2042822", "https://www.oracle.com/security-alerts/cpujul2022.html"], "cvelist": ["CVE-2022-0322"], "immutableFields": [], "lastseen": "2023-06-19T14:29:18", "viewCount": 225, "enchantments": {"backreferences": {"references": [{"type": "debian", "idList": ["DEBIAN:DSA-5096-1:B47F5"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-0322"]}, {"type": "nessus", "idList": ["OPENSUSE-2022-0169-1.NASL", "OPENSUSE-2022-0198-1.NASL", "OPENSUSE-2022-0366-1.NASL", "SUSE_SU-2022-0169-1.NASL", "SUSE_SU-2022-0197-1.NASL", "SUSE_SU-2022-0198-1.NASL", "SUSE_SU-2022-0364-1.NASL", "SUSE_SU-2022-0366-1.NASL", "SUSE_SU-2022-0367-1.NASL"]}, {"type": "redhatcve", "idList": ["RH:CVE-2022-0322"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:0169-1", "OPENSUSE-SU-2022:0198-1", "OPENSUSE-SU-2022:0366-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2022-0322"]}]}, "score": {"value": 3.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2022:1988"]}, {"type": "cnvd", "idList": ["CNVD-2022-68576"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2941-1:96084", "DEBIAN:DSA-5096-1:B47F5"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-0322"]}, {"type": "nessus", "idList": ["ALMA_LINUX_ALSA-2022-1988.NASL", "DEBIAN_DSA-5096.NASL", "EULEROS_SA-2022-1429.NASL", "EULEROS_SA-2022-1450.NASL", "EULEROS_SA-2022-1489.NASL", "EULEROS_SA-2022-1508.NASL", "EULEROS_SA-2022-1607.NASL", "EULEROS_SA-2022-1630.NASL", "EULEROS_SA-2022-2026.NASL", "EULEROS_SA-2022-2054.NASL", "EULEROS_SA-2023-1695.NASL", "OPENSUSE-2022-0169-1.NASL", "OPENSUSE-2022-0198-1.NASL", "OPENSUSE-2022-0366-1.NASL", "ORACLELINUX_ELSA-2022-1988.NASL", "REDHAT-RHSA-2022-1975.NASL", "REDHAT-RHSA-2022-1988.NASL", "SUSE_SU-2022-0169-1.NASL", "SUSE_SU-2022-0197-1.NASL", "SUSE_SU-2022-0198-1.NASL", "SUSE_SU-2022-0288-1.NASL", "SUSE_SU-2022-0289-1.NASL", "SUSE_SU-2022-0364-1.NASL", "SUSE_SU-2022-0366-1.NASL", "SUSE_SU-2022-0367-1.NASL", "SUSE_SU-2022-0371-1.NASL", "SUSE_SU-2022-0372-1.NASL", "SUSE_SU-2022-0555-1.NASL"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2022"]}, {"type": "oraclelinux", "idList": ["ELSA-2022-1988"]}, {"type": "osv", "idList": ["OSV:DLA-2941-1", "OSV:DSA-5096-1"]}, {"type": "photon", "idList": ["PHSA-2021-3.0-0325"]}, {"type": "redhat", "idList": ["RHSA-2022:1975", "RHSA-2022:1988", "RHSA-2022:4814", "RHSA-2022:4956", "RHSA-2022:5201", "RHSA-2022:5392", "RHSA-2022:5483"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-3894", "RH:CVE-2022-0322"]}, {"type": "rocky", "idList": ["RLSA-2022:1975", "RLSA-2022:1988"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:0169-1", "OPENSUSE-SU-2022:0198-1", "OPENSUSE-SU-2022:0366-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-3894", "UB:CVE-2022-0322"]}, {"type": "veracode", "idList": ["VERACODE:34091"]}]}, "twitter": {"counter": 2, "tweets": [{"link": "https://twitter.com/threatintelctr/status/1539642689700110336", "text": " NEW: CVE-2022-0322 A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an atte... (click for more) Severity: MEDIUM https://t.co/acqDQPKel6", "author": "threatintelctr", "author_photo": "https://pbs.twimg.com/profile_images/904224973987840000/dMy1x9Ho_400x400.jpg"}]}, "affected_software": {"major_version": [{"name": "linux linux kernel", "version": 5}, {"name": "fedoraproject fedora", "version": 35}, {"name": "oracle communications cloud native core binding support function", "version": 22}, {"name": "oracle communications cloud native core policy", "version": 22}, {"name": "oracle communications cloud native core network exposure function", "version": 22}]}, "epss": [{"cve": "CVE-2022-0322", "epss": 0.00043, "percentile": 0.07823, "modified": "2023-05-02"}], "vulnersScore": 3.5}, "_state": {"dependencies": 1687190819, "score": 1687185962, "twitter": 0, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "6de99f85fab2baaa3e31baca64810ea9"}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/o:linux:linux_kernel:5.15", "cpe:/a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1", "cpe:/a:oracle:communications_cloud_native_core_binding_support_function:22.1.3", "cpe:/o:fedoraproject:fedora:35", "cpe:/a:oracle:communications_cloud_native_core_policy:22.2.0"], "cpe23": ["cpe:2.3:o:linux:linux_kernel:5.15:-:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:5.15:rc4:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:5.15:rc3:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:5.15:rc5:*:*:*:*:*:*"], "cwe": ["CWE-704"], "affectedSoftware": [{"cpeName": "linux:linux_kernel", "version": "5.15", "operator": "eq", "name": "linux linux kernel"}, {"cpeName": "fedoraproject:fedora", "version": "35", "operator": "eq", "name": "fedoraproject fedora"}, {"cpeName": "oracle:communications_cloud_native_core_binding_support_function", "version": "22.1.3", "operator": "eq", "name": "oracle communications cloud native core binding support function"}, {"cpeName": "oracle:communications_cloud_native_core_policy", "version": "22.2.0", "operator": "eq", "name": "oracle communications cloud native core policy"}, {"cpeName": "oracle:communications_cloud_native_core_network_exposure_function", "version": "22.1.1", "operator": "eq", "name": "oracle communications cloud native core network exposure function"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.15:rc2:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.15:rc3:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.15:rc5:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.15:-:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.15:rc1:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.15:rc4:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:5.15:*:*:*:*:*:*:*", "versionEndExcluding": "5.15", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.2.0:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.1:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2d859e3fc97e79d907761550dbc03ff1b36479c", "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a2d859e3fc97e79d907761550dbc03ff1b36479c", "refsource": "MISC", "tags": ["Patch", "Vendor Advisory"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2042822", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=2042822", "refsource": "MISC", "tags": ["Issue Tracking", "Third Party Advisory"]}, {"url": "https://www.oracle.com/security-alerts/cpujul2022.html", "name": "N/A", "refsource": "N/A", "tags": ["Patch", "Third Party Advisory"]}], "product_info": [{"vendor": "Linux", "product": "Linux_kernel"}, {"vendor": "Fedoraproject", "product": "Fedora"}, {"vendor": "Oracle", "product": "Communications_cloud_native_core_binding_support_function"}, {"vendor": "Oracle", "product": "Communications_cloud_native_core_policy"}, {"vendor": "Oracle", "product": "Communications_cloud_native_core_network_exposure_function"}], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [{"descriptions": [{"cweId": "CWE-681", "description": "CWE-681", "lang": "en", "type": "CWE"}]}], "exploits": [], "assigned": "1976-01-01T00:00:00"}

{"ubuntucve": [{"lastseen": "2023-09-13T14:20:05", "description": "A flaw was found in the sctp_make_strreset_req function in\nnet/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel\nwith a local user privilege access. In this flaw, an attempt to use more\nbuffer than is allocated triggers a BUG_ON issue, leading to a denial of\nservice (DOS).\n\n#### Bugs\n\n * <https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1954832>\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-03-25T00:00:00", "type": "ubuntucve", "title": "CVE-2022-0322", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0322"], "modified": "2022-03-25T00:00:00", "id": "UB:CVE-2022-0322", "href": "https://ubuntu.com/security/CVE-2022-0322", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-08-04T13:13:36", "description": "[sctp: local DoS: unprivileged user can cause BUG()]\n\n#### Bugs\n\n * <https://bugzilla.redhat.com/show_bug.cgi?id=2014970>\n\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sbeattie](<https://launchpad.net/~sbeattie>) | possibly fixed by a2d859e3fc97e79d907761550dbc03ff1b36479c upstream per Red Hat, this is a duplicate of CVE-2022-0322\n", "cvss3": {}, "published": "2021-12-31T00:00:00", "type": "ubuntucve", "title": "CVE-2021-3894", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-3894", "CVE-2022-0322"], "modified": "2021-12-31T00:00:00", "id": "UB:CVE-2021-3894", "href": "https://ubuntu.com/security/CVE-2021-3894", "cvss": {"score": 0.0, "vector": "NONE"}}], "broadcom": [{"lastseen": "2023-09-25T22:08:23", "description": "A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS).", "cvss3": {}, "published": "2023-08-01T00:00:00", "type": "broadcom", "title": "A flaw was found in the sctp_make_strreset_req function in net sctp sm_make_chunk.c", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-0322"], "modified": "2023-09-25T20:09:14", "id": "BSNSA22356", "href": "https://support.broadcom.com/external/content/SecurityAdvisories/0/22356", "cvss": {"score": "5.5", "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}}], "redhatcve": [{"lastseen": "2023-06-19T15:15:49", "description": "A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS).\n#### Mitigation\n\nMitigation for this issue is to skip loading the affected module SCTP onto the system. Until we have a fix available, this can be done by a blacklist mechanism and will ensure the driver is not loaded at the boot time. \n\n \n \n How do I blacklist a kernel module to prevent it from loading automatically? \n https://access.redhat.com/solutions/41278 \n \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-01-20T18:11:48", "type": "redhatcve", "title": "CVE-2022-0322", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0322"], "modified": "2023-04-06T09:38:35", "id": "RH:CVE-2022-0322", "href": "https://access.redhat.com/security/cve/cve-2022-0322", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-06-19T15:13:44", "description": "A vulnerability was found in the Linux kernel. This flaw allows an unprivileged local user to panic the system, resulting in a denial of service by calling setsockopt(2) with specially crafted arguments. The highest threat from this vulnerability is to system availability.\n#### Mitigation\n\nAs the SCTP module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions: \n\n\n# echo &quot;install sctp /bin/true&quot; &gt;&gt; /etc/modprobe.d/disable-sctp.conf \n\n\nThe system will need to be restarted if the SCTP modules are loaded. In most circumstances, the CIFS kernel modules will be unable to be unloaded while any network interfaces are active and the protocol is in use. \n\n\nIf the system requires this module to work correctly, this mitigation may not be suitable. \n\n\nIf you need further assistance, see the KCS article <https://access.redhat.com/solutions/41278> or contact Red Hat Global Support Services. \n\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-02-03T06:15:14", "type": "redhatcve", "title": "CVE-2021-3894", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3894", "CVE-2022-0322"], "modified": "2023-04-06T09:05:31", "id": "RH:CVE-2021-3894", "href": "https://access.redhat.com/security/cve/cve-2021-3894", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "prion": [{"lastseen": "2023-08-15T15:14:20", "description": "A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS).", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-03-25T19:15:00", "type": "prion", "title": "CVE-2022-0322", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0322"], "modified": "2023-02-02T17:17:00", "id": "PRION:CVE-2022-0322", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-0322", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2023-06-19T15:22:42", "description": "A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS).", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-03-25T19:15:00", "type": "debiancve", "title": "CVE-2022-0322", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0322"], "modified": "2022-03-25T19:15:00", "id": "DEBIANCVE:CVE-2022-0322", "href": "https://security-tracker.debian.org/tracker/CVE-2022-0322", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "cnvd": [{"lastseen": "2022-10-13T11:27:12", "description": "Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel is vulnerable to a denial-of-service vulnerability caused by a flaw in the sctp_make_strreset_req function in net/sctp/sm_make_chunk. A locally authenticated attacker can exploit this flaw to cause a denial of service condition.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-01-27T00:00:00", "type": "cnvd", "title": "Linux kernel denial-of-service vulnerability (CNVD-2022-68576)", "bulletinFamily": "cnvd", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0322"], "modified": "2022-10-13T00:00:00", "id": "CNVD-2022-68576", "href": "https://www.cnvd.org.cn/flaw/show/CNVD-2022-68576", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "veracode": [{"lastseen": "2023-04-18T06:33:05", "description": "linux is vulnerable to denial of service.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-02-08T18:17:14", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0322"], "modified": "2023-02-02T19:32:33", "id": "VERACODE:34091", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-34091/summary", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2023-07-14T14:51:49", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0288-1 advisory.\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4135)\n\n - A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem. (CVE-2021-4149)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)\n\n - A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem. (CVE-2021-4202)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. (CVE-2021-44733)\n\n - nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to cause a denial of service (NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own namespace. (CVE-2021-46283)\n\n - A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system. (CVE-2022-0185)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-03T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2022:0288-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-4083", "CVE-2021-4135", "CVE-2021-4149", "CVE-2021-4197", "CVE-2021-4202", "CVE-2021-44733", "CVE-2021-46283", "CVE-2022-0185", "CVE-2022-0322"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:kernel-devel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel", "p-cpe:/a:novell:suse_linux:kernel-source-rt", "p-cpe:/a:novell:suse_linux:kernel-syms-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-0288-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157340", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0288-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157340);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2021-4083\",\n \"CVE-2021-4135\",\n \"CVE-2021-4149\",\n \"CVE-2021-4197\",\n \"CVE-2021-4202\",\n \"CVE-2021-44733\",\n \"CVE-2021-46283\",\n \"CVE-2022-0185\",\n \"CVE-2022-0322\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0288-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2022:0288-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:0288-1 advisory.\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket\n file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race\n condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device\n driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A\n local user could use this flaw to get unauthorized access to some data. (CVE-2021-4135)\n\n - A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an\n improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of\n service (DOS) due to a deadlock problem. (CVE-2021-4149)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces\n subsystem was found in the way users have access to some less privileged process that are controlled by\n cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of\n control groups. A local user could use this flaw to crash the system or escalate their privileges on the\n system. (CVE-2021-4197)\n\n - A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in\n the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem\n while the device is getting removed, leading to a privilege escalation problem. (CVE-2021-4202)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory\n object. (CVE-2021-44733)\n\n - nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to\n cause a denial of service (NULL pointer dereference and general protection fault) because of the missing\n initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own\n namespace. (CVE-2021-46283)\n\n - A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem\n Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in\n case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local\n user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to\n legacy handling) could use this flaw to escalate their privileges on the system. (CVE-2022-0185)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network\n protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more\n buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1071995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1154492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1167773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177437\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190256\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191271\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192931\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193255\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193328\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193927\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194493\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194517\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194580\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194587\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194592\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194953\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195062\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4083\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4135\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4202\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44733\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-46283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0185\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0322\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-February/010175.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?aec816cf\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0185\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-rt-5.3.18-150300.71.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.3']},\n {'reference':'dlm-kmp-rt-5.3.18-150300.71.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.3']},\n {'reference':'gfs2-kmp-rt-5.3.18-150300.71.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.3']},\n {'reference':'kernel-devel-rt-5.3.18-150300.71.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.3']},\n {'reference':'kernel-rt-5.3.18-150300.71.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.3']},\n {'reference':'kernel-rt-devel-5.3.18-150300.71.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.3']},\n {'reference':'kernel-rt_debug-devel-5.3.18-150300.71.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.3']},\n {'reference':'kernel-source-rt-5.3.18-150300.71.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.3']},\n {'reference':'kernel-syms-rt-5.3.18-150300.71.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.3']},\n {'reference':'ocfs2-kmp-rt-5.3.18-150300.71.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-rt / dlm-kmp-rt / gfs2-kmp-rt / kernel-devel-rt / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-13T14:34:33", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0289-1 advisory.\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4135)\n\n - A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem. (CVE-2021-4149)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)\n\n - A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem. (CVE-2021-4202)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. (CVE-2021-44733)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. (CVE-2021-45486)\n\n - A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system. (CVE-2022-0185)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-03T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2022:0289-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-4083", "CVE-2021-4135", "CVE-2021-4149", "CVE-2021-4197", "CVE-2021-4202", "CVE-2021-44733", "CVE-2021-45485", "CVE-2021-45486", "CVE-2022-0185", "CVE-2022-0322"], "modified": "2023-07-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:kernel-devel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel", "p-cpe:/a:novell:suse_linux:kernel-source-rt", "p-cpe:/a:novell:suse_linux:kernel-syms-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-0289-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157342", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0289-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157342);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/12\");\n\n script_cve_id(\n \"CVE-2021-4083\",\n \"CVE-2021-4135\",\n \"CVE-2021-4149\",\n \"CVE-2021-4197\",\n \"CVE-2021-4202\",\n \"CVE-2021-44733\",\n \"CVE-2021-45485\",\n \"CVE-2021-45486\",\n \"CVE-2022-0185\",\n \"CVE-2022-0322\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0289-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2022:0289-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:0289-1 advisory.\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket\n file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race\n condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device\n driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A\n local user could use this flaw to get unauthorized access to some data. (CVE-2021-4135)\n\n - A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an\n improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of\n service (DOS) due to a deadlock problem. (CVE-2021-4149)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces\n subsystem was found in the way users have access to some less privileged process that are controlled by\n cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of\n control groups. A local user could use this flaw to crash the system or escalate their privileges on the\n system. (CVE-2021-4197)\n\n - A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in\n the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem\n while the device is getting removed, leading to a privilege escalation problem. (CVE-2021-4202)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory\n object. (CVE-2021-44733)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information\n leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based\n attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak\n because the hash table is very small. (CVE-2021-45486)\n\n - A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem\n Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in\n case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local\n user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to\n legacy handling) could use this flaw to escalate their privileges on the system. (CVE-2022-0185)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network\n protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more\n buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1071995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184209\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191271\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193255\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193927\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194087\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194517\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.suse.com/pipermail/sle-updates/2022-February/021587.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4083\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4135\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4202\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44733\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-45485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-45486\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0185\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0322\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0185\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-rt-5.3.18-68.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.2']},\n {'reference':'dlm-kmp-rt-5.3.18-68.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.2']},\n {'reference':'gfs2-kmp-rt-5.3.18-68.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.2']},\n {'reference':'kernel-devel-rt-5.3.18-68.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.2']},\n {'reference':'kernel-rt-5.3.18-68.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.2']},\n {'reference':'kernel-rt-devel-5.3.18-68.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.2']},\n {'reference':'kernel-rt_debug-5.3.18-68.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.2']},\n {'reference':'kernel-rt_debug-devel-5.3.18-68.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.2']},\n {'reference':'kernel-source-rt-5.3.18-68.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.2']},\n {'reference':'kernel-syms-rt-5.3.18-68.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.2']},\n {'reference':'ocfs2-kmp-rt-5.3.18-68.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-rt-release-15.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-rt / dlm-kmp-rt / gfs2-kmp-rt / kernel-devel-rt / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-16T14:37:38", "description": "The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0198-1 advisory.\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4135)\n\n - A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem. (CVE-2021-4149)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)\n\n - A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem. (CVE-2021-4202)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. (CVE-2021-45486)\n\n - nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to cause a denial of service (NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own namespace. (CVE-2021-46283)\n\n - A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system. (CVE-2022-0185)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-27T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2022:0198-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-4083", "CVE-2021-4135", "CVE-2021-4149", "CVE-2021-4197", "CVE-2021-4202", "CVE-2021-45485", "CVE-2021-45486", "CVE-2021-46283", "CVE-2022-0185", "CVE-2022-0322"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-64kb", "p-cpe:/a:novell:suse_linux:kernel-64kb-devel", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_43-default", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-preempt", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel", "p-cpe:/a:novell:suse_linux:kernel-preempt-extra", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-0198-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157146", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0198-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157146);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2021-4083\",\n \"CVE-2021-4135\",\n \"CVE-2021-4149\",\n \"CVE-2021-4197\",\n \"CVE-2021-4202\",\n \"CVE-2021-45485\",\n \"CVE-2021-45486\",\n \"CVE-2021-46283\",\n \"CVE-2022-0185\",\n \"CVE-2022-0322\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0198-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2022:0198-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:0198-1 advisory.\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket\n file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race\n condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device\n driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A\n local user could use this flaw to get unauthorized access to some data. (CVE-2021-4135)\n\n - A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an\n improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of\n service (DOS) due to a deadlock problem. (CVE-2021-4149)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces\n subsystem was found in the way users have access to some less privileged process that are controlled by\n cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of\n control groups. A local user could use this flaw to crash the system or escalate their privileges on the\n system. (CVE-2021-4197)\n\n - A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in\n the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem\n while the device is getting removed, leading to a privilege escalation problem. (CVE-2021-4202)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information\n leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based\n attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak\n because the hash table is very small. (CVE-2021-45486)\n\n - nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to\n cause a denial of service (NULL pointer dereference and general protection fault) because of the missing\n initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own\n namespace. (CVE-2021-46283)\n\n - A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem\n Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in\n case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local\n user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to\n legacy handling) could use this flaw to escalate their privileges on the system. (CVE-2022-0185)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network\n protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more\n buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1071995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1154492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1167773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177437\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190256\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191271\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191929\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192931\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193255\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193328\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193927\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194087\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194266\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194493\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194517\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194580\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194587\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194592\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194953\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4083\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4135\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4202\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-45485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-45486\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-46283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0185\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0322\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-January/010079.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3b70c378\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0185\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-64kb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-64kb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150300_59_43-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-default-5.3.18-150300.59.43.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.3']},\n {'reference':'dlm-kmp-default-5.3.18-150300.59.43.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.3']},\n {'reference':'gfs2-kmp-default-5.3.18-150300.59.43.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.3']},\n {'reference':'ocfs2-kmp-default-5.3.18-150300.59.43.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.3']},\n {'reference':'kernel-64kb-5.3.18-150300.59.43.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-64kb-5.3.18-150300.59.43.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-64kb-devel-5.3.18-150300.59.43.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-64kb-devel-5.3.18-150300.59.43.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-default-5.3.18-150300.59.43.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-default-5.3.18-150300.59.43.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-default-base-5.3.18-150300.59.43.1.150300.18.27.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-default-base-5.3.18-150300.59.43.1.150300.18.27.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-default-devel-5.3.18-150300.59.43.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-default-devel-5.3.18-150300.59.43.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-devel-5.3.18-150300.59.43.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-devel-5.3.18-150300.59.43.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-macros-5.3.18-150300.59.43.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-macros-5.3.18-150300.59.43.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.43.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.43.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.43.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-preempt-5.3.18-150300.59.43.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-zfcpdump-5.3.18-150300.59.43.1', 'sp':'3', 'cpu':'s390x', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-zfcpdump-5.3.18-150300.59.43.1', 'sp':'3', 'cpu':'s390x', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'kernel-obs-build-5.3.18-150300.59.43.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'kernel-obs-build-5.3.18-150300.59.43.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.43.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.43.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.43.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.43.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'kernel-source-5.3.18-150300.59.43.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'kernel-source-5.3.18-150300.59.43.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'kernel-syms-5.3.18-150300.59.43.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'kernel-syms-5.3.18-150300.59.43.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-development-tools-release-15.3']},\n {'reference':'reiserfs-kmp-default-5.3.18-150300.59.43.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-legacy-release-15.3']},\n {'reference':'kernel-default-livepatch-5.3.18-150300.59.43.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']},\n {'reference':'kernel-default-livepatch-devel-5.3.18-150300.59.43.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']},\n {'reference':'kernel-livepatch-5_3_18-150300_59_43-default-1-150300.7.3.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.3']},\n {'reference':'kernel-default-extra-5.3.18-150300.59.43.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.3']},\n {'reference':'kernel-default-extra-5.3.18-150300.59.43.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.3']},\n {'reference':'kernel-preempt-extra-5.3.18-150300.59.43.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.3']},\n {'reference':'kernel-preempt-extra-5.3.18-150300.59.43.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:48:16", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0169-1 advisory.\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4135)\n\n - A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem. (CVE-2021-4149)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)\n\n - A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem. (CVE-2021-4202)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. (CVE-2021-45486)\n\n - nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to cause a denial of service (NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own namespace. (CVE-2021-46283)\n\n - A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system. (CVE-2022-0185)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-26T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2022:0169-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-4083", "CVE-2021-4135", "CVE-2021-4149", "CVE-2021-4197", "CVE-2021-4202", "CVE-2021-45485", "CVE-2021-45486", "CVE-2021-46283", "CVE-2022-0185", "CVE-2022-0322"], "modified": "2023-07-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-devel-azure", "p-cpe:/a:novell:suse_linux:kernel-source-azure", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-0169-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157087", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0169-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157087);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/14\");\n\n script_cve_id(\n \"CVE-2021-4083\",\n \"CVE-2021-4135\",\n \"CVE-2021-4149\",\n \"CVE-2021-4197\",\n \"CVE-2021-4202\",\n \"CVE-2021-45485\",\n \"CVE-2021-45486\",\n \"CVE-2021-46283\",\n \"CVE-2022-0185\",\n \"CVE-2022-0322\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0169-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2022:0169-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:0169-1 advisory.\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket\n file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race\n condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device\n driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A\n local user could use this flaw to get unauthorized access to some data. (CVE-2021-4135)\n\n - A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an\n improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of\n service (DOS) due to a deadlock problem. (CVE-2021-4149)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces\n subsystem was found in the way users have access to some less privileged process that are controlled by\n cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of\n control groups. A local user could use this flaw to crash the system or escalate their privileges on the\n system. (CVE-2021-4197)\n\n - A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in\n the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem\n while the device is getting removed, leading to a privilege escalation problem. (CVE-2021-4202)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information\n leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based\n attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak\n because the hash table is very small. (CVE-2021-45486)\n\n - nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to\n cause a denial of service (NULL pointer dereference and general protection fault) because of the missing\n initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own\n namespace. (CVE-2021-46283)\n\n - A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem\n Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in\n case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local\n user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to\n legacy handling) could use this flaw to escalate their privileges on the system. (CVE-2022-0185)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network\n protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more\n buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1071995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1154492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1167773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177437\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190256\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191271\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191929\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192931\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193255\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193328\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193927\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194087\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194493\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194517\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194580\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194587\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194592\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194953\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4083\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4135\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4202\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-45485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-45486\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-46283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0185\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0322\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-January/010060.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8bea4669\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0185\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-azure-5.3.18-150300.38.37.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-public-cloud-release-15.3']},\n {'reference':'kernel-azure-devel-5.3.18-150300.38.37.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-public-cloud-release-15.3']},\n {'reference':'kernel-devel-azure-5.3.18-150300.38.37.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-public-cloud-release-15.3']},\n {'reference':'kernel-source-azure-5.3.18-150300.38.37.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-public-cloud-release-15.3']},\n {'reference':'kernel-syms-azure-5.3.18-150300.38.37.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-public-cloud-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-azure / kernel-azure-devel / kernel-devel-azure / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-04T14:33:16", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0198-1 advisory.\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. (CVE-2021-45486)\n\n - nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to cause a denial of service (NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own namespace. (CVE-2021-46283)\n\n - kernel: fs_context: heap overflow in legacy parameter handling (CVE-2022-0185)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-27T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : kernel (openSUSE-SU-2022:0198-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-4083", "CVE-2021-4135", "CVE-2021-4149", "CVE-2021-4197", "CVE-2021-4202", "CVE-2021-45485", "CVE-2021-45486", "CVE-2021-46283", "CVE-2022-0185", "CVE-2022-0322"], "modified": "2023-01-16T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:cluster-md-kmp-64kb", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-rebuild", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-extra", "p-cpe:/a:novell:opensuse:kernel-default-livepatch", "p-cpe:/a:novell:opensuse:kernel-default-livepatch-devel", "p-cpe:/a:novell:opensuse:kernel-default-optional", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-livepatch-devel", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-preempt", "p-cpe:/a:novell:opensuse:kernel-preempt-devel", "p-cpe:/a:novell:opensuse:kernel-preempt-extra", "p-cpe:/a:novell:opensuse:kernel-preempt-livepatch-devel", "p-cpe:/a:novell:opensuse:kernel-preempt-optional", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:cluster-md-kmp-default", "p-cpe:/a:novell:opensuse:cluster-md-kmp-preempt", "p-cpe:/a:novell:opensuse:dlm-kmp-64kb", "p-cpe:/a:novell:opensuse:dlm-kmp-default", "p-cpe:/a:novell:opensuse:dlm-kmp-preempt", "p-cpe:/a:novell:opensuse:dtb-al", "p-cpe:/a:novell:opensuse:dtb-allwinner", "p-cpe:/a:novell:opensuse:dtb-altera", "p-cpe:/a:novell:opensuse:dtb-amd", "p-cpe:/a:novell:opensuse:dtb-amlogic", "p-cpe:/a:novell:opensuse:dtb-apm", "p-cpe:/a:novell:opensuse:dtb-arm", "p-cpe:/a:novell:opensuse:dtb-broadcom", "p-cpe:/a:novell:opensuse:dtb-cavium", "p-cpe:/a:novell:opensuse:dtb-exynos", "p-cpe:/a:novell:opensuse:dtb-freescale", "p-cpe:/a:novell:opensuse:dtb-hisilicon", "p-cpe:/a:novell:opensuse:dtb-lg", "p-cpe:/a:novell:opensuse:dtb-marvell", "p-cpe:/a:novell:opensuse:dtb-mediatek", "p-cpe:/a:novell:opensuse:dtb-nvidia", "p-cpe:/a:novell:opensuse:dtb-qcom", "p-cpe:/a:novell:opensuse:dtb-renesas", "p-cpe:/a:novell:opensuse:dtb-rockchip", "p-cpe:/a:novell:opensuse:dtb-socionext", "p-cpe:/a:novell:opensuse:dtb-sprd", "p-cpe:/a:novell:opensuse:dtb-xilinx", "p-cpe:/a:novell:opensuse:dtb-zte", "p-cpe:/a:novell:opensuse:gfs2-kmp-64kb", "p-cpe:/a:novell:opensuse:gfs2-kmp-default", "p-cpe:/a:novell:opensuse:gfs2-kmp-preempt", "p-cpe:/a:novell:opensuse:kernel-64kb", "p-cpe:/a:novell:opensuse:kernel-64kb-devel", "p-cpe:/a:novell:opensuse:kernel-64kb-extra", "p-cpe:/a:novell:opensuse:kernel-64kb-livepatch-devel", "p-cpe:/a:novell:opensuse:kernel-64kb-optional", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-livepatch-devel", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-zfcpdump", "p-cpe:/a:novell:opensuse:kselftests-kmp-64kb", "p-cpe:/a:novell:opensuse:kselftests-kmp-default", "p-cpe:/a:novell:opensuse:kselftests-kmp-preempt", "p-cpe:/a:novell:opensuse:ocfs2-kmp-64kb", "p-cpe:/a:novell:opensuse:ocfs2-kmp-default", "p-cpe:/a:novell:opensuse:ocfs2-kmp-preempt", "p-cpe:/a:novell:opensuse:reiserfs-kmp-64kb", "p-cpe:/a:novell:opensuse:reiserfs-kmp-default", "p-cpe:/a:novell:opensuse:reiserfs-kmp-preempt", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-0198-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157147", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:0198-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157147);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/16\");\n\n script_cve_id(\n \"CVE-2021-4083\",\n \"CVE-2021-4135\",\n \"CVE-2021-4149\",\n \"CVE-2021-4197\",\n \"CVE-2021-4202\",\n \"CVE-2021-45485\",\n \"CVE-2021-45486\",\n \"CVE-2021-46283\",\n \"CVE-2022-0185\",\n \"CVE-2022-0322\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : kernel (openSUSE-SU-2022:0198-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:0198-1 advisory.\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket\n file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race\n condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information\n leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based\n attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak\n because the hash table is very small. (CVE-2021-45486)\n\n - nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to\n cause a denial of service (NULL pointer dereference and general protection fault) because of the missing\n initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own\n namespace. (CVE-2021-46283)\n\n - kernel: fs_context: heap overflow in legacy parameter handling (CVE-2022-0185)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1071995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1154492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1167773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177437\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190256\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191271\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191929\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192931\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193255\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193328\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193927\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194087\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194266\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194493\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194517\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194580\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194587\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194592\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194953\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194985\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JVCSEXTJ2SI3QLMCUUQNNUT3HNZQJIML/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8b766fc2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4083\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4135\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4202\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-45485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-45486\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-46283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0185\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0322\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0185\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cluster-md-kmp-64kb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cluster-md-kmp-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dlm-kmp-64kb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dlm-kmp-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-al\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-allwinner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-altera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-amd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-amlogic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-apm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-broadcom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-cavium\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-exynos\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-freescale\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-hisilicon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-lg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-mediatek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-nvidia\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-qcom\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-renesas\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-rockchip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-socionext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-sprd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-xilinx\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dtb-zte\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gfs2-kmp-64kb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gfs2-kmp-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-64kb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-64kb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-64kb-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-64kb-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-64kb-optional\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-rebuild\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-optional\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-optional\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-64kb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ocfs2-kmp-64kb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ocfs2-kmp-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:reiserfs-kmp-64kb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:reiserfs-kmp-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-64kb-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cluster-md-kmp-default-5.3.18-150300.59.43.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cluster-md-kmp-preempt-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cluster-md-kmp-preempt-5.3.18-150300.59.43.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dlm-kmp-64kb-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dlm-kmp-default-5.3.18-150300.59.43.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dlm-kmp-preempt-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dlm-kmp-preempt-5.3.18-150300.59.43.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-al-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-allwinner-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-altera-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-amd-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-amlogic-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-apm-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-arm-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-broadcom-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-cavium-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-exynos-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-freescale-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-hisilicon-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-lg-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-marvell-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-mediatek-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-nvidia-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-qcom-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-renesas-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-rockchip-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-socionext-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-sprd-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-xilinx-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dtb-zte-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gfs2-kmp-64kb-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gfs2-kmp-default-5.3.18-150300.59.43.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gfs2-kmp-preempt-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gfs2-kmp-preempt-5.3.18-150300.59.43.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-64kb-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-64kb-devel-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-64kb-extra-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-64kb-livepatch-devel-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-64kb-optional-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-5.3.18-150300.59.43.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-5.3.18-150300.59.43.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-livepatch-devel-5.3.18-150300.59.43.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-default-5.3.18-150300.59.43.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-default-base-5.3.18-150300.59.43.1.150300.18.27.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-default-base-rebuild-5.3.18-150300.59.43.1.150300.18.27.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-default-devel-5.3.18-150300.59.43.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-default-extra-5.3.18-150300.59.43.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-default-livepatch-5.3.18-150300.59.43.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-default-livepatch-devel-5.3.18-150300.59.43.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-default-optional-5.3.18-150300.59.43.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-5.3.18-150300.59.43.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kvmsmall-5.3.18-150300.59.43.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kvmsmall-devel-5.3.18-150300.59.43.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.43.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-macros-5.3.18-150300.59.43.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-obs-build-5.3.18-150300.59.43.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-obs-qa-5.3.18-150300.59.43.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-preempt-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-preempt-5.3.18-150300.59.43.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-preempt-devel-5.3.18-150300.59.43.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-preempt-extra-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-preempt-extra-5.3.18-150300.59.43.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-preempt-livepatch-devel-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-preempt-livepatch-devel-5.3.18-150300.59.43.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-preempt-optional-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-preempt-optional-5.3.18-150300.59.43.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-source-5.3.18-150300.59.43.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-source-vanilla-5.3.18-150300.59.43.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-syms-5.3.18-150300.59.43.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-5.3.18-150300.59.43.1', 'cpu':'s390x', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kselftests-kmp-64kb-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kselftests-kmp-default-5.3.18-150300.59.43.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kselftests-kmp-preempt-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kselftests-kmp-preempt-5.3.18-150300.59.43.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocfs2-kmp-64kb-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocfs2-kmp-default-5.3.18-150300.59.43.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocfs2-kmp-preempt-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocfs2-kmp-preempt-5.3.18-150300.59.43.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'reiserfs-kmp-64kb-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'reiserfs-kmp-default-5.3.18-150300.59.43.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'reiserfs-kmp-preempt-5.3.18-150300.59.43.1', 'cpu':'aarch64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'reiserfs-kmp-preempt-5.3.18-150300.59.43.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-64kb / cluster-md-kmp-default / cluster-md-kmp-preempt / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-04T14:32:59", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0169-1 advisory.\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. (CVE-2021-45486)\n\n - nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to cause a denial of service (NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own namespace. (CVE-2021-46283)\n\n - kernel: fs_context: heap overflow in legacy parameter handling (CVE-2022-0185)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-26T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : kernel (openSUSE-SU-2022:0169-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-4083", "CVE-2021-4135", "CVE-2021-4149", "CVE-2021-4197", "CVE-2021-4202", "CVE-2021-45485", "CVE-2021-45486", "CVE-2021-46283", "CVE-2022-0185", "CVE-2022-0322"], "modified": "2023-01-16T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:cluster-md-kmp-azure", "p-cpe:/a:novell:opensuse:dlm-kmp-azure", "p-cpe:/a:novell:opensuse:gfs2-kmp-azure", "p-cpe:/a:novell:opensuse:kernel-azure", "p-cpe:/a:novell:opensuse:kernel-azure-devel", "p-cpe:/a:novell:opensuse:kernel-azure-extra", "p-cpe:/a:novell:opensuse:kernel-azure-livepatch-devel", "p-cpe:/a:novell:opensuse:kernel-azure-optional", "p-cpe:/a:novell:opensuse:kernel-devel-azure", "p-cpe:/a:novell:opensuse:kernel-source-azure", "p-cpe:/a:novell:opensuse:kernel-syms-azure", "p-cpe:/a:novell:opensuse:kselftests-kmp-azure", "p-cpe:/a:novell:opensuse:ocfs2-kmp-azure", "p-cpe:/a:novell:opensuse:reiserfs-kmp-azure", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-0169-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157104", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:0169-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157104);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/16\");\n\n script_cve_id(\n \"CVE-2021-4083\",\n \"CVE-2021-4135\",\n \"CVE-2021-4149\",\n \"CVE-2021-4197\",\n \"CVE-2021-4202\",\n \"CVE-2021-45485\",\n \"CVE-2021-45486\",\n \"CVE-2021-46283\",\n \"CVE-2022-0185\",\n \"CVE-2022-0322\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : kernel (openSUSE-SU-2022:0169-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:0169-1 advisory.\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket\n file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race\n condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information\n leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based\n attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak\n because the hash table is very small. (CVE-2021-45486)\n\n - nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to\n cause a denial of service (NULL pointer dereference and general protection fault) because of the missing\n initialization for nft_set_elem_expr_alloc. A local user can set a netfilter table expression in their own\n namespace. (CVE-2021-46283)\n\n - kernel: fs_context: heap overflow in legacy parameter handling (CVE-2022-0185)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1071995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1154492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1167773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176774\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177437\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190256\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191271\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191929\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192931\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193255\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193328\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193927\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194087\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194493\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194517\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194580\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194587\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194592\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194953\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194985\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/S44U3IKMS3KZS626YQ5ZYDHA2HLKQNER/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?27dcb678\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4083\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4135\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4202\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-45485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-45486\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-46283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0185\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0322\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0185\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cluster-md-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:dlm-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gfs2-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-azure-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-azure-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-azure-optional\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kselftests-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ocfs2-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:reiserfs-kmp-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-azure-5.3.18-150300.38.37.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'dlm-kmp-azure-5.3.18-150300.38.37.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'gfs2-kmp-azure-5.3.18-150300.38.37.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-azure-5.3.18-150300.38.37.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-azure-devel-5.3.18-150300.38.37.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-azure-extra-5.3.18-150300.38.37.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-azure-livepatch-devel-5.3.18-150300.38.37.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-azure-optional-5.3.18-150300.38.37.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-azure-5.3.18-150300.38.37.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-source-azure-5.3.18-150300.38.37.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-syms-azure-5.3.18-150300.38.37.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kselftests-kmp-azure-5.3.18-150300.38.37.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ocfs2-kmp-azure-5.3.18-150300.38.37.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'reiserfs-kmp-azure-5.3.18-150300.38.37.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-azure / dlm-kmp-azure / gfs2-kmp-azure / kernel-azure / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-27T15:18:39", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as 'driver domains'.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default).\n Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time.\n (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714) (CVE-2021-28714, CVE-2021-28715)\n\n - In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-150694665References: Upstream kernel (CVE-2021-39633)\n\n - In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210292376References: Upstream kernel (CVE-2021-39685)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. (CVE-2021-44733)\n\n - In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry. (CVE-2021-45469)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-04-20T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : kernel (EulerOS-SA-2022-1489)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-28711", "CVE-2021-28712", "CVE-2021-28713", "CVE-2021-28714", "CVE-2021-28715", "CVE-2021-39633", "CVE-2021-39685", "CVE-2021-4155", "CVE-2021-4197", "CVE-2021-4203", "CVE-2021-44733", "CVE-2021-45469", "CVE-2022-0322"], "modified": "2022-04-20T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-abi-stablelists", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1489.NASL", "href": "https://www.tenable.com/plugins/nessus/159949", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159949);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/20\");\n\n script_cve_id(\n \"CVE-2021-4155\",\n \"CVE-2021-4197\",\n \"CVE-2021-4203\",\n \"CVE-2021-28711\",\n \"CVE-2021-28712\",\n \"CVE-2021-28713\",\n \"CVE-2021-28714\",\n \"CVE-2021-28715\",\n \"CVE-2021-39633\",\n \"CVE-2021-39685\",\n \"CVE-2021-44733\",\n \"CVE-2021-45469\",\n \"CVE-2022-0322\"\n );\n\n script_name(english:\"EulerOS 2.0 SP10 : kernel (EulerOS-SA-2022-1489)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to\n multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the\n ability to run PV backends in regular unprivileged guests, typically referred to as 'driver domains'.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets\n compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain\n could try to attack other guests via sending events at a high frequency leading to a Denial of Service in\n the guest due to trying to service interrupts for elongated amounts of time. There are three affected\n backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch\n 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record\n relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.]\n Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is\n ready to process them. There are some measures taken for avoiding to pile up too much data, but those can\n be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming\n new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default).\n Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time.\n (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in\n its RX queue ring page and the next package would require more than one free slot, which may be the case\n when using GSO, XDP, or software hashing. (CVE-2021-28714) (CVE-2021-28714, CVE-2021-28715)\n\n - In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This\n could lead to local information disclosure with no additional execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-150694665References: Upstream kernel (CVE-2021-39633)\n\n - In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an\n incorrect flag check. This could lead to local escalation of privilege with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-210292376References: Upstream kernel (CVE-2021-39685)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces\n subsystem was found in the way users have access to some less privileged process that are controlled by\n cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of\n control groups. A local user could use this flaw to crash the system or escalate their privileges on the\n system. (CVE-2021-4197)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and\n SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a\n user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory\n object. (CVE-2021-44733)\n\n - In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds\n memory access when an inode has an invalid last xattr entry. (CVE-2021-45469)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network\n protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more\n buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1489\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?aeaceb59\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4197\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"kernel-4.19.90-vhulk2111.1.0.h990.eulerosv2r10\",\n \"kernel-abi-stablelists-4.19.90-vhulk2111.1.0.h990.eulerosv2r10\",\n \"kernel-tools-4.19.90-vhulk2111.1.0.h990.eulerosv2r10\",\n \"kernel-tools-libs-4.19.90-vhulk2111.1.0.h990.eulerosv2r10\",\n \"python3-perf-4.19.90-vhulk2111.1.0.h990.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-27T15:18:39", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as 'driver domains'.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may allow an authenticated user to potentially enable denial of service via local access. (CVE-2021-33098)\n\n - In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-150694665References: Upstream kernel (CVE-2021-39633)\n\n - In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210292376References: Upstream kernel (CVE-2021-39685)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. (CVE-2021-44733)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-04-20T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : kernel (EulerOS-SA-2022-1508)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-29569", "CVE-2021-28711", "CVE-2021-28712", "CVE-2021-28713", "CVE-2021-33098", "CVE-2021-39633", "CVE-2021-39685", "CVE-2021-4155", "CVE-2021-4197", "CVE-2021-4203", "CVE-2021-44733", "CVE-2021-45485", "CVE-2022-0322"], "modified": "2022-05-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-abi-stablelists", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1508.NASL", "href": "https://www.tenable.com/plugins/nessus/159983", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159983);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\n \"CVE-2020-29569\",\n \"CVE-2021-4155\",\n \"CVE-2021-4197\",\n \"CVE-2021-4203\",\n \"CVE-2021-28711\",\n \"CVE-2021-28712\",\n \"CVE-2021-28713\",\n \"CVE-2021-33098\",\n \"CVE-2021-39633\",\n \"CVE-2021-39685\",\n \"CVE-2021-44733\",\n \"CVE-2021-45485\",\n \"CVE-2022-0322\"\n );\n\n script_name(english:\"EulerOS 2.0 SP10 : kernel (EulerOS-SA-2022-1508)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux\n kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect\n and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving\n guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege\n escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to\n multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the\n ability to run PV backends in regular unprivileged guests, typically referred to as 'driver domains'.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets\n compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain\n could try to attack other guests via sending events at a high frequency leading to a Denial of Service in\n the guest due to trying to service interrupts for elongated amounts of time. There are three affected\n backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch\n 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may allow\n an authenticated user to potentially enable denial of service via local access. (CVE-2021-33098)\n\n - In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This\n could lead to local information disclosure with no additional execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-150694665References: Upstream kernel (CVE-2021-39633)\n\n - In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an\n incorrect flag check. This could lead to local escalation of privilege with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-210292376References: Upstream kernel (CVE-2021-39685)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces\n subsystem was found in the way users have access to some less privileged process that are controlled by\n cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of\n control groups. A local user could use this flaw to crash the system or escalate their privileges on the\n system. (CVE-2021-4197)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and\n SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a\n user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory\n object. (CVE-2021-44733)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information\n leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based\n attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network\n protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more\n buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1508\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?701b3b9c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4197\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-29569\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"kernel-4.18.0-147.5.2.5.h805.eulerosv2r10\",\n \"kernel-abi-stablelists-4.18.0-147.5.2.5.h805.eulerosv2r10\",\n \"kernel-tools-4.18.0-147.5.2.5.h805.eulerosv2r10\",\n \"kernel-tools-libs-4.18.0-147.5.2.5.h805.eulerosv2r10\",\n \"python3-perf-4.18.0-147.5.2.5.h805.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-05T15:43:38", "description": "The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0372-1 advisory.\n\n - The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85. (CVE-2020-28097)\n\n - A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13. (CVE-2021-3564)\n\n - In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-160822094References: Upstream kernel (CVE-2021-39648)\n\n - In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-194696049References: Upstream kernel (CVE-2021-39657)\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4135)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)\n\n - A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem. (CVE-2021-4202)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. (CVE-2021-44733)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. (CVE-2022-0330)\n\n - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.\n This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. (CVE-2022-0435)\n\n - kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-12T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2022:0372-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28097", "CVE-2021-3564", "CVE-2021-39648", "CVE-2021-39657", "CVE-2021-4083", "CVE-2021-4135", "CVE-2021-4197", "CVE-2021-4202", "CVE-2021-44733", "CVE-2022-0322", "CVE-2022-0330", "CVE-2022-0435", "CVE-2022-22942"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-base", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-devel-azure", "p-cpe:/a:novell:suse_linux:kernel-source-azure", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-0372-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157929", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0372-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157929);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2020-28097\",\n \"CVE-2021-3564\",\n \"CVE-2021-4083\",\n \"CVE-2021-4135\",\n \"CVE-2021-4197\",\n \"CVE-2021-4202\",\n \"CVE-2021-39648\",\n \"CVE-2021-39657\",\n \"CVE-2021-44733\",\n \"CVE-2022-0322\",\n \"CVE-2022-0330\",\n \"CVE-2022-0435\",\n \"CVE-2022-22942\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0372-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:0372-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:0372-1 advisory.\n\n - The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a\n vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85. (CVE-2020-28097)\n\n - A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in\n the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the\n system. This flaw affects all the Linux kernel versions starting from 3.13. (CVE-2021-3564)\n\n - In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a\n race condition. This could lead to local information disclosure with System execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-160822094References: Upstream kernel (CVE-2021-39648)\n\n - In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing\n bounds check. This could lead to local information disclosure with System execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-194696049References: Upstream kernel (CVE-2021-39657)\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket\n file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race\n condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device\n driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A\n local user could use this flaw to get unauthorized access to some data. (CVE-2021-4135)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces\n subsystem was found in the way users have access to some less privileged process that are controlled by\n cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of\n control groups. A local user could use this flaw to crash the system or escalate their privileges on the\n system. (CVE-2021-4197)\n\n - A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in\n the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem\n while the device is getting removed, leading to a privilege escalation problem. (CVE-2021-4202)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory\n object. (CVE-2021-44733)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network\n protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more\n buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the\n way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or\n escalate their privileges on the system. (CVE-2022-0330)\n\n - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends\n a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.\n This flaw allows a remote user to crash the system or possibly escalate their privileges if they have\n access to the TIPC network. (CVE-2022-0435)\n\n - kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1071995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1082555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1163405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184209\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186207\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187723\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193234\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193235\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193927\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194227\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194493\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194814\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194880\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195065\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195254\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195272\");\n script_set_attribute(attribute:\"see_also\", value:\"https://lists.suse.com/pipermail/sle-updates/2022-February/021678.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-39648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-39657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4083\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4135\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4202\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44733\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0435\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-22942\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0435\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'vmwgfx Driver File Descriptor Handling Priv Esc');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12|SLES_SAP12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP12 SP5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-azure-4.12.14-16.88.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'kernel-azure-base-4.12.14-16.88.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'kernel-azure-devel-4.12.14-16.88.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'kernel-devel-azure-4.12.14-16.88.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'kernel-source-azure-4.12.14-16.88.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'kernel-syms-azure-4.12.14-16.88.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'kernel-azure-4.12.14-16.88.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'kernel-azure-base-4.12.14-16.88.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'kernel-azure-devel-4.12.14-16.88.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'kernel-devel-azure-4.12.14-16.88.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'kernel-source-azure-4.12.14-16.88.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'kernel-syms-azure-4.12.14-16.88.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-azure / kernel-azure-base / kernel-azure-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-05T15:35:04", "description": "The remote SUSE Linux SLED12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0364-1 advisory.\n\n - The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85. (CVE-2020-28097)\n\n - A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13. (CVE-2021-3564)\n\n - In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-160822094References: Upstream kernel (CVE-2021-39648)\n\n - In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-194696049References: Upstream kernel (CVE-2021-39657)\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4135)\n\n - A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem. (CVE-2021-4149)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)\n\n - A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem. (CVE-2021-4202)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. (CVE-2021-44733)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. (CVE-2022-0330)\n\n - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.\n This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. (CVE-2022-0435)\n\n - kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-11T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2022:0364-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28097", "CVE-2021-3564", "CVE-2021-39648", "CVE-2021-39657", "CVE-2021-4083", "CVE-2021-4135", "CVE-2021-4149", "CVE-2021-4197", "CVE-2021-4202", "CVE-2021-44733", "CVE-2022-0322", "CVE-2022-0330", "CVE-2022-0435", "CVE-2022-22942"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-extra", "p-cpe:/a:novell:suse_linux:kernel-default-kgraft", "p-cpe:/a:novell:suse_linux:kernel-default-kgraft-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_110-default", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-0364-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157899", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0364-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157899);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2020-28097\",\n \"CVE-2021-3564\",\n \"CVE-2021-4083\",\n \"CVE-2021-4135\",\n \"CVE-2021-4149\",\n \"CVE-2021-4197\",\n \"CVE-2021-4202\",\n \"CVE-2021-39648\",\n \"CVE-2021-39657\",\n \"CVE-2021-44733\",\n \"CVE-2022-0322\",\n \"CVE-2022-0330\",\n \"CVE-2022-0435\",\n \"CVE-2022-22942\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0364-1\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2022:0364-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED12 / SLES12 / SLES_SAP12 host has packages installed that are affected by multiple\nvulnerabilities as referenced in the SUSE-SU-2022:0364-1 advisory.\n\n - The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a\n vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85. (CVE-2020-28097)\n\n - A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in\n the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the\n system. This flaw affects all the Linux kernel versions starting from 3.13. (CVE-2021-3564)\n\n - In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a\n race condition. This could lead to local information disclosure with System execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-160822094References: Upstream kernel (CVE-2021-39648)\n\n - In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing\n bounds check. This could lead to local information disclosure with System execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-194696049References: Upstream kernel (CVE-2021-39657)\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket\n file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race\n condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device\n driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A\n local user could use this flaw to get unauthorized access to some data. (CVE-2021-4135)\n\n - A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an\n improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of\n service (DOS) due to a deadlock problem. (CVE-2021-4149)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces\n subsystem was found in the way users have access to some less privileged process that are controlled by\n cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of\n control groups. A local user could use this flaw to crash the system or escalate their privileges on the\n system. (CVE-2021-4197)\n\n - A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in\n the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem\n while the device is getting removed, leading to a privilege escalation problem. (CVE-2021-4202)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory\n object. (CVE-2021-44733)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network\n protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more\n buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the\n way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or\n escalate their privileges on the system. (CVE-2022-0330)\n\n - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends\n a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.\n This flaw allows a remote user to crash the system or possibly escalate their privileges if they have\n access to the TIPC network. (CVE-2022-0435)\n\n - kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1071995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1082555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1163405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184209\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186207\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187723\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193234\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193235\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193927\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194227\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194493\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194814\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194880\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195065\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195254\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195272\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-39648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-39657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4083\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4135\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4202\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44733\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0435\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-22942\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-February/010215.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?397f8c83\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0435\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'vmwgfx Driver File Descriptor Handling Priv Esc');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_110-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12|SLES_SAP12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED12 / SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED12 SP5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3|4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP3/4/5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP12 SP5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-default-4.12.14-122.110.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'kernel-default-base-4.12.14-122.110.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'kernel-default-devel-4.12.14-122.110.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'kernel-default-man-4.12.14-122.110.1', 'sp':'5', 'cpu':'s390x', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'kernel-devel-4.12.14-122.110.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'kernel-macros-4.12.14-122.110.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'kernel-source-4.12.14-122.110.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'kernel-syms-4.12.14-122.110.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'cluster-md-kmp-default-4.12.14-122.110.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},\n {'reference':'cluster-md-kmp-default-4.12.14-122.110.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},\n {'reference':'cluster-md-kmp-default-4.12.14-122.110.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},\n {'reference':'dlm-kmp-default-4.12.14-122.110.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},\n {'reference':'dlm-kmp-default-4.12.14-122.110.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},\n {'reference':'dlm-kmp-default-4.12.14-122.110.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},\n {'reference':'gfs2-kmp-default-4.12.14-122.110.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},\n {'reference':'gfs2-kmp-default-4.12.14-122.110.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},\n {'reference':'gfs2-kmp-default-4.12.14-122.110.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},\n {'reference':'ocfs2-kmp-default-4.12.14-122.110.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},\n {'reference':'ocfs2-kmp-default-4.12.14-122.110.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},\n {'reference':'ocfs2-kmp-default-4.12.14-122.110.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},\n {'reference':'kernel-default-kgraft-4.12.14-122.110.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']},\n {'reference':'kernel-default-kgraft-devel-4.12.14-122.110.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']},\n {'reference':'kgraft-patch-4_12_14-122_110-default-1-8.3.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']},\n {'reference':'kernel-obs-build-4.12.14-122.110.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5']},\n {'reference':'kernel-default-extra-4.12.14-122.110.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-12.5']},\n {'reference':'kernel-default-extra-4.12.14-122.110.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-we-release-12.5']},\n {'reference':'kernel-default-4.12.14-122.110.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'kernel-default-base-4.12.14-122.110.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'kernel-default-devel-4.12.14-122.110.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'kernel-default-man-4.12.14-122.110.1', 'sp':'5', 'cpu':'s390x', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'kernel-devel-4.12.14-122.110.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'kernel-macros-4.12.14-122.110.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'kernel-source-4.12.14-122.110.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'kernel-syms-4.12.14-122.110.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-05T15:33:59", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0555-1 advisory.\n\n - The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85. (CVE-2020-28097)\n\n - A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13. (CVE-2021-3564)\n\n - In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-160822094References: Upstream kernel (CVE-2021-39648)\n\n - In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-194696049References: Upstream kernel (CVE-2021-39657)\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4135)\n\n - A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem. (CVE-2021-4149)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)\n\n - A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem. (CVE-2021-4202)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. (CVE-2021-44733)\n\n - pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.\n (CVE-2021-45095)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. (CVE-2022-0330)\n\n - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.\n This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. (CVE-2022-0435)\n\n - kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-24T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : the Linux RT Kernel (SUSE-SU-2022:0555-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28097", "CVE-2021-3564", "CVE-2021-39648", "CVE-2021-39657", "CVE-2021-4083", "CVE-2021-4135", "CVE-2021-4149", "CVE-2021-4197", "CVE-2021-4202", "CVE-2021-44733", "CVE-2021-45095", "CVE-2022-0322", "CVE-2022-0330", "CVE-2022-0435", "CVE-2022-22942", "CVE-2022-24448"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:kernel-devel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt-base", "p-cpe:/a:novell:suse_linux:kernel-rt-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel", "p-cpe:/a:novell:suse_linux:kernel-source-rt", "p-cpe:/a:novell:suse_linux:kernel-syms-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-0555-1.NASL", "href": "https://www.tenable.com/plugins/nessus/158337", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0555-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158337);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2020-28097\",\n \"CVE-2021-3564\",\n \"CVE-2021-4083\",\n \"CVE-2021-4135\",\n \"CVE-2021-4149\",\n \"CVE-2021-4197\",\n \"CVE-2021-4202\",\n \"CVE-2021-39648\",\n \"CVE-2021-39657\",\n \"CVE-2021-44733\",\n \"CVE-2021-45095\",\n \"CVE-2022-0322\",\n \"CVE-2022-0330\",\n \"CVE-2022-0435\",\n \"CVE-2022-22942\",\n \"CVE-2022-24448\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0555-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : the Linux RT Kernel (SUSE-SU-2022:0555-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:0555-1 advisory.\n\n - The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a\n vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85. (CVE-2020-28097)\n\n - A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in\n the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the\n system. This flaw affects all the Linux kernel versions starting from 3.13. (CVE-2021-3564)\n\n - In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a\n race condition. This could lead to local information disclosure with System execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-160822094References: Upstream kernel (CVE-2021-39648)\n\n - In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing\n bounds check. This could lead to local information disclosure with System execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-194696049References: Upstream kernel (CVE-2021-39657)\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket\n file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race\n condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device\n driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A\n local user could use this flaw to get unauthorized access to some data. (CVE-2021-4135)\n\n - A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an\n improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of\n service (DOS) due to a deadlock problem. (CVE-2021-4149)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces\n subsystem was found in the way users have access to some less privileged process that are controlled by\n cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of\n control groups. A local user could use this flaw to crash the system or escalate their privileges on the\n system. (CVE-2021-4197)\n\n - A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in\n the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem\n while the device is getting removed, leading to a privilege escalation problem. (CVE-2021-4202)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory\n object. (CVE-2021-44733)\n\n - pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.\n (CVE-2021-45095)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network\n protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more\n buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the\n way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or\n escalate their privileges on the system. (CVE-2022-0330)\n\n - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends\n a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.\n This flaw allows a remote user to crash the system or possibly escalate their privileges if they have\n access to the TIPC network. (CVE-2022-0435)\n\n - kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1071995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1082555\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1163405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184209\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186207\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187723\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193234\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193235\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193927\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194227\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194410\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194493\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194814\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194880\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194965\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195065\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195254\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195272\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-39648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-39657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4083\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4135\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4202\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44733\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-45095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0435\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-22942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-24448\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-February/010290.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ba627bdb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0435\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'vmwgfx Driver File Descriptor Handling Priv Esc');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-rt-4.12.14-10.78.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},\n {'reference':'dlm-kmp-rt-4.12.14-10.78.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},\n {'reference':'gfs2-kmp-rt-4.12.14-10.78.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},\n {'reference':'kernel-devel-rt-4.12.14-10.78.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},\n {'reference':'kernel-rt-4.12.14-10.78.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},\n {'reference':'kernel-rt-base-4.12.14-10.78.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},\n {'reference':'kernel-rt-devel-4.12.14-10.78.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},\n {'reference':'kernel-rt_debug-4.12.14-10.78.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},\n {'reference':'kernel-rt_debug-devel-4.12.14-10.78.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},\n {'reference':'kernel-source-rt-4.12.14-10.78.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},\n {'reference':'kernel-syms-rt-4.12.14-10.78.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']},\n {'reference':'ocfs2-kmp-rt-4.12.14-10.78.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_RT-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-rt / dlm-kmp-rt / gfs2-kmp-rt / kernel-devel-rt / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-09T15:22:18", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (CVE-2021-22600)\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. (CVE-2021-26932)\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as 'driver domains'.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4. (CVE-2021-32078)\n\n - In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-150694665References: Upstream kernel (CVE-2021-39633)\n\n - In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210292376References: Upstream kernel (CVE-2021-39685)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. (CVE-2021-44733)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. (CVE-2021-45486)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. (CVE-2022-0330)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-04-18T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : kernel (EulerOS-SA-2022-1429)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-22600", "CVE-2021-26932", "CVE-2021-28711", "CVE-2021-28712", "CVE-2021-28713", "CVE-2021-32078", "CVE-2021-39633", "CVE-2021-39685", "CVE-2021-4155", "CVE-2021-4157", "CVE-2021-4159", "CVE-2021-4197", "CVE-2021-4203", "CVE-2021-44733", "CVE-2021-45485", "CVE-2021-45486", "CVE-2022-0322", "CVE-2022-0330", "CVE-2022-22942"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1429.NASL", "href": "https://www.tenable.com/plugins/nessus/159815", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159815);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2021-4155\",\n \"CVE-2021-4157\",\n \"CVE-2021-4159\",\n \"CVE-2021-4197\",\n \"CVE-2021-4203\",\n \"CVE-2021-22600\",\n \"CVE-2021-26932\",\n \"CVE-2021-28711\",\n \"CVE-2021-28712\",\n \"CVE-2021-28713\",\n \"CVE-2021-32078\",\n \"CVE-2021-39633\",\n \"CVE-2021-39685\",\n \"CVE-2021-44733\",\n \"CVE-2021-45485\",\n \"CVE-2021-45486\",\n \"CVE-2022-0322\",\n \"CVE-2022-0330\",\n \"CVE-2022-22942\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/02\");\n\n script_name(english:\"EulerOS 2.0 SP9 : kernel (EulerOS-SA-2022-1429)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through\n crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected\n versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (CVE-2021-22600)\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations\n often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success\n or failure of each one is reported to the backend driver, and the backend driver then loops over the\n results, performing follow-up actions based on the success or failure of each operation. Unfortunately,\n when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively\n implying their success from the success of related batch elements. In other cases, errors resulting from\n one batch element lead to further batch elements not being inspected, and hence successful ones to not be\n possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are\n vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and\n drivers/xen/gntdev.c. (CVE-2021-26932)\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to\n multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the\n ability to run PV backends in regular unprivileged guests, typically referred to as 'driver domains'.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets\n compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain\n could try to attack other guests via sending events at a high frequency leading to a Denial of Service in\n the guest due to trying to service interrupts for elongated amounts of time. There are three affected\n backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch\n 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel\n through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to\n element -2 of an array, aka CID-298a58e165e4. (CVE-2021-32078)\n\n - In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This\n could lead to local information disclosure with no additional execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-150694665References: Upstream kernel (CVE-2021-39633)\n\n - In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an\n incorrect flag check. This could lead to local escalation of privilege with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-210292376References: Upstream kernel (CVE-2021-39685)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in\n the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could\n potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces\n subsystem was found in the way users have access to some less privileged process that are controlled by\n cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of\n control groups. A local user could use this flaw to crash the system or escalate their privileges on the\n system. (CVE-2021-4197)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and\n SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a\n user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory\n object. (CVE-2021-44733)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information\n leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based\n attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak\n because the hash table is very small. (CVE-2021-45486)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network\n protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more\n buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the\n way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or\n escalate their privileges on the system. (CVE-2022-0330)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1429\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1420e1b9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4157\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'vmwgfx Driver File Descriptor Handling Priv Esc');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"kernel-4.19.90-vhulk2103.1.0.h693.eulerosv2r9\",\n \"kernel-tools-4.19.90-vhulk2103.1.0.h693.eulerosv2r9\",\n \"kernel-tools-libs-4.19.90-vhulk2103.1.0.h693.eulerosv2r9\",\n \"python3-perf-4.19.90-vhulk2103.1.0.h693.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-09T15:24:49", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (CVE-2021-22600)\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. (CVE-2021-26932)\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as 'driver domains'.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4. (CVE-2021-32078)\n\n - In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-150694665References: Upstream kernel (CVE-2021-39633)\n\n - In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210292376References: Upstream kernel (CVE-2021-39685)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. (CVE-2021-44733)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. (CVE-2021-45486)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. (CVE-2022-0330)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-05-05T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.1 : kernel (EulerOS-SA-2022-1607)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-22600", "CVE-2021-26932", "CVE-2021-28711", "CVE-2021-28712", "CVE-2021-28713", "CVE-2021-32078", "CVE-2021-39633", "CVE-2021-39685", "CVE-2021-4155", "CVE-2021-4157", "CVE-2021-4159", "CVE-2021-4197", "CVE-2021-4203", "CVE-2021-44733", "CVE-2021-45485", "CVE-2021-45486", "CVE-2022-0322", "CVE-2022-0330", "CVE-2022-22942"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:uvp:2.9.1"], "id": "EULEROS_SA-2022-1607.NASL", "href": "https://www.tenable.com/plugins/nessus/160617", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160617);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2021-4155\",\n \"CVE-2021-4157\",\n \"CVE-2021-4159\",\n \"CVE-2021-4197\",\n \"CVE-2021-4203\",\n \"CVE-2021-22600\",\n \"CVE-2021-26932\",\n \"CVE-2021-28711\",\n \"CVE-2021-28712\",\n \"CVE-2021-28713\",\n \"CVE-2021-32078\",\n \"CVE-2021-39633\",\n \"CVE-2021-39685\",\n \"CVE-2021-44733\",\n \"CVE-2021-45485\",\n \"CVE-2021-45486\",\n \"CVE-2022-0322\",\n \"CVE-2022-0330\",\n \"CVE-2022-22942\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/02\");\n\n script_name(english:\"EulerOS Virtualization 2.9.1 : kernel (EulerOS-SA-2022-1607)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through\n crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected\n versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (CVE-2021-22600)\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations\n often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success\n or failure of each one is reported to the backend driver, and the backend driver then loops over the\n results, performing follow-up actions based on the success or failure of each operation. Unfortunately,\n when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively\n implying their success from the success of related batch elements. In other cases, errors resulting from\n one batch element lead to further batch elements not being inspected, and hence successful ones to not be\n possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are\n vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and\n drivers/xen/gntdev.c. (CVE-2021-26932)\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to\n multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the\n ability to run PV backends in regular unprivileged guests, typically referred to as 'driver domains'.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets\n compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain\n could try to attack other guests via sending events at a high frequency leading to a Denial of Service in\n the guest due to trying to service interrupts for elongated amounts of time. There are three affected\n backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch\n 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel\n through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to\n element -2 of an array, aka CID-298a58e165e4. (CVE-2021-32078)\n\n - In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This\n could lead to local information disclosure with no additional execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-150694665References: Upstream kernel (CVE-2021-39633)\n\n - In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an\n incorrect flag check. This could lead to local escalation of privilege with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-210292376References: Upstream kernel (CVE-2021-39685)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in\n the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could\n potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces\n subsystem was found in the way users have access to some less privileged process that are controlled by\n cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of\n control groups. A local user could use this flaw to crash the system or escalate their privileges on the\n system. (CVE-2021-4197)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and\n SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a\n user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory\n object. (CVE-2021-44733)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information\n leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based\n attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak\n because the hash table is very small. (CVE-2021-45486)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network\n protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more\n buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the\n way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or\n escalate their privileges on the system. (CVE-2022-0330)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1607\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?eebfd9a3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4157\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'vmwgfx Driver File Descriptor Handling Priv Esc');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.1\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"kernel-4.19.90-vhulk2103.1.0.h693.eulerosv2r9\",\n \"kernel-tools-4.19.90-vhulk2103.1.0.h693.eulerosv2r9\",\n \"kernel-tools-libs-4.19.90-vhulk2103.1.0.h693.eulerosv2r9\",\n \"python3-perf-4.19.90-vhulk2103.1.0.h693.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-05T15:55:31", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if 'unbind' the driver). (CVE-2020-27820)\n\n - An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation. (CVE-2021-22543)\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as 'driver domains'.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70.\n (CVE-2021-29265)\n\n - An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4. (CVE-2021-32078)\n\n - Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may allow an authenticated user to potentially enable denial of service via local access. (CVE-2021-33098)\n\n - In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210292376References: Upstream kernel (CVE-2021-39685)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. (CVE-2021-44733)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. (CVE-2022-0330)\n\n - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.\n This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. (CVE-2022-0435)\n\n - A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. (CVE-2022-0487)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-04-18T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : kernel (EulerOS-SA-2022-1450)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27820", "CVE-2021-22543", "CVE-2021-28711", "CVE-2021-28712", "CVE-2021-28713", "CVE-2021-29265", "CVE-2021-32078", "CVE-2021-33098", "CVE-2021-39685", "CVE-2021-4155", "CVE-2021-4159", "CVE-2021-4197", "CVE-2021-4203", "CVE-2021-44733", "CVE-2021-45485", "CVE-2022-0322", "CVE-2022-0330", "CVE-2022-0435", "CVE-2022-0487", "CVE-2022-22942"], "modified": "2023-02-01T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1450.NASL", "href": "https://www.tenable.com/plugins/nessus/159811", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159811);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/01\");\n\n script_cve_id(\n \"CVE-2020-27820\",\n \"CVE-2021-4155\",\n \"CVE-2021-4159\",\n \"CVE-2021-4197\",\n \"CVE-2021-4203\",\n \"CVE-2021-22543\",\n \"CVE-2021-28711\",\n \"CVE-2021-28712\",\n \"CVE-2021-28713\",\n \"CVE-2021-29265\",\n \"CVE-2021-32078\",\n \"CVE-2021-33098\",\n \"CVE-2021-39685\",\n \"CVE-2021-44733\",\n \"CVE-2021-45485\",\n \"CVE-2022-0322\",\n \"CVE-2022-0330\",\n \"CVE-2022-0435\",\n \"CVE-2022-0487\",\n \"CVE-2022-22942\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : kernel (EulerOS-SA-2022-1450)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could\n happen if removing device (that is not common to remove video card physically without power-off, but same\n happens if 'unbind' the driver). (CVE-2020-27820)\n\n - An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass\n RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users\n with the ability to start and control a VM to read/write random pages of memory and can result in local\n privilege escalation. (CVE-2021-22543)\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to\n multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the\n ability to run PV backends in regular unprivileged guests, typically referred to as 'driver domains'.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets\n compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain\n could try to attack other guests via sending events at a high frequency leading to a Denial of Service in\n the guest due to trying to service interrupts for elongated amounts of time. There are three affected\n backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch\n 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in\n drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up\n sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70.\n (CVE-2021-29265)\n\n - An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel\n through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to\n element -2 of an array, aka CID-298a58e165e4. (CVE-2021-32078)\n\n - Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may allow\n an authenticated user to potentially enable denial of service via local access. (CVE-2021-33098)\n\n - In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an\n incorrect flag check. This could lead to local escalation of privilege with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-210292376References: Upstream kernel (CVE-2021-39685)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces\n subsystem was found in the way users have access to some less privileged process that are controlled by\n cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of\n control groups. A local user could use this flaw to crash the system or escalate their privileges on the\n system. (CVE-2021-4197)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and\n SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a\n user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory\n object. (CVE-2021-44733)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information\n leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based\n attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network\n protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more\n buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the\n way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or\n escalate their privileges on the system. (CVE-2022-0330)\n\n - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends\n a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.\n This flaw allows a remote user to crash the system or possibly escalate their privileges if they have\n access to the TIPC network. (CVE-2022-0435)\n\n - A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c\n in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system\n Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. (CVE-2022-0487)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1450\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f9b6734e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0435\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'vmwgfx Driver File Descriptor Handling Priv Esc');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"kernel-4.18.0-147.5.1.6.h686.eulerosv2r9\",\n \"kernel-tools-4.18.0-147.5.1.6.h686.eulerosv2r9\",\n \"kernel-tools-libs-4.18.0-147.5.1.6.h686.eulerosv2r9\",\n \"python3-perf-4.18.0-147.5.1.6.h686.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-05T16:00:39", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if 'unbind' the driver). (CVE-2020-27820)\n\n - An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation. (CVE-2021-22543)\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as 'driver domains'.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70.\n (CVE-2021-29265)\n\n - An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4. (CVE-2021-32078)\n\n - Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may allow an authenticated user to potentially enable denial of service via local access. (CVE-2021-33098)\n\n - In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210292376References: Upstream kernel (CVE-2021-39685)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. (CVE-2021-44733)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. (CVE-2022-0330)\n\n - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.\n This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. (CVE-2022-0435)\n\n - A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. (CVE-2022-0487)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-05-05T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.0 : kernel (EulerOS-SA-2022-1630)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27820", "CVE-2021-22543", "CVE-2021-28711", "CVE-2021-28712", "CVE-2021-28713", "CVE-2021-29265", "CVE-2021-32078", "CVE-2021-33098", "CVE-2021-39685", "CVE-2021-4155", "CVE-2021-4159", "CVE-2021-4197", "CVE-2021-4203", "CVE-2021-44733", "CVE-2021-45485", "CVE-2022-0322", "CVE-2022-0330", "CVE-2022-0435", "CVE-2022-0487", "CVE-2022-22942"], "modified": "2023-02-01T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:uvp:2.9.0"], "id": "EULEROS_SA-2022-1630.NASL", "href": "https://www.tenable.com/plugins/nessus/160581", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160581);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/01\");\n\n script_cve_id(\n \"CVE-2020-27820\",\n \"CVE-2021-4155\",\n \"CVE-2021-4159\",\n \"CVE-2021-4197\",\n \"CVE-2021-4203\",\n \"CVE-2021-22543\",\n \"CVE-2021-28711\",\n \"CVE-2021-28712\",\n \"CVE-2021-28713\",\n \"CVE-2021-29265\",\n \"CVE-2021-32078\",\n \"CVE-2021-33098\",\n \"CVE-2021-39685\",\n \"CVE-2021-44733\",\n \"CVE-2021-45485\",\n \"CVE-2022-0322\",\n \"CVE-2022-0330\",\n \"CVE-2022-0435\",\n \"CVE-2022-0487\",\n \"CVE-2022-22942\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.9.0 : kernel (EulerOS-SA-2022-1630)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could\n happen if removing device (that is not common to remove video card physically without power-off, but same\n happens if 'unbind' the driver). (CVE-2020-27820)\n\n - An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass\n RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users\n with the ability to start and control a VM to read/write random pages of memory and can result in local\n privilege escalation. (CVE-2021-22543)\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to\n multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the\n ability to run PV backends in regular unprivileged guests, typically referred to as 'driver domains'.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets\n compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain\n could try to attack other guests via sending events at a high frequency leading to a Denial of Service in\n the guest due to trying to service interrupts for elongated amounts of time. There are three affected\n backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch\n 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in\n drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up\n sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70.\n (CVE-2021-29265)\n\n - An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel\n through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to\n element -2 of an array, aka CID-298a58e165e4. (CVE-2021-32078)\n\n - Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may allow\n an authenticated user to potentially enable denial of service via local access. (CVE-2021-33098)\n\n - In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an\n incorrect flag check. This could lead to local escalation of privilege with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-210292376References: Upstream kernel (CVE-2021-39685)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces\n subsystem was found in the way users have access to some less privileged process that are controlled by\n cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of\n control groups. A local user could use this flaw to crash the system or escalate their privileges on the\n system. (CVE-2021-4197)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and\n SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a\n user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory\n object. (CVE-2021-44733)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information\n leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based\n attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network\n protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more\n buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the\n way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or\n escalate their privileges on the system. (CVE-2022-0330)\n\n - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends\n a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.\n This flaw allows a remote user to crash the system or possibly escalate their privileges if they have\n access to the TIPC network. (CVE-2022-0435)\n\n - A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c\n in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system\n Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. (CVE-2022-0487)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1630\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1523867c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0435\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'vmwgfx Driver File Descriptor Handling Priv Esc');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"kernel-4.18.0-147.5.1.6.h686.eulerosv2r9\",\n \"kernel-tools-4.18.0-147.5.1.6.h686.eulerosv2r9\",\n \"kernel-tools-libs-4.18.0-147.5.1.6.h686.eulerosv2r9\",\n \"python3-perf-4.18.0-147.5.1.6.h686.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:45:26", "description": "The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0197-1 advisory.\n\n - A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if unbind the driver). (CVE-2020-27820)\n\n - A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat. (CVE-2020-27825)\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as driver domains.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default).\n Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time.\n (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714) (CVE-2021-28714, CVE-2021-28715)\n\n - Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may allow an authenticated user to potentially enable denial of service via local access. (CVE-2021-33098)\n\n - A race condition was found in the Linux kernel's ebpf verifier between bpf_map_update_elem and bpf_map_freeze due to a missing lock in kernel/bpf/syscall.c. In this flaw, a local user with a special privilege (cap_sys_admin or cap_bpf) can modify the frozen mapped address space. This flaw affects kernel versions prior to 5.16 rc2. (CVE-2021-4001)\n\n - A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4002)\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4135)\n\n - A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem. (CVE-2021-4149)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)\n\n - A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem. (CVE-2021-4202)\n\n - In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (CVE-2021-43975)\n\n - In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).\n (CVE-2021-43976)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. (CVE-2021-44733)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. (CVE-2021-45486)\n\n - A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system. (CVE-2022-0185)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-27T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2022:0197-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27820", "CVE-2020-27825", "CVE-2021-28711", "CVE-2021-28712", "CVE-2021-28713", "CVE-2021-28714", "CVE-2021-28715", "CVE-2021-33098", "CVE-2021-4001", "CVE-2021-4002", "CVE-2021-4083", "CVE-2021-4135", "CVE-2021-4149", "CVE-2021-4197", "CVE-2021-4202", "CVE-2021-43975", "CVE-2021-43976", "CVE-2021-44733", "CVE-2021-45485", "CVE-2021-45486", "CVE-2022-0185", "CVE-2022-0322"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_99-default", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-preempt", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-0197-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157144", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0197-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157144);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2020-27820\",\n \"CVE-2020-27825\",\n \"CVE-2021-4001\",\n \"CVE-2021-4002\",\n \"CVE-2021-4083\",\n \"CVE-2021-4135\",\n \"CVE-2021-4149\",\n \"CVE-2021-4197\",\n \"CVE-2021-4202\",\n \"CVE-2021-28711\",\n \"CVE-2021-28712\",\n \"CVE-2021-28713\",\n \"CVE-2021-28714\",\n \"CVE-2021-28715\",\n \"CVE-2021-33098\",\n \"CVE-2021-43975\",\n \"CVE-2021-43976\",\n \"CVE-2021-44733\",\n \"CVE-2021-45485\",\n \"CVE-2021-45486\",\n \"CVE-2022-0185\",\n \"CVE-2022-0322\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0197-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2022:0197-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:0197-1 advisory.\n\n - A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could\n happen if removing device (that is not common to remove video card physically without power-off, but same\n happens if unbind the driver). (CVE-2020-27820)\n\n - A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux kernel (before 5.10-rc1). There was\n a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a\n denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege\n to a kernel information leak threat. (CVE-2020-27825)\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to\n multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the\n ability to run PV backends in regular unprivileged guests, typically referred to as driver domains.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets\n compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain\n could try to attack other guests via sending events at a high frequency leading to a Denial of Service in\n the guest due to trying to service interrupts for elongated amounts of time. There are three affected\n backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch\n 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record\n relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.]\n Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is\n ready to process them. There are some measures taken for avoiding to pile up too much data, but those can\n be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming\n new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default).\n Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time.\n (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in\n its RX queue ring page and the next package would require more than one free slot, which may be the case\n when using GSO, XDP, or software hashing. (CVE-2021-28714) (CVE-2021-28714, CVE-2021-28715)\n\n - Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may allow\n an authenticated user to potentially enable denial of service via local access. (CVE-2021-33098)\n\n - A race condition was found in the Linux kernel's ebpf verifier between bpf_map_update_elem and\n bpf_map_freeze due to a missing lock in kernel/bpf/syscall.c. In this flaw, a local user with a special\n privilege (cap_sys_admin or cap_bpf) can modify the frozen mapped address space. This flaw affects kernel\n versions prior to 5.16 rc2. (CVE-2021-4001)\n\n - A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some\n regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the\n memory pages. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4002)\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket\n file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race\n condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device\n driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A\n local user could use this flaw to get unauthorized access to some data. (CVE-2021-4135)\n\n - A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an\n improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of\n service (DOS) due to a deadlock problem. (CVE-2021-4149)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces\n subsystem was found in the way users have access to some less privileged process that are controlled by\n cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of\n control groups. A local user could use this flaw to crash the system or escalate their privileges on the\n system. (CVE-2021-4197)\n\n - A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in\n the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem\n while the device is getting removed, leading to a privilege escalation problem. (CVE-2021-4202)\n\n - In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in\n drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a\n crafted device) to trigger an out-of-bounds write via a crafted length value. (CVE-2021-43975)\n\n - In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows\n an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).\n (CVE-2021-43976)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory\n object. (CVE-2021-44733)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information\n leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based\n attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak\n because the hash table is very small. (CVE-2021-45486)\n\n - A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem\n Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in\n case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local\n user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to\n legacy handling) could use this flaw to escalate their privileges on the system. (CVE-2022-0185)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network\n protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more\n buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1071995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1139944\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1151927\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1153275\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1154355\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1161907\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1164565\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1166780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1169514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176546\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1176956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1178270\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179211\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179424\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181148\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181710\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183540\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184209\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185902\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187541\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189126\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191271\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191793\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191876\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192267\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192511\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192569\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192845\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192847\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193042\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193169\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193255\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193318\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193927\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194087\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194517\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28712\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28714\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33098\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4083\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4135\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4202\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44733\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-45485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-45486\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0185\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0322\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-January/010080.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fcf10ff9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0185\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_99-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP2\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-default-5.3.18-24.99.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'kernel-default-base-5.3.18-24.99.1.9.46.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'kernel-default-devel-5.3.18-24.99.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'kernel-devel-5.3.18-24.99.1', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'kernel-macros-5.3.18-24.99.1', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'kernel-obs-build-5.3.18-24.99.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'kernel-preempt-5.3.18-24.99.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'kernel-preempt-devel-5.3.18-24.99.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'kernel-source-5.3.18-24.99.1', 'sp':'2', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'kernel-syms-5.3.18-24.99.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'reiserfs-kmp-default-5.3.18-24.99.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'kernel-default-5.3.18-24.99.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-default-5.3.18-24.99.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'kernel-default-base-5.3.18-24.99.1.9.46.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-default-base-5.3.18-24.99.1.9.46.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'kernel-default-devel-5.3.18-24.99.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-default-devel-5.3.18-24.99.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'kernel-devel-5.3.18-24.99.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'kernel-macros-5.3.18-24.99.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'kernel-obs-build-5.3.18-24.99.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-obs-build-5.3.18-24.99.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'kernel-preempt-5.3.18-24.99.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-preempt-5.3.18-24.99.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'kernel-preempt-devel-5.3.18-24.99.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-preempt-devel-5.3.18-24.99.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'kernel-source-5.3.18-24.99.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'kernel-syms-5.3.18-24.99.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-syms-5.3.18-24.99.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'kernel-default-5.3.18-24.99.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-default-5.3.18-24.99.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-default-base-5.3.18-24.99.1.9.46.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-default-base-5.3.18-24.99.1.9.46.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-default-devel-5.3.18-24.99.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-default-devel-5.3.18-24.99.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-devel-5.3.18-24.99.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-macros-5.3.18-24.99.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-obs-build-5.3.18-24.99.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-obs-build-5.3.18-24.99.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-preempt-5.3.18-24.99.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-preempt-5.3.18-24.99.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-preempt-devel-5.3.18-24.99.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-preempt-devel-5.3.18-24.99.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-source-5.3.18-24.99.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-syms-5.3.18-24.99.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-syms-5.3.18-24.99.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'cluster-md-kmp-default-5.3.18-24.99.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.2']},\n {'reference':'dlm-kmp-default-5.3.18-24.99.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.2']},\n {'reference':'gfs2-kmp-default-5.3.18-24.99.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.2']},\n {'reference':'ocfs2-kmp-default-5.3.18-24.99.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.2']},\n {'reference':'kernel-default-livepatch-5.3.18-24.99.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']},\n {'reference':'kernel-default-livepatch-devel-5.3.18-24.99.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']},\n {'reference':'kernel-livepatch-5_3_18-24_99-default-1-5.3.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']},\n {'reference':'kernel-default-5.3.18-24.99.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'kernel-default-base-5.3.18-24.99.1.9.46.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'kernel-default-devel-5.3.18-24.99.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'kernel-obs-build-5.3.18-24.99.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'kernel-syms-5.3.18-24.99.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'reiserfs-kmp-default-5.3.18-24.99.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:53:56", "description": "The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0371-1 advisory.\n\n - The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c.\n (CVE-2018-25020)\n\n - An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.\n (CVE-2019-15126)\n\n - A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if unbind the driver). (CVE-2020-27820)\n\n - In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References:\n Upstream kernel (CVE-2021-0920)\n\n - In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168607263References:\n Upstream kernel (CVE-2021-0935)\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as driver domains.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default).\n Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time.\n (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714) (CVE-2021-28714, CVE-2021-28715)\n\n - Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may allow an authenticated user to potentially enable denial of service via local access. (CVE-2021-33098)\n\n - A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13. (CVE-2021-3564)\n\n - In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-160822094References: Upstream kernel (CVE-2021-39648)\n\n - In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-194696049References: Upstream kernel (CVE-2021-39657)\n\n - A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4002)\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem. (CVE-2021-4149)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)\n\n - A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem. (CVE-2021-4202)\n\n - In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (CVE-2021-43975)\n\n - In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).\n (CVE-2021-43976)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. (CVE-2021-44733)\n\n - pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.\n (CVE-2021-45095)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. (CVE-2021-45486)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. (CVE-2022-0330)\n\n - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.\n This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. (CVE-2022-0435)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-12T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2022:0371-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-25020", "CVE-2019-15126", "CVE-2019-9500", "CVE-2019-9501", "CVE-2019-9502", "CVE-2019-9503", "CVE-2020-27820", "CVE-2021-0920", "CVE-2021-0935", "CVE-2021-28711", "CVE-2021-28712", "CVE-2021-28713", "CVE-2021-28714", "CVE-2021-28715", "CVE-2021-33098", "CVE-2021-3564", "CVE-2021-39648", "CVE-2021-39657", "CVE-2021-4002", "CVE-2021-4083", "CVE-2021-4149", "CVE-2021-4197", "CVE-2021-4202", "CVE-2021-43975", "CVE-2021-43976", "CVE-2021-44733", "CVE-2021-45095", "CVE-2021-45486", "CVE-2022-0322", "CVE-2022-0330", "CVE-2022-0435"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-kgraft", "p-cpe:/a:novell:suse_linux:kernel-default-kgraft-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_88-default", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-0371-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157939", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0371-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157939);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2018-25020\",\n \"CVE-2019-15126\",\n \"CVE-2020-27820\",\n \"CVE-2021-0920\",\n \"CVE-2021-0935\",\n \"CVE-2021-3564\",\n \"CVE-2021-4002\",\n \"CVE-2021-4083\",\n \"CVE-2021-4149\",\n \"CVE-2021-4197\",\n \"CVE-2021-4202\",\n \"CVE-2021-28711\",\n \"CVE-2021-28712\",\n \"CVE-2021-28713\",\n \"CVE-2021-28714\",\n \"CVE-2021-28715\",\n \"CVE-2021-33098\",\n \"CVE-2021-39648\",\n \"CVE-2021-39657\",\n \"CVE-2021-43975\",\n \"CVE-2021-43976\",\n \"CVE-2021-44733\",\n \"CVE-2021-45095\",\n \"CVE-2021-45486\",\n \"CVE-2022-0322\",\n \"CVE-2022-0330\",\n \"CVE-2022-0435\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0371-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:0371-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:0371-1 advisory.\n\n - The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an\n instruction sequence where inner instructions require substantial expansions into multiple BPF\n instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c.\n (CVE-2018-25020)\n\n - An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can\n cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi\n encryption with a consequent possibility of information disclosure over the air for a discrete set of\n traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.\n (CVE-2019-15126)\n\n - A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could\n happen if removing device (that is not common to remove video card physically without power-off, but same\n happens if unbind the driver). (CVE-2020-27820)\n\n - In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This\n could lead to local escalation of privilege with System execution privileges needed. User interaction is\n not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References:\n Upstream kernel (CVE-2021-0920)\n\n - In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. This could\n lead to local escalation of privilege with System execution privileges needed. User interaction is not\n needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168607263References:\n Upstream kernel (CVE-2021-0935)\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to\n multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the\n ability to run PV backends in regular unprivileged guests, typically referred to as driver domains.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets\n compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain\n could try to attack other guests via sending events at a high frequency leading to a Denial of Service in\n the guest due to trying to service interrupts for elongated amounts of time. There are three affected\n backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch\n 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record\n relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.]\n Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is\n ready to process them. There are some measures taken for avoiding to pile up too much data, but those can\n be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming\n new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default).\n Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time.\n (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in\n its RX queue ring page and the next package would require more than one free slot, which may be the case\n when using GSO, XDP, or software hashing. (CVE-2021-28714) (CVE-2021-28714, CVE-2021-28715)\n\n - Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may allow\n an authenticated user to potentially enable denial of service via local access. (CVE-2021-33098)\n\n - A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in\n the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the\n system. This flaw affects all the Linux kernel versions starting from 3.13. (CVE-2021-3564)\n\n - In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a\n race condition. This could lead to local information disclosure with System execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-160822094References: Upstream kernel (CVE-2021-39648)\n\n - In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing\n bounds check. This could lead to local information disclosure with System execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-194696049References: Upstream kernel (CVE-2021-39657)\n\n - A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some\n regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the\n memory pages. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4002)\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket\n file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race\n condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an\n improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of\n service (DOS) due to a deadlock problem. (CVE-2021-4149)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces\n subsystem was found in the way users have access to some less privileged process that are controlled by\n cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of\n control groups. A local user could use this flaw to crash the system or escalate their privileges on the\n system. (CVE-2021-4197)\n\n - A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in\n the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem\n while the device is getting removed, leading to a privilege escalation problem. (CVE-2021-4202)\n\n - In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in\n drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a\n crafted device) to trigger an out-of-bounds write via a crafted length value. (CVE-2021-43975)\n\n - In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows\n an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).\n (CVE-2021-43976)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory\n object. (CVE-2021-44733)\n\n - pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.\n (CVE-2021-45095)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak\n because the hash table is very small. (CVE-2021-45486)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network\n protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more\n buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the\n way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or\n escalate their privileges on the system. (CVE-2022-0330)\n\n - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends\n a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.\n This flaw allows a remote user to crash the system or possibly escalate their privileges if they have\n access to the TIPC network. (CVE-2022-0435)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1071995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1124431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1167162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1169514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1172073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177101\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186207\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189841\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191229\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191731\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192267\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192845\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192847\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193731\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194087\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194227\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194880\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195254\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-25020\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15126\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-0920\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-0935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28712\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28714\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33098\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-39648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-39657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4083\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4202\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44733\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-45095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-45486\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0435\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-February/010217.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?52834168\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0435\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_88-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12|SLES_SAP12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3|4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP3/4/5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP12\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP12 SP4\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-default-4.12.14-95.88.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-default-base-4.12.14-95.88.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-default-devel-4.12.14-95.88.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-devel-4.12.14-95.88.1', 'sp':'4', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-macros-4.12.14-95.88.1', 'sp':'4', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-source-4.12.14-95.88.1', 'sp':'4', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-syms-4.12.14-95.88.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'cluster-md-kmp-default-4.12.14-95.88.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.4']},\n {'reference':'cluster-md-kmp-default-4.12.14-95.88.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.4']},\n {'reference':'cluster-md-kmp-default-4.12.14-95.88.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.4']},\n {'reference':'dlm-kmp-default-4.12.14-95.88.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.4']},\n {'reference':'dlm-kmp-default-4.12.14-95.88.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.4']},\n {'reference':'dlm-kmp-default-4.12.14-95.88.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.4']},\n {'reference':'gfs2-kmp-default-4.12.14-95.88.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.4']},\n {'reference':'gfs2-kmp-default-4.12.14-95.88.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.4']},\n {'reference':'gfs2-kmp-default-4.12.14-95.88.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.4']},\n {'reference':'ocfs2-kmp-default-4.12.14-95.88.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.4']},\n {'reference':'ocfs2-kmp-default-4.12.14-95.88.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.4']},\n {'reference':'ocfs2-kmp-default-4.12.14-95.88.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.4']},\n {'reference':'kernel-default-kgraft-4.12.14-95.88.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']},\n {'reference':'kernel-default-kgraft-devel-4.12.14-95.88.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']},\n {'reference':'kgraft-patch-4_12_14-95_88-default-1-6.5.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']},\n {'reference':'kernel-default-4.12.14-95.88.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-default-base-4.12.14-95.88.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-default-devel-4.12.14-95.88.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-default-man-4.12.14-95.88.1', 'sp':'4', 'cpu':'s390x', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-devel-4.12.14-95.88.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-macros-4.12.14-95.88.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-source-4.12.14-95.88.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-syms-4.12.14-95.88.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:32:33", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if 'unbind' the driver). (CVE-2020-27820)\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as 'driver domains'.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may allow an authenticated user to potentially enable denial of service via local access. (CVE-2021-33098)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-150694665References: Upstream kernel (CVE-2021-39633)\n\n - In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210292376References: Upstream kernel (CVE-2021-39685)\n\n - In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-185125206References: Upstream kernel (CVE-2021-39698)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. (CVE-2021-44733)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.\n This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. (CVE-2022-0435)\n\n - A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. (CVE-2022-0487)\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - A flaw was found in the way the 'flags' member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. (CVE-2022-0847)\n\n - A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().\n This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. (CVE-2022-1011)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\n - An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory. (CVE-2022-25375)\n\n - st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. (CVE-2022-26490)\n\n - An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. (CVE-2022-26966)\n\n - In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access. (CVE-2022-27223)\n\n - A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat. (CVE-2022-27666)\n\n - kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL (CVE-2021-4155)\n\n - A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures.\n Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. (CVE-2021-4159)\n\n - kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-07-15T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.10.0 : kernel (EulerOS-SA-2022-2026)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27820", "CVE-2020-29569", "CVE-2021-28711", "CVE-2021-28712", "CVE-2021-28713", "CVE-2021-33098", "CVE-2021-3772", "CVE-2021-39633", "CVE-2021-39685", "CVE-2021-39698", "CVE-2021-4155", "CVE-2021-4159", "CVE-2021-4197", "CVE-2021-4203", "CVE-2021-44733", "CVE-2021-45485", "CVE-2022-0322", "CVE-2022-0435", "CVE-2022-0487", "CVE-2022-0492", "CVE-2022-0617", "CVE-2022-0847", "CVE-2022-1011", "CVE-2022-22942", "CVE-2022-24448", "CVE-2022-25375", "CVE-2022-26490", "CVE-2022-26966", "CVE-2022-27223", "CVE-2022-27666"], "modified": "2023-01-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-abi-stablelists", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:uvp:2.10.0"], "id": "EULEROS_SA-2022-2026.NASL", "href": "https://www.tenable.com/plugins/nessus/163224", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163224);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/13\");\n\n script_cve_id(\n \"CVE-2020-27820\",\n \"CVE-2020-29569\",\n \"CVE-2021-3772\",\n \"CVE-2021-4155\",\n \"CVE-2021-4159\",\n \"CVE-2021-4197\",\n \"CVE-2021-4203\",\n \"CVE-2021-28711\",\n \"CVE-2021-28712\",\n \"CVE-2021-28713\",\n \"CVE-2021-33098\",\n \"CVE-2021-39633\",\n \"CVE-2021-39685\",\n \"CVE-2021-39698\",\n \"CVE-2021-44733\",\n \"CVE-2021-45485\",\n \"CVE-2022-0322\",\n \"CVE-2022-0435\",\n \"CVE-2022-0487\",\n \"CVE-2022-0492\",\n \"CVE-2022-0617\",\n \"CVE-2022-0847\",\n \"CVE-2022-1011\",\n \"CVE-2022-22942\",\n \"CVE-2022-24448\",\n \"CVE-2022-25375\",\n \"CVE-2022-26490\",\n \"CVE-2022-26966\",\n \"CVE-2022-27223\",\n \"CVE-2022-27666\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/16\");\n\n script_name(english:\"EulerOS Virtualization 2.10.0 : kernel (EulerOS-SA-2022-2026)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could\n happen if removing device (that is not common to remove video card physically without power-off, but same\n happens if 'unbind' the driver). (CVE-2020-27820)\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux\n kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect\n and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving\n guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege\n escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to\n multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the\n ability to run PV backends in regular unprivileged guests, typically referred to as 'driver domains'.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets\n compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain\n could try to attack other guests via sending events at a high frequency leading to a Denial of Service in\n the guest due to trying to service interrupts for elongated amounts of time. There are three affected\n backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch\n 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may allow\n an authenticated user to potentially enable denial of service via local access. (CVE-2021-33098)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP\n association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and\n the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This\n could lead to local information disclosure with no additional execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-150694665References: Upstream kernel (CVE-2021-39633)\n\n - In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an\n incorrect flag check. This could lead to local escalation of privilege with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-210292376References: Upstream kernel (CVE-2021-39685)\n\n - In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This\n could lead to local escalation of privilege with no additional execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-185125206References: Upstream kernel (CVE-2021-39698)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces\n subsystem was found in the way users have access to some less privileged process that are controlled by\n cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of\n control groups. A local user could use this flaw to crash the system or escalate their privileges on the\n system. (CVE-2021-4197)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and\n SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a\n user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory\n object. (CVE-2021-44733)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information\n leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based\n attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network\n protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more\n buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends\n a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.\n This flaw allows a remote user to crash the system or possibly escalate their privileges if they have\n access to the TIPC network. (CVE-2022-0435)\n\n - A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c\n in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system\n Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. (CVE-2022-0487)\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the\n kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups\n v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - A flaw was found in the way the 'flags' member of the new pipe buffer structure was lacking proper\n initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus\n contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache\n backed by read only files and as such escalate their privileges on the system. (CVE-2022-0847)\n\n - A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().\n This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in\n privilege escalation. (CVE-2022-1011)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\n - An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The\n RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive\n information from kernel memory. (CVE-2022-25375)\n\n - st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has\n EVT_TRANSACTION buffer overflows because of untrusted length parameters. (CVE-2022-26490)\n\n - An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to\n obtain sensitive information from heap memory via crafted frame lengths from a device. (CVE-2022-26966)\n\n - In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not\n validated and might be manipulated by the host for out-of-array access. (CVE-2022-27223)\n\n - A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and\n net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap\n objects and may cause a local privilege escalation threat. (CVE-2022-27666)\n\n - kernel: xfs: raw block device data leak in XFS_IOC_ALLOCSP IOCTL (CVE-2021-4155)\n\n - A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures.\n Internal memory locations could be returned to userspace. A local attacker with the permissions to insert\n eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit\n mitigations in place for the kernel. (CVE-2021-4159)\n\n - kernel: failing usercopy allows for use-after-free exploitation (CVE-2022-22942)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2026\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?667fb949\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0435\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-27223\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Dirty Pipe Local Privilege Escalation via CVE-2022-0847');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.10.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.10.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.10.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"kernel-4.18.0-147.5.2.5.h873.eulerosv2r10\",\n \"kernel-abi-stablelists-4.18.0-147.5.2.5.h873.eulerosv2r10\",\n \"kernel-tools-4.18.0-147.5.2.5.h873.eulerosv2r10\",\n \"kernel-tools-libs-4.18.0-147.5.2.5.h873.eulerosv2r10\",\n \"python3-perf-4.18.0-147.5.2.5.h873.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:32:34", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - In memzero_explicit of compiler-clang.h, there is a possible bypass of defense in depth due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. (CVE-2021-0938)\n\n - A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (CVE-2021-22600)\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as 'driver domains'.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may allow an authenticated user to potentially enable denial of service via local access. (CVE-2021-33098)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-150694665References: Upstream kernel (CVE-2021-39633)\n\n - In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210292376References: Upstream kernel (CVE-2021-39685)\n\n - In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (CVE-2021-39698)\n\n - A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them. (CVE-2021-4155)\n\n - A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures.\n Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. (CVE-2021-4159)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. (CVE-2021-44733)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. (CVE-2022-0487)\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - A flaw was found in the way the 'flags' member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. (CVE-2022-0847)\n\n - A flaw use after free in the Linux kernel FUSE filesystem was found in the way user triggers write(). A local user could use this flaw to get some unauthorized access to some data from the FUSE filesystem and as result potentially privilege escalation too. (CVE-2022-1011)\n\n - The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.\n (CVE-2022-22942)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\n - An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory. (CVE-2022-25375)\n\n - st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. (CVE-2022-26490)\n\n - An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. (CVE-2022-26966)\n\n - In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access. (CVE-2022-27223)\n\n - A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat. (CVE-2022-27666)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-07-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.10.1 : kernel (EulerOS-SA-2022-2054)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-29569", "CVE-2021-0938", "CVE-2021-22600", "CVE-2021-28711", "CVE-2021-28712", "CVE-2021-28713", "CVE-2021-33098", "CVE-2021-3772", "CVE-2021-39633", "CVE-2021-39685", "CVE-2021-39698", "CVE-2021-4155", "CVE-2021-4159", "CVE-2021-4197", "CVE-2021-4203", "CVE-2021-44733", "CVE-2021-45485", "CVE-2022-0322", "CVE-2022-0487", "CVE-2022-0492", "CVE-2022-0617", "CVE-2022-0847", "CVE-2022-1011", "CVE-2022-22942", "CVE-2022-24448", "CVE-2022-25375", "CVE-2022-26490", "CVE-2022-26966", "CVE-2022-27223", "CVE-2022-27666"], "modified": "2023-01-13T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "cpe:/o:huawei:euleros:uvp:2.10.1"], "id": "EULEROS_SA-2022-2054.NASL", "href": "https://www.tenable.com/plugins/nessus/163156", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163156);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/13\");\n\n script_cve_id(\n \"CVE-2020-29569\",\n \"CVE-2021-0938\",\n \"CVE-2021-3772\",\n \"CVE-2021-4155\",\n \"CVE-2021-4159\",\n \"CVE-2021-4197\",\n \"CVE-2021-4203\",\n \"CVE-2021-22600\",\n \"CVE-2021-28711\",\n \"CVE-2021-28712\",\n \"CVE-2021-28713\",\n \"CVE-2021-33098\",\n \"CVE-2021-39633\",\n \"CVE-2021-39685\",\n \"CVE-2021-39698\",\n \"CVE-2021-44733\",\n \"CVE-2021-45485\",\n \"CVE-2022-0322\",\n \"CVE-2022-0487\",\n \"CVE-2022-0492\",\n \"CVE-2022-0617\",\n \"CVE-2022-0847\",\n \"CVE-2022-1011\",\n \"CVE-2022-22942\",\n \"CVE-2022-24448\",\n \"CVE-2022-25375\",\n \"CVE-2022-26490\",\n \"CVE-2022-26966\",\n \"CVE-2022-27223\",\n \"CVE-2022-27666\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/02\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/16\");\n\n script_name(english:\"EulerOS Virtualization 2.10.1 : kernel (EulerOS-SA-2022-2054)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux\n kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped.\n However, the handler may not have time to run if the frontend quickly toggles between the states connect\n and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving\n guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege\n escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.\n (CVE-2020-29569)\n\n - In memzero_explicit of compiler-clang.h, there is a possible bypass of defense in depth due to\n uninitialized data. This could lead to local information disclosure with no additional execution\n privileges needed. User interaction is not needed for exploitation. (CVE-2021-0938)\n\n - A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through\n crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected\n versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (CVE-2021-22600)\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to\n multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the\n ability to run PV backends in regular unprivileged guests, typically referred to as 'driver domains'.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets\n compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain\n could try to attack other guests via sending events at a high frequency leading to a Denial of Service in\n the guest due to trying to service interrupts for elongated amounts of time. There are three affected\n backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch\n 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may allow\n an authenticated user to potentially enable denial of service via local access. (CVE-2021-33098)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP\n association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and\n the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This\n could lead to local information disclosure with no additional execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-150694665References: Upstream kernel (CVE-2021-39633)\n\n - In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an\n incorrect flag check. This could lead to local escalation of privilege with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-210292376References: Upstream kernel (CVE-2021-39685)\n\n - In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This\n could lead to local escalation of privilege with no additional execution privileges needed. User\n interaction is not needed for exploitation. (CVE-2021-39698)\n\n - A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size\n increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS\n filesystem otherwise not accessible to them. (CVE-2021-4155)\n\n - A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures.\n Internal memory locations could be returned to userspace. A local attacker with the permissions to insert\n eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit\n mitigations in place for the kernel. (CVE-2021-4159)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces\n subsystem was found in the way users have access to some less privileged process that are controlled by\n cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of\n control groups. A local user could use this flaw to crash the system or escalate their privileges on the\n system. (CVE-2021-4197)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and\n SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a\n user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory\n object. (CVE-2021-44733)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information\n leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based\n attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network\n protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more\n buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c\n in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system\n Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. (CVE-2022-0487)\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the\n kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups\n v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - A flaw was found in the way the 'flags' member of the new pipe buffer structure was lacking proper\n initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus\n contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache\n backed by read only files and as such escalate their privileges on the system. (CVE-2022-0847)\n\n - A flaw use after free in the Linux kernel FUSE filesystem was found in the way user triggers write(). A\n local user could use this flaw to get some unauthorized access to some data from the FUSE filesystem and\n as result potentially privilege escalation too. (CVE-2022-1011)\n\n - The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes.\n (CVE-2022-22942)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\n - An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The\n RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive\n information from kernel memory. (CVE-2022-25375)\n\n - st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has\n EVT_TRANSACTION buffer overflows because of untrusted length parameters. (CVE-2022-26490)\n\n - An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to\n obtain sensitive information from heap memory via crafted frame lengths from a device. (CVE-2022-26966)\n\n - In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not\n validated and might be manipulated by the host for out-of-array access. (CVE-2022-27223)\n\n - A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and\n net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap\n objects and may cause a local privilege escalation threat. (CVE-2022-27666)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2054\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?203f9602\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0847\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-27223\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Dirty Pipe Local Privilege Escalation via CVE-2022-0847');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.10.1\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.10.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.10.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"kernel-4.19.90-vhulk2202.2.0.h1064.eulerosv2r10\",\n \"kernel-tools-4.19.90-vhulk2202.2.0.h1064.eulerosv2r10\",\n \"kernel-tools-libs-4.19.90-vhulk2202.2.0.h1064.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:50:50", "description": "The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0366-1 advisory.\n\n - The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c.\n (CVE-2018-25020)\n\n - An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.\n (CVE-2019-15126)\n\n - A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if unbind the driver). (CVE-2020-27820)\n\n - In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References:\n Upstream kernel (CVE-2021-0920)\n\n - In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168607263References:\n Upstream kernel (CVE-2021-0935)\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as driver domains.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default).\n Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time.\n (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714) (CVE-2021-28714, CVE-2021-28715)\n\n - Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may allow an authenticated user to potentially enable denial of service via local access. (CVE-2021-33098)\n\n - A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13. (CVE-2021-3564)\n\n - In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-160822094References: Upstream kernel (CVE-2021-39648)\n\n - In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-194696049References: Upstream kernel (CVE-2021-39657)\n\n - A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4002)\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4135)\n\n - A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem. (CVE-2021-4149)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)\n\n - A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem. (CVE-2021-4202)\n\n - In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (CVE-2021-43975)\n\n - In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).\n (CVE-2021-43976)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. (CVE-2021-44733)\n\n - pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.\n (CVE-2021-45095)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. (CVE-2021-45486)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. (CVE-2022-0330)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-11T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2022:0366-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-25020", "CVE-2019-15126", "CVE-2019-9500", "CVE-2019-9501", "CVE-2019-9502", "CVE-2019-9503", "CVE-2020-27820", "CVE-2021-0920", "CVE-2021-0935", "CVE-2021-28711", "CVE-2021-28712", "CVE-2021-28713", "CVE-2021-28714", "CVE-2021-28715", "CVE-2021-33098", "CVE-2021-3564", "CVE-2021-39648", "CVE-2021-39657", "CVE-2021-4002", "CVE-2021-4083", "CVE-2021-4135", "CVE-2021-4149", "CVE-2021-4197", "CVE-2021-4202", "CVE-2021-43975", "CVE-2021-43976", "CVE-2021-44733", "CVE-2021-45095", "CVE-2021-45486", "CVE-2022-0322", "CVE-2022-0330"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-197_105-default", "p-cpe:/a:novell:suse_linux:kernel-macros"], "id": "SUSE_SU-2022-0366-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157894", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0366-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157894);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2018-25020\",\n \"CVE-2019-15126\",\n \"CVE-2020-27820\",\n \"CVE-2021-0920\",\n \"CVE-2021-0935\",\n \"CVE-2021-3564\",\n \"CVE-2021-4002\",\n \"CVE-2021-4083\",\n \"CVE-2021-4135\",\n \"CVE-2021-4149\",\n \"CVE-2021-4197\",\n \"CVE-2021-4202\",\n \"CVE-2021-28711\",\n \"CVE-2021-28712\",\n \"CVE-2021-28713\",\n \"CVE-2021-28714\",\n \"CVE-2021-28715\",\n \"CVE-2021-33098\",\n \"CVE-2021-39648\",\n \"CVE-2021-39657\",\n \"CVE-2021-43975\",\n \"CVE-2021-43976\",\n \"CVE-2021-44733\",\n \"CVE-2021-45095\",\n \"CVE-2021-45486\",\n \"CVE-2022-0322\",\n \"CVE-2022-0330\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0366-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2022:0366-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:0366-1 advisory.\n\n - The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an\n instruction sequence where inner instructions require substantial expansions into multiple BPF\n instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c.\n (CVE-2018-25020)\n\n - An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can\n cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi\n encryption with a consequent possibility of information disclosure over the air for a discrete set of\n traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.\n (CVE-2019-15126)\n\n - A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could\n happen if removing device (that is not common to remove video card physically without power-off, but same\n happens if unbind the driver). (CVE-2020-27820)\n\n - In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This\n could lead to local escalation of privilege with System execution privileges needed. User interaction is\n not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References:\n Upstream kernel (CVE-2021-0920)\n\n - In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. This could\n lead to local escalation of privilege with System execution privileges needed. User interaction is not\n needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168607263References:\n Upstream kernel (CVE-2021-0935)\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to\n multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the\n ability to run PV backends in regular unprivileged guests, typically referred to as driver domains.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets\n compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain\n could try to attack other guests via sending events at a high frequency leading to a Denial of Service in\n the guest due to trying to service interrupts for elongated amounts of time. There are three affected\n backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch\n 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record\n relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.]\n Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is\n ready to process them. There are some measures taken for avoiding to pile up too much data, but those can\n be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming\n new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default).\n Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time.\n (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in\n its RX queue ring page and the next package would require more than one free slot, which may be the case\n when using GSO, XDP, or software hashing. (CVE-2021-28714) (CVE-2021-28714, CVE-2021-28715)\n\n - Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may allow\n an authenticated user to potentially enable denial of service via local access. (CVE-2021-33098)\n\n - A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in\n the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the\n system. This flaw affects all the Linux kernel versions starting from 3.13. (CVE-2021-3564)\n\n - In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a\n race condition. This could lead to local information disclosure with System execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-160822094References: Upstream kernel (CVE-2021-39648)\n\n - In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing\n bounds check. This could lead to local information disclosure with System execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-194696049References: Upstream kernel (CVE-2021-39657)\n\n - A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some\n regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the\n memory pages. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4002)\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket\n file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race\n condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - A memory leak vulnerability was found in the Linux kernel's eBPF for the Simulated networking device\n driver in the way user uses BPF for the device such that function nsim_map_alloc_elem being called. A\n local user could use this flaw to get unauthorized access to some data. (CVE-2021-4135)\n\n - A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an\n improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of\n service (DOS) due to a deadlock problem. (CVE-2021-4149)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces\n subsystem was found in the way users have access to some less privileged process that are controlled by\n cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of\n control groups. A local user could use this flaw to crash the system or escalate their privileges on the\n system. (CVE-2021-4197)\n\n - A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in\n the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem\n while the device is getting removed, leading to a privilege escalation problem. (CVE-2021-4202)\n\n - In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in\n drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a\n crafted device) to trigger an out-of-bounds write via a crafted length value. (CVE-2021-43975)\n\n - In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows\n an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).\n (CVE-2021-43976)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory\n object. (CVE-2021-44733)\n\n - pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.\n (CVE-2021-45095)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak\n because the hash table is very small. (CVE-2021-45486)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network\n protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more\n buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the\n way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or\n escalate their privileges on the system. (CVE-2022-0330)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1071995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1124431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1167162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1169514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1172073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186207\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189841\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191229\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191731\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192267\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192845\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192847\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193731\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193927\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194087\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194227\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194880\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195254\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-25020\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15126\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-0920\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-0935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28712\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28714\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33098\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-39648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-39657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4083\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4135\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4202\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44733\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-45095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-45486\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0330\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-February/010214.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2d04b7d2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4197\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-0330\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-197_105-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP1\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-default-4.12.14-197.105.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'kernel-default-base-4.12.14-197.105.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'kernel-default-devel-4.12.14-197.105.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'kernel-devel-4.12.14-197.105.1', 'sp':'1', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'kernel-macros-4.12.14-197.105.1', 'sp':'1', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'kernel-obs-build-4.12.14-197.105.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'kernel-source-4.12.14-197.105.1', 'sp':'1', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'kernel-syms-4.12.14-197.105.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'reiserfs-kmp-default-4.12.14-197.105.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'kernel-default-4.12.14-197.105.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-default-4.12.14-197.105.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'kernel-default-base-4.12.14-197.105.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-default-base-4.12.14-197.105.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'kernel-default-devel-4.12.14-197.105.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-default-devel-4.12.14-197.105.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'kernel-devel-4.12.14-197.105.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'kernel-macros-4.12.14-197.105.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'kernel-obs-build-4.12.14-197.105.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-obs-build-4.12.14-197.105.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'kernel-source-4.12.14-197.105.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'kernel-syms-4.12.14-197.105.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-syms-4.12.14-197.105.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'kernel-default-4.12.14-197.105.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-default-4.12.14-197.105.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-default-base-4.12.14-197.105.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-default-base-4.12.14-197.105.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-default-devel-4.12.14-197.105.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-default-devel-4.12.14-197.105.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-devel-4.12.14-197.105.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'kernel-macros-4.12.14-197.105.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'kernel-obs-build-4.12.14-197.105.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-obs-build-4.12.14-197.105.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-source-4.12.14-197.105.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'kernel-syms-4.12.14-197.105.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-syms-4.12.14-197.105.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'cluster-md-kmp-default-4.12.14-197.105.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.1']},\n {'reference':'dlm-kmp-default-4.12.14-197.105.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.1']},\n {'reference':'gfs2-kmp-default-4.12.14-197.105.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.1']},\n {'reference':'ocfs2-kmp-default-4.12.14-197.105.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.1']},\n {'reference':'kernel-default-livepatch-4.12.14-197.105.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.1']},\n {'reference':'kernel-default-livepatch-devel-4.12.14-197.105.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.1']},\n {'reference':'kernel-livepatch-4_12_14-197_105-default-1-3.3.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.1']},\n {'reference':'kernel-default-4.12.14-197.105.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'kernel-default-base-4.12.14-197.105.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'kernel-default-devel-4.12.14-197.105.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'kernel-default-man-4.12.14-197.105.1', 'sp':'1', 'cpu':'s390x', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'kernel-obs-build-4.12.14-197.105.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'kernel-syms-4.12.14-197.105.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'reiserfs-kmp-default-4.12.14-197.105.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'reiserfs-kmp-default-4.12.14-197.105.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-15.1']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:52:20", "description": "The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0367-1 advisory.\n\n - The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c.\n (CVE-2018-25020)\n\n - An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.\n (CVE-2019-15126)\n\n - A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if unbind the driver). (CVE-2020-27820)\n\n - In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References:\n Upstream kernel (CVE-2021-0920)\n\n - In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168607263References:\n Upstream kernel (CVE-2021-0935)\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as driver domains.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default).\n Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time.\n (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714) (CVE-2021-28714, CVE-2021-28715)\n\n - Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may allow an authenticated user to potentially enable denial of service via local access. (CVE-2021-33098)\n\n - A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13. (CVE-2021-3564)\n\n - In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-160822094References: Upstream kernel (CVE-2021-39648)\n\n - In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-194696049References: Upstream kernel (CVE-2021-39657)\n\n - A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4002)\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of service (DOS) due to a deadlock problem. (CVE-2021-4149)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)\n\n - A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem. (CVE-2021-4202)\n\n - In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (CVE-2021-43975)\n\n - In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).\n (CVE-2021-43976)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. (CVE-2021-44733)\n\n - pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.\n (CVE-2021-45095)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. (CVE-2021-45486)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. (CVE-2022-0330)\n\n - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.\n This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network. (CVE-2022-0435)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-11T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2022:0367-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-25020", "CVE-2019-15126", "CVE-2019-9500", "CVE-2019-9501", "CVE-2019-9502", "CVE-2019-9503", "CVE-2020-27820", "CVE-2021-0920", "CVE-2021-0935", "CVE-2021-28711", "CVE-2021-28712", "CVE-2021-28713", "CVE-2021-28714", "CVE-2021-28715", "CVE-2021-33098", "CVE-2021-3564", "CVE-2021-39648", "CVE-2021-39657", "CVE-2021-4002", "CVE-2021-4083", "CVE-2021-4149", "CVE-2021-4197", "CVE-2021-4202", "CVE-2021-43975", "CVE-2021-43976", "CVE-2021-44733", "CVE-2021-45095", "CVE-2021-45486", "CVE-2022-0322", "CVE-2022-0330", "CVE-2022-0435"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150_83-default", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-0367-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157895", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0367-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157895);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2018-25020\",\n \"CVE-2019-15126\",\n \"CVE-2020-27820\",\n \"CVE-2021-0920\",\n \"CVE-2021-0935\",\n \"CVE-2021-3564\",\n \"CVE-2021-4002\",\n \"CVE-2021-4083\",\n \"CVE-2021-4149\",\n \"CVE-2021-4197\",\n \"CVE-2021-4202\",\n \"CVE-2021-28711\",\n \"CVE-2021-28712\",\n \"CVE-2021-28713\",\n \"CVE-2021-28714\",\n \"CVE-2021-28715\",\n \"CVE-2021-33098\",\n \"CVE-2021-39648\",\n \"CVE-2021-39657\",\n \"CVE-2021-43975\",\n \"CVE-2021-43976\",\n \"CVE-2021-44733\",\n \"CVE-2021-45095\",\n \"CVE-2021-45486\",\n \"CVE-2022-0322\",\n \"CVE-2022-0330\",\n \"CVE-2022-0435\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0367-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2022:0367-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:0367-1 advisory.\n\n - The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an\n instruction sequence where inner instructions require substantial expansions into multiple BPF\n instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c.\n (CVE-2018-25020)\n\n - An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can\n cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi\n encryption with a consequent possibility of information disclosure over the air for a discrete set of\n traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.\n (CVE-2019-15126)\n\n - A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could\n happen if removing device (that is not common to remove video card physically without power-off, but same\n happens if unbind the driver). (CVE-2020-27820)\n\n - In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This\n could lead to local escalation of privilege with System execution privileges needed. User interaction is\n not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References:\n Upstream kernel (CVE-2021-0920)\n\n - In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. This could\n lead to local escalation of privilege with System execution privileges needed. User interaction is not\n needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168607263References:\n Upstream kernel (CVE-2021-0935)\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to\n multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the\n ability to run PV backends in regular unprivileged guests, typically referred to as driver domains.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets\n compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain\n could try to attack other guests via sending events at a high frequency leading to a Denial of Service in\n the guest due to trying to service interrupts for elongated amounts of time. There are three affected\n backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch\n 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record\n relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.]\n Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is\n ready to process them. There are some measures taken for avoiding to pile up too much data, but those can\n be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming\n new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default).\n Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time.\n (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in\n its RX queue ring page and the next package would require more than one free slot, which may be the case\n when using GSO, XDP, or software hashing. (CVE-2021-28714) (CVE-2021-28714, CVE-2021-28715)\n\n - Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may allow\n an authenticated user to potentially enable denial of service via local access. (CVE-2021-33098)\n\n - A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in\n the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the\n system. This flaw affects all the Linux kernel versions starting from 3.13. (CVE-2021-3564)\n\n - In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a\n race condition. This could lead to local information disclosure with System execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-160822094References: Upstream kernel (CVE-2021-39648)\n\n - In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing\n bounds check. This could lead to local information disclosure with System execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-194696049References: Upstream kernel (CVE-2021-39657)\n\n - A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some\n regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the\n memory pages. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4002)\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket\n file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race\n condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - A vulnerability was found in btrfs_alloc_tree_b in fs/btrfs/extent-tree.c in the Linux kernel due to an\n improper lock operation in btrfs. In this flaw, a user with a local privilege may cause a denial of\n service (DOS) due to a deadlock problem. (CVE-2021-4149)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces\n subsystem was found in the way users have access to some less privileged process that are controlled by\n cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of\n control groups. A local user could use this flaw to crash the system or escalate their privileges on the\n system. (CVE-2021-4197)\n\n - A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in\n the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem\n while the device is getting removed, leading to a privilege escalation problem. (CVE-2021-4202)\n\n - In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in\n drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a\n crafted device) to trigger an out-of-bounds write via a crafted length value. (CVE-2021-43975)\n\n - In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows\n an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).\n (CVE-2021-43976)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory\n object. (CVE-2021-44733)\n\n - pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.\n (CVE-2021-45095)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak\n because the hash table is very small. (CVE-2021-45486)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network\n protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more\n buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the\n way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or\n escalate their privileges on the system. (CVE-2022-0330)\n\n - A stack overflow flaw was found in the Linux kernel's TIPC protocol functionality in the way a user sends\n a packet with malicious content where the number of domain member nodes is higher than the 64 allowed.\n This flaw allows a remote user to crash the system or possibly escalate their privileges if they have\n access to the TIPC network. (CVE-2022-0435)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1071995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1124431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1167162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1169514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1172073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186207\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189841\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191229\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191731\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192267\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192845\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192847\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193731\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194087\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194227\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194880\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195254\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-25020\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15126\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-0920\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-0935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28712\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28714\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33098\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-39648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-39657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4083\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4202\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44733\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-45095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-45486\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0435\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-February/010213.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3ea2da73\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0435\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150_83-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(0)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP0\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-default-4.12.14-150.83.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'kernel-default-base-4.12.14-150.83.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'kernel-default-devel-4.12.14-150.83.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'kernel-devel-4.12.14-150.83.1', 'sp':'0', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'kernel-macros-4.12.14-150.83.1', 'sp':'0', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'kernel-obs-build-4.12.14-150.83.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'kernel-source-4.12.14-150.83.1', 'sp':'0', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'kernel-syms-4.12.14-150.83.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'kernel-vanilla-base-4.12.14-150.83.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'reiserfs-kmp-default-4.12.14-150.83.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'kernel-default-4.12.14-150.83.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-4.12.14-150.83.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-4.12.14-150.83.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-4.12.14-150.83.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-base-4.12.14-150.83.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-base-4.12.14-150.83.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-base-4.12.14-150.83.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-base-4.12.14-150.83.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-devel-4.12.14-150.83.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-devel-4.12.14-150.83.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-devel-4.12.14-150.83.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-devel-4.12.14-150.83.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-devel-4.12.14-150.83.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-devel-4.12.14-150.83.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},\n {'reference':'kernel-macros-4.12.14-150.83.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-macros-4.12.14-150.83.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},\n {'reference':'kernel-obs-build-4.12.14-150.83.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-obs-build-4.12.14-150.83.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-obs-build-4.12.14-150.83.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-obs-build-4.12.14-150.83.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-source-4.12.14-150.83.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-source-4.12.14-150.83.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},\n {'reference':'kernel-syms-4.12.14-150.83.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-syms-4.12.14-150.83.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-syms-4.12.14-150.83.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-syms-4.12.14-150.83.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-vanilla-base-4.12.14-150.83.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-vanilla-base-4.12.14-150.83.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-vanilla-base-4.12.14-150.83.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-vanilla-base-4.12.14-150.83.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'cluster-md-kmp-default-4.12.14-150.83.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15']},\n {'reference':'dlm-kmp-default-4.12.14-150.83.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15']},\n {'reference':'gfs2-kmp-default-4.12.14-150.83.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15']},\n {'reference':'ocfs2-kmp-default-4.12.14-150.83.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15']},\n {'reference':'kernel-default-livepatch-4.12.14-150.83.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15']},\n {'reference':'kernel-livepatch-4_12_14-150_83-default-1-1.5.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15']},\n {'reference':'kernel-default-4.12.14-150.83.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'kernel-default-base-4.12.14-150.83.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'kernel-default-devel-4.12.14-150.83.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'kernel-default-man-4.12.14-150.83.1', 'sp':'0', 'cpu':'s390x', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'kernel-obs-build-4.12.14-150.83.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'kernel-syms-4.12.14-150.83.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'kernel-vanilla-base-4.12.14-150.83.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'reiserfs-kmp-default-4.12.14-150.83.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:41:23", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0366-1 advisory.\n\n - The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an instruction sequence where inner instructions require substantial expansions into multiple BPF instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c.\n (CVE-2018-25020)\n\n - An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of information disclosure over the air for a discrete set of traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.\n (CVE-2019-15126)\n\n - A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if unbind the driver). (CVE-2020-27820)\n\n - In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References:\n Upstream kernel (CVE-2021-0920)\n\n - In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168607263References:\n Upstream kernel (CVE-2021-0935)\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as driver domains.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default).\n Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time.\n (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714) (CVE-2021-28714, CVE-2021-28715)\n\n - Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may allow an authenticated user to potentially enable denial of service via local access. (CVE-2021-33098)\n\n - A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13. (CVE-2021-3564)\n\n - In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a race condition. This could lead to local information disclosure with System execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-160822094References: Upstream kernel (CVE-2021-39648)\n\n - In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-194696049References: Upstream kernel (CVE-2021-39657)\n\n - A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.\n (CVE-2021-3640) (CVE-2021-4002)\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - A denial of service flaw for virtual machine guests in the Linux kernel's Xen hypervisor subsystem was found in the way users call some interrupts with high frequency from one of the guests.A local user could use this flaw to starve the resources resulting in a denial of service. (CVE-2021-28711) (CVE-2021-4135)\n\n - In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (CVE-2021-43975)\n\n - In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).\n (CVE-2021-43976)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. (CVE-2021-44733)\n\n - pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.\n (CVE-2021-45095)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. (CVE-2021-45486)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-11T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : kernel (openSUSE-SU-2022:0366-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-25020", "CVE-2019-15126", "CVE-2019-9500", "CVE-2019-9501", "CVE-2019-9502", "CVE-2019-9503", "CVE-2020-27820", "CVE-2021-0920", "CVE-2021-0935", "CVE-2021-28711", "CVE-2021-28712", "CVE-2021-28713", "CVE-2021-28714", "CVE-2021-28715", "CVE-2021-33098", "CVE-2021-3564", "CVE-2021-3640", "CVE-2021-39648", "CVE-2021-39657", "CVE-2021-4002", "CVE-2021-4083", "CVE-2021-4135", "CVE-2021-4149", "CVE-2021-4197", "CVE-2021-4202", "CVE-2021-43975", "CVE-2021-43976", "CVE-2021-44733", "CVE-2021-45095", "CVE-2021-45486", "CVE-2022-0322", "CVE-2022-0330"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-default-man", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-livepatch-devel", "p-cpe:/a:novell:opensuse:kernel-zfcpdump-man", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-0366-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157889", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:0366-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157889);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2018-25020\",\n \"CVE-2019-15126\",\n \"CVE-2020-27820\",\n \"CVE-2021-0920\",\n \"CVE-2021-0935\",\n \"CVE-2021-3564\",\n \"CVE-2021-4002\",\n \"CVE-2021-4083\",\n \"CVE-2021-4135\",\n \"CVE-2021-4149\",\n \"CVE-2021-4197\",\n \"CVE-2021-4202\",\n \"CVE-2021-28711\",\n \"CVE-2021-28712\",\n \"CVE-2021-28713\",\n \"CVE-2021-28714\",\n \"CVE-2021-28715\",\n \"CVE-2021-33098\",\n \"CVE-2021-39648\",\n \"CVE-2021-39657\",\n \"CVE-2021-43975\",\n \"CVE-2021-43976\",\n \"CVE-2021-44733\",\n \"CVE-2021-45095\",\n \"CVE-2021-45486\",\n \"CVE-2022-0322\",\n \"CVE-2022-0330\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n\n script_name(english:\"openSUSE 15 Security Update : kernel (openSUSE-SU-2022:0366-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:0366-1 advisory.\n\n - The BPF subsystem in the Linux kernel before 4.17 mishandles situations with a long jump over an\n instruction sequence where inner instructions require substantial expansions into multiple BPF\n instructions, leading to an overflow. This affects kernel/bpf/core.c and net/core/filter.c.\n (CVE-2018-25020)\n\n - An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can\n cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi\n encryption with a consequent possibility of information disclosure over the air for a discrete set of\n traffic, a different vulnerability than CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.\n (CVE-2019-15126)\n\n - A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could\n happen if removing device (that is not common to remove video card physically without power-off, but same\n happens if unbind the driver). (CVE-2020-27820)\n\n - In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This\n could lead to local escalation of privilege with System execution privileges needed. User interaction is\n not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196926917References:\n Upstream kernel (CVE-2021-0920)\n\n - In ip6_xmit of ip6_output.c, there is a possible out of bounds write due to a use after free. This could\n lead to local escalation of privilege with System execution privileges needed. User interaction is not\n needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168607263References:\n Upstream kernel (CVE-2021-0935)\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to\n multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the\n ability to run PV backends in regular unprivileged guests, typically referred to as driver domains.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets\n compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain\n could try to attack other guests via sending events at a high frequency leading to a Denial of Service in\n the guest due to trying to service interrupts for elongated amounts of time. There are three affected\n backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch\n 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record\n relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.]\n Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is\n ready to process them. There are some measures taken for avoiding to pile up too much data, but those can\n be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming\n new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default).\n Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time.\n (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in\n its RX queue ring page and the next package would require more than one free slot, which may be the case\n when using GSO, XDP, or software hashing. (CVE-2021-28714) (CVE-2021-28714, CVE-2021-28715)\n\n - Improper input validation in the Intel(R) Ethernet ixgbe driver for Linux before version 3.17.3 may allow\n an authenticated user to potentially enable denial of service via local access. (CVE-2021-33098)\n\n - A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in\n the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the\n system. This flaw affects all the Linux kernel versions starting from 3.13. (CVE-2021-3564)\n\n - In gadget_dev_desc_UDC_show of configfs.c, there is a possible disclosure of kernel heap memory due to a\n race condition. This could lead to local information disclosure with System execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-160822094References: Upstream kernel (CVE-2021-39648)\n\n - In ufshcd_eh_device_reset_handler of ufshcd.c, there is a possible out of bounds read due to a missing\n bounds check. This could lead to local information disclosure with System execution privileges needed.\n User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-194696049References: Upstream kernel (CVE-2021-39657)\n\n - A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the\n way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del()\n together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A\n privileged local user could use this flaw to crash the system or escalate their privileges on the system.\n (CVE-2021-3640) (CVE-2021-4002)\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket\n file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race\n condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - A denial of service flaw for virtual machine guests in the Linux kernel's Xen hypervisor subsystem was\n found in the way users call some interrupts with high frequency from one of the guests.A local user could\n use this flaw to starve the resources resulting in a denial of service. (CVE-2021-28711) (CVE-2021-4135)\n\n - In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in\n drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a\n crafted device) to trigger an out-of-bounds write via a crafted length value. (CVE-2021-43975)\n\n - In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows\n an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).\n (CVE-2021-43976)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory\n object. (CVE-2021-44733)\n\n - pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.\n (CVE-2021-45095)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak\n because the hash table is very small. (CVE-2021-45486)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1071995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1124431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1167162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1169514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1172073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1184804\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186207\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1186222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189841\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191229\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191384\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191731\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192267\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192740\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192845\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192847\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193731\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193927\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194087\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194227\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194880\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195254\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/CFUCZRWH2IP7FOHVYO3TO3G5PFWQXLP6/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d4dcf2ef\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-25020\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-15126\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-0920\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-0935\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28712\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28714\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33098\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3564\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-39648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-39657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4083\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4135\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4202\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-43976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-44733\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-45095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-45486\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-0330\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4197\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-0330\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-zfcpdump-man\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'kernel-debug-base-4.12.14-197.105.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-default-man-4.12.14-197.105.1', 'cpu':'s390x', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kvmsmall-base-4.12.14-197.105.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-vanilla-4.12.14-197.105.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-vanilla-base-4.12.14-197.105.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-vanilla-devel-4.12.14-197.105.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-vanilla-livepatch-devel-4.12.14-197.105.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-man-4.12.14-197.105.1', 'cpu':'s390x', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-debug-base / kernel-default-man / kernel-kvmsmall-base / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-27T15:19:34", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1975 advisory.\n\n - kernel: avoid cyclic entity chains due to malformed USB descriptors (CVE-2020-0404)\n\n - kernel: integer overflow in k_ascii() in drivers/tty/vt/keyboard.c (CVE-2020-13974)\n\n - kernel: use-after-free in nouveau kernel module (CVE-2020-27820)\n\n - kernel: out-of-bounds read in bpf_skb_change_head() of filter.c due to a use-after-free (CVE-2021-0941)\n\n - kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies (CVE-2021-20322)\n\n - hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715 (CVE-2021-26401)\n\n - kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation (CVE-2021-29154)\n\n - kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP() (CVE-2021-3612)\n\n - kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts (CVE-2021-3669)\n\n - kernel: use-after-free in hso_free_net_device() in drivers/net/usb/hso.c (CVE-2021-37159)\n\n - kernel: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c (CVE-2021-3743)\n\n - kernel: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() (CVE-2021-3744)\n\n - kernel: possible use-after-free in bluetooth module (CVE-2021-3752)\n\n - kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks (CVE-2021-3759)\n\n - kernel: DoS in ccp_run_aes_gcm_cmd() function (CVE-2021-3764)\n\n - kernel: sctp: Invalid chunks may be used to remotely remove existing associations (CVE-2021-3772)\n\n - kernel: lack of port sanity checking in natd and netfilter leads to exploit of OpenVPN clients (CVE-2021-3773)\n\n - kernel: possible leak or coruption of data residing on hugetlbfs (CVE-2021-4002)\n\n - kernel: security regression for CVE-2018-13405 (CVE-2021-4037)\n\n - kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)\n\n - kernel: Buffer overwrite in decode_nfs_fh function (CVE-2021-4157)\n\n - kernel: eBPF multiplication integer overflow in prealloc_elems_and_freelist() in kernel/bpf/stackmap.c leads to out-of-bounds write (CVE-2021-41864)\n\n - kernel: cgroup: Use open-time creds and namespace for migration perm checks (CVE-2021-4197)\n\n - kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses (CVE-2021-4203)\n\n - kernel: Heap buffer overflow in firedtv driver (CVE-2021-42739)\n\n - kernel: an array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (CVE-2021-43389)\n\n - kernel: mwifiex_usb_recv() in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker to cause DoS via crafted USB device (CVE-2021-43976)\n\n - kernel: use-after-free in the TEE subsystem (CVE-2021-44733)\n\n - kernel: information leak in the IPv6 implementation (CVE-2021-45485)\n\n - kernel: information leak in the IPv4 implementation (CVE-2021-45486)\n\n - hw: cpu: intel: Branch History Injection (BHI) (CVE-2022-0001)\n\n - hw: cpu: intel: Intra-Mode BTI (CVE-2022-0002)\n\n - kernel: Local denial of service in bond_ipsec_add_sa (CVE-2022-0286)\n\n - kernel: DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c (CVE-2022-0322)\n\n - kernel: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes (CVE-2022-1011)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-11T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel-rt (RHSA-2022:1975)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2018-13405", "CVE-2020-0404", "CVE-2020-13974", "CVE-2020-27820", "CVE-2021-0941", "CVE-2021-20322", "CVE-2021-26401", "CVE-2021-29154", "CVE-2021-3612", "CVE-2021-3669", "CVE-2021-37159", "CVE-2021-3743", "CVE-2021-3744", "CVE-2021-3752", "CVE-2021-3759", "CVE-2021-3764", "CVE-2021-3772", "CVE-2021-3773", "CVE-2021-4002", "CVE-2021-4037", "CVE-2021-4083", "CVE-2021-4157", "CVE-2021-41864", "CVE-2021-4197", "CVE-2021-4203", "CVE-2021-42739", "CVE-2021-43389", "CVE-2021-43976", "CVE-2021-44733", "CVE-2021-45485", "CVE-2021-45486", "CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0286", "CVE-2022-0322", "CVE-2022-1011"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra"], "id": "REDHAT-RHSA-2022-1975.NASL", "href": "https://www.tenable.com/plugins/nessus/161034", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:1975. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161034);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2020-0404\",\n \"CVE-2020-13974\",\n \"CVE-2020-27820\",\n \"CVE-2021-0941\",\n \"CVE-2021-3612\",\n \"CVE-2021-3669\",\n \"CVE-2021-3743\",\n \"CVE-2021-3744\",\n \"CVE-2021-3752\",\n \"CVE-2021-3759\",\n \"CVE-2021-3764\",\n \"CVE-2021-3772\",\n \"CVE-2021-3773\",\n \"CVE-2021-4002\",\n \"CVE-2021-4037\",\n \"CVE-2021-4083\",\n \"CVE-2021-4157\",\n \"CVE-2021-4197\",\n \"CVE-2021-4203\",\n \"CVE-2021-20322\",\n \"CVE-2021-26401\",\n \"CVE-2021-29154\",\n \"CVE-2021-37159\",\n \"CVE-2021-41864\",\n \"CVE-2021-42739\",\n \"CVE-2021-43389\",\n \"CVE-2021-43976\",\n \"CVE-2021-44733\",\n \"CVE-2021-45485\",\n \"CVE-2021-45486\",\n \"CVE-2022-0001\",\n \"CVE-2022-0002\",\n \"CVE-2022-0286\",\n \"CVE-2022-0322\",\n \"CVE-2022-1011\"\n );\n script_xref(name:\"RHSA\", value:\"2022:1975\");\n\n script_name(english:\"RHEL 8 : kernel-rt (RHSA-2022:1975)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:1975 advisory.\n\n - kernel: avoid cyclic entity chains due to malformed USB descriptors (CVE-2020-0404)\n\n - kernel: integer overflow in k_ascii() in drivers/tty/vt/keyboard.c (CVE-2020-13974)\n\n - kernel: use-after-free in nouveau kernel module (CVE-2020-27820)\n\n - kernel: out-of-bounds read in bpf_skb_change_head() of filter.c due to a use-after-free (CVE-2021-0941)\n\n - kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies (CVE-2021-20322)\n\n - hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715 (CVE-2021-26401)\n\n - kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation\n (CVE-2021-29154)\n\n - kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP() (CVE-2021-3612)\n\n - kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts (CVE-2021-3669)\n\n - kernel: use-after-free in hso_free_net_device() in drivers/net/usb/hso.c (CVE-2021-37159)\n\n - kernel: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c (CVE-2021-3743)\n\n - kernel: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() (CVE-2021-3744)\n\n - kernel: possible use-after-free in bluetooth module (CVE-2021-3752)\n\n - kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks\n (CVE-2021-3759)\n\n - kernel: DoS in ccp_run_aes_gcm_cmd() function (CVE-2021-3764)\n\n - kernel: sctp: Invalid chunks may be used to remotely remove existing associations (CVE-2021-3772)\n\n - kernel: lack of port sanity checking in natd and netfilter leads to exploit of OpenVPN clients\n (CVE-2021-3773)\n\n - kernel: possible leak or coruption of data residing on hugetlbfs (CVE-2021-4002)\n\n - kernel: security regression for CVE-2018-13405 (CVE-2021-4037)\n\n - kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)\n\n - kernel: Buffer overwrite in decode_nfs_fh function (CVE-2021-4157)\n\n - kernel: eBPF multiplication integer overflow in prealloc_elems_and_freelist() in kernel/bpf/stackmap.c\n leads to out-of-bounds write (CVE-2021-41864)\n\n - kernel: cgroup: Use open-time creds and namespace for migration perm checks (CVE-2021-4197)\n\n - kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses (CVE-2021-4203)\n\n - kernel: Heap buffer overflow in firedtv driver (CVE-2021-42739)\n\n - kernel: an array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (CVE-2021-43389)\n\n - kernel: mwifiex_usb_recv() in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker to cause DoS\n via crafted USB device (CVE-2021-43976)\n\n - kernel: use-after-free in the TEE subsystem (CVE-2021-44733)\n\n - kernel: information leak in the IPv6 implementation (CVE-2021-45485)\n\n - kernel: information leak in the IPv4 implementation (CVE-2021-45486)\n\n - hw: cpu: intel: Branch History Injection (BHI) (CVE-2022-0001)\n\n - hw: cpu: intel: Intra-Mode BTI (CVE-2022-0002)\n\n - kernel: Local denial of service in bond_ipsec_add_sa (CVE-2022-0286)\n\n - kernel: DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c (CVE-2022-0322)\n\n - kernel: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes\n (CVE-2022-1011)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0404\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-13974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-0941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3743\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3759\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3764\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4037\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4083\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-26401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-37159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-41864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-42739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-44733\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-45485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-45486\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:1975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1901726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1919791\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1946684\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1951739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1974079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1985353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986473\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1997467\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1997961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1999544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1999675\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2000627\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2000694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2004949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2010463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2013180\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2014230\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016169\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2018205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2025003\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2025726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2027239\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2029923\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030747\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2034342\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2035652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2036934\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2037019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2039911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2039914\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2042822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2061700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2061712\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2061721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2064855\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3752\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3773\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 125, 129, 190, 200, 284, 287, 327, 330, 354, 362, 400, 401, 416, 459, 476, 681, 787, 908);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-0404', 'CVE-2020-13974', 'CVE-2020-27820', 'CVE-2021-0941', 'CVE-2021-3612', 'CVE-2021-3669', 'CVE-2021-3743', 'CVE-2021-3744', 'CVE-2021-3752', 'CVE-2021-3759', 'CVE-2021-3764', 'CVE-2021-3772', 'CVE-2021-3773', 'CVE-2021-4002', 'CVE-2021-4037', 'CVE-2021-4083', 'CVE-2021-4157', 'CVE-2021-4197', 'CVE-2021-4203', 'CVE-2021-20322', 'CVE-2021-26401', 'CVE-2021-29154', 'CVE-2021-37159', 'CVE-2021-41864', 'CVE-2021-42739', 'CVE-2021-43389', 'CVE-2021-43976', 'CVE-2021-44733', 'CVE-2021-45485', 'CVE-2021-45486', 'CVE-2022-0001', 'CVE-2022-0002', 'CVE-2022-0286', 'CVE-2022-0322', 'CVE-2022-1011');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2022:1975');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-4.18.0-372.9.1.rt7.166.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-372.9.1.rt7.166.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-372.9.1.rt7.166.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-372.9.1.rt7.166.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-372.9.1.rt7.166.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-372.9.1.rt7.166.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-372.9.1.rt7.166.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-372.9.1.rt7.166.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-372.9.1.rt7.166.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-372.9.1.rt7.166.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-372.9.1.rt7.166.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-372.9.1.rt7.166.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-4.18.0-372.9.1.rt7.166.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-372.9.1.rt7.166.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-372.9.1.rt7.166.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-372.9.1.rt7.166.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-372.9.1.rt7.166.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-372.9.1.rt7.166.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-372.9.1.rt7.166.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-372.9.1.rt7.166.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-372.9.1.rt7.166.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-372.9.1.rt7.166.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-372.9.1.rt7.166.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-372.9.1.rt7.166.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-27T15:20:19", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:1988 advisory.\n\n - In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel (CVE-2020-0404)\n\n - IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.\n (CVE-2020-4788)\n\n - An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case. (CVE-2020-13974)\n\n - A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if unbind the driver). (CVE-2020-27820)\n\n - In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154177719References:\n Upstream kernel (CVE-2021-0941)\n\n - An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3612)\n\n - An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel.\n A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. (CVE-2021-3743)\n\n - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).\n This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)\n\n - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3752)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks. (CVE-2021-3773)\n\n - A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4002)\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. (CVE-2021-20322)\n\n - An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process's memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11 (CVE-2021-21781)\n\n - LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.\n (CVE-2021-26401)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\n - hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.\n (CVE-2021-37159)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. (CVE-2021-41864)\n\n - A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-42739)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\n - An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (CVE-2021-43389)\n\n - In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).\n (CVE-2021-43976)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. (CVE-2021-44733)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. (CVE-2021-45486)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service. (CVE-2022-0286)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().\n This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. (CVE-2022-1011)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-12T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : kernel (ALSA-2022:1988)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2019-18808", "CVE-2020-0404", "CVE-2020-13974", "CVE-2020-27820", "CVE-2020-4788", "CVE-2021-0941", "CVE-2021-20322", "CVE-2021-21781", "CVE-2021-26401", "CVE-2021-29154", "CVE-2021-3612", "CVE-2021-3669", "CVE-2021-37159", "CVE-2021-3743", "CVE-2021-3744", "CVE-2021-3752", "CVE-2021-3759", "CVE-2021-3764", "CVE-2021-3772", "CVE-2021-3773", "CVE-2021-4002", "CVE-2021-4037", "CVE-2021-4083", "CVE-2021-4157", "CVE-2021-41864", "CVE-2021-4197", "CVE-2021-4203", "CVE-2021-42739", "CVE-2021-43056", "CVE-2021-43389", "CVE-2021-43976", "CVE-2021-44733", "CVE-2021-45485", "CVE-2021-45486", "CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0286", "CVE-2022-0322", "CVE-2022-1011"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:alma:linux:bpftool", "p-cpe:/a:alma:linux:kernel", "p-cpe:/a:alma:linux:kernel-abi-stablelists", "p-cpe:/a:alma:linux:kernel-core", "p-cpe:/a:alma:linux:kernel-cross-headers", "p-cpe:/a:alma:linux:kernel-debug", "p-cpe:/a:alma:linux:kernel-debug-core", "p-cpe:/a:alma:linux:kernel-debug-devel", "p-cpe:/a:alma:linux:kernel-debug-modules", "p-cpe:/a:alma:linux:kernel-debug-modules-extra", "p-cpe:/a:alma:linux:kernel-devel", "p-cpe:/a:alma:linux:kernel-headers", "p-cpe:/a:alma:linux:kernel-modules", "p-cpe:/a:alma:linux:kernel-modules-extra", "p-cpe:/a:alma:linux:kernel-tools", "p-cpe:/a:alma:linux:kernel-tools-libs", "p-cpe:/a:alma:linux:perf", "p-cpe:/a:alma:linux:python3-perf", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2022-1988.NASL", "href": "https://www.tenable.com/plugins/nessus/161093", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:1988.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161093);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2020-0404\",\n \"CVE-2020-4788\",\n \"CVE-2020-13974\",\n \"CVE-2020-27820\",\n \"CVE-2021-0941\",\n \"CVE-2021-3612\",\n \"CVE-2021-3669\",\n \"CVE-2021-3743\",\n \"CVE-2021-3744\",\n \"CVE-2021-3752\",\n \"CVE-2021-3759\",\n \"CVE-2021-3764\",\n \"CVE-2021-3772\",\n \"CVE-2021-3773\",\n \"CVE-2021-4002\",\n \"CVE-2021-4037\",\n \"CVE-2021-4083\",\n \"CVE-2021-4157\",\n \"CVE-2021-4197\",\n \"CVE-2021-4203\",\n \"CVE-2021-20322\",\n \"CVE-2021-21781\",\n \"CVE-2021-26401\",\n \"CVE-2021-29154\",\n \"CVE-2021-37159\",\n \"CVE-2021-41864\",\n \"CVE-2021-42739\",\n \"CVE-2021-43056\",\n \"CVE-2021-43389\",\n \"CVE-2021-43976\",\n \"CVE-2021-44733\",\n \"CVE-2021-45485\",\n \"CVE-2021-45486\",\n \"CVE-2022-0001\",\n \"CVE-2022-0002\",\n \"CVE-2022-0286\",\n \"CVE-2022-0322\",\n \"CVE-2022-1011\"\n );\n script_xref(name:\"ALSA\", value:\"2022:1988\");\n\n script_name(english:\"AlmaLinux 8 : kernel (ALSA-2022:1988)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2022:1988 advisory.\n\n - In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual\n root cause. This could lead to local escalation of privilege in the kernel with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-111893654References: Upstream kernel (CVE-2020-0404)\n\n - IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive\n information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.\n (CVE-2020-4788)\n\n - An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer\n overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community\n argue that the integer overflow does not lead to a security issue in this case. (CVE-2020-13974)\n\n - A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could\n happen if removing device (that is not common to remove video card physically without power-off, but same\n happens if unbind the driver). (CVE-2020-27820)\n\n - In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This\n could lead to local escalation of privilege with System execution privileges needed. User interaction is\n not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154177719References:\n Upstream kernel (CVE-2021-0941)\n\n - An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions\n before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the\n system or possibly escalate their privileges on the system. The highest threat from this vulnerability is\n to confidentiality, integrity, as well as system availability. (CVE-2021-3612)\n\n - An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel.\n A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system\n crash or a leak of internal kernel information. The highest threat from this vulnerability is to system\n availability. (CVE-2021-3743)\n\n - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in\n drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).\n This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)\n\n - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to\n the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the\n system or escalate their privileges. The highest threat from this vulnerability is to confidentiality,\n integrity, as well as system availability. (CVE-2021-3752)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP\n association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and\n the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint\n information for further use in traditional network attacks. (CVE-2021-3773)\n\n - A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some\n regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the\n memory pages. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4002)\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket\n file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race\n condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in\n the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could\n potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces\n subsystem was found in the way users have access to some less privileged process that are controlled by\n cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of\n control groups. A local user could use this flaw to crash the system or escalate their privileges on the\n system. (CVE-2021-4197)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and\n SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a\n user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux\n kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an\n off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this\n vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source\n port randomization are indirectly affected as well. (CVE-2021-20322)\n\n - An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66\n and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read\n the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process's\n memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222\n 4.19.177 5.4.99 5.10.17 5.11 (CVE-2021-21781)\n\n - LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.\n (CVE-2021-26401)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements,\n allowing them to execute arbitrary code within the kernel context. This affects\n arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\n - hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev\n without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.\n (CVE-2021-37159)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows\n unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds\n write. (CVE-2021-41864)\n\n - A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user\n calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or\n escalate privileges on the system. The highest threat from this vulnerability is to confidentiality,\n integrity, as well as system availability. (CVE-2021-42739)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to\n crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S\n implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\n - An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in\n the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (CVE-2021-43389)\n\n - In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows\n an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).\n (CVE-2021-43976)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory\n object. (CVE-2021-44733)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information\n leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based\n attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak\n because the hash table is very small. (CVE-2021-45486)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may\n allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an\n authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local\n denial of service. (CVE-2022-0286)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network\n protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more\n buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().\n This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in\n privilege escalation. (CVE-2022-1011)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2022-1988.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3752\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3773\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-0404', 'CVE-2020-4788', 'CVE-2020-13974', 'CVE-2020-27820', 'CVE-2021-0941', 'CVE-2021-3612', 'CVE-2021-3669', 'CVE-2021-3743', 'CVE-2021-3744', 'CVE-2021-3752', 'CVE-2021-3759', 'CVE-2021-3764', 'CVE-2021-3772', 'CVE-2021-3773', 'CVE-2021-4002', 'CVE-2021-4037', 'CVE-2021-4083', 'CVE-2021-4157', 'CVE-2021-4197', 'CVE-2021-4203', 'CVE-2021-20322', 'CVE-2021-21781', 'CVE-2021-26401', 'CVE-2021-29154', 'CVE-2021-37159', 'CVE-2021-41864', 'CVE-2021-42739', 'CVE-2021-43056', 'CVE-2021-43389', 'CVE-2021-43976', 'CVE-2021-44733', 'CVE-2021-45485', 'CVE-2021-45486', 'CVE-2022-0001', 'CVE-2022-0002', 'CVE-2022-0286', 'CVE-2022-0322', 'CVE-2022-1011');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ALSA-2022:1988');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / kernel-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-27T15:20:57", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1988 advisory.\n\n - kernel: avoid cyclic entity chains due to malformed USB descriptors (CVE-2020-0404)\n\n - kernel: integer overflow in k_ascii() in drivers/tty/vt/keyboard.c (CVE-2020-13974)\n\n - kernel: use-after-free in nouveau kernel module (CVE-2020-27820)\n\n - kernel: speculation on incompletely validated data on IBM Power9 (CVE-2020-4788)\n\n - kernel: out-of-bounds read in bpf_skb_change_head() of filter.c due to a use-after-free (CVE-2021-0941)\n\n - kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies (CVE-2021-20322)\n\n - kernel: arm: SIGPAGE information disclosure vulnerability (CVE-2021-21781)\n\n - hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715 (CVE-2021-26401)\n\n - kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation (CVE-2021-29154)\n\n - kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP() (CVE-2021-3612)\n\n - kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts (CVE-2021-3669)\n\n - kernel: use-after-free in hso_free_net_device() in drivers/net/usb/hso.c (CVE-2021-37159)\n\n - kernel: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c (CVE-2021-3743)\n\n - kernel: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() (CVE-2021-3744)\n\n - kernel: possible use-after-free in bluetooth module (CVE-2021-3752)\n\n - kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks (CVE-2021-3759)\n\n - kernel: DoS in ccp_run_aes_gcm_cmd() function (CVE-2021-3764)\n\n - kernel: sctp: Invalid chunks may be used to remotely remove existing associations (CVE-2021-3772)\n\n - kernel: lack of port sanity checking in natd and netfilter leads to exploit of OpenVPN clients (CVE-2021-3773)\n\n - kernel: possible leak or coruption of data residing on hugetlbfs (CVE-2021-4002)\n\n - kernel: security regression for CVE-2018-13405 (CVE-2021-4037)\n\n - kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)\n\n - kernel: KVM: SVM: out-of-bounds read/write in sev_es_string_io (CVE-2021-4093)\n\n - kernel: Buffer overwrite in decode_nfs_fh function (CVE-2021-4157)\n\n - kernel: eBPF multiplication integer overflow in prealloc_elems_and_freelist() in kernel/bpf/stackmap.c leads to out-of-bounds write (CVE-2021-41864)\n\n - kernel: cgroup: Use open-time creds and namespace for migration perm checks (CVE-2021-4197)\n\n - kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses (CVE-2021-4203)\n\n - kernel: Heap buffer overflow in firedtv driver (CVE-2021-42739)\n\n - kernel: ppc: kvm: allows a malicious KVM guest to crash the host (CVE-2021-43056)\n\n - kernel: an array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (CVE-2021-43389)\n\n - kernel: mwifiex_usb_recv() in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker to cause DoS via crafted USB device (CVE-2021-43976)\n\n - kernel: use-after-free in the TEE subsystem (CVE-2021-44733)\n\n - kernel: information leak in the IPv6 implementation (CVE-2021-45485)\n\n - kernel: information leak in the IPv4 implementation (CVE-2021-45486)\n\n - hw: cpu: intel: Branch History Injection (BHI) (CVE-2022-0001)\n\n - hw: cpu: intel: Intra-Mode BTI (CVE-2022-0002)\n\n - kernel: Local denial of service in bond_ipsec_add_sa (CVE-2022-0286)\n\n - kernel: DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c (CVE-2022-0322)\n\n - kernel: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes (CVE-2022-1011)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-11T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel (RHSA-2022:1988)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2018-13405", "CVE-2020-0404", "CVE-2020-13974", "CVE-2020-27820", "CVE-2020-4788", "CVE-2021-0941", "CVE-2021-20322", "CVE-2021-21781", "CVE-2021-26401", "CVE-2021-29154", "CVE-2021-3612", "CVE-2021-3669", "CVE-2021-37159", "CVE-2021-3743", "CVE-2021-3744", "CVE-2021-3752", "CVE-2021-3759", "CVE-2021-3764", "CVE-2021-3772", "CVE-2021-3773", "CVE-2021-4002", "CVE-2021-4037", "CVE-2021-4083", "CVE-2021-4093", "CVE-2021-4157", "CVE-2021-41864", "CVE-2021-4197", "CVE-2021-4203", "CVE-2021-42739", "CVE-2021-43056", "CVE-2021-43389", "CVE-2021-43976", "CVE-2021-44733", "CVE-2021-45485", "CVE-2021-45486", "CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0286", "CVE-2022-0322", "CVE-2022-1011"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists", "p-cpe:/a:redhat:enterprise_linux:kernel-core", "p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python3-perf"], "id": "REDHAT-RHSA-2022-1988.NASL", "href": "https://www.tenable.com/plugins/nessus/161047", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:1988. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161047);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2020-0404\",\n \"CVE-2020-4788\",\n \"CVE-2020-13974\",\n \"CVE-2020-27820\",\n \"CVE-2021-0941\",\n \"CVE-2021-3612\",\n \"CVE-2021-3669\",\n \"CVE-2021-3743\",\n \"CVE-2021-3744\",\n \"CVE-2021-3752\",\n \"CVE-2021-3759\",\n \"CVE-2021-3764\",\n \"CVE-2021-3772\",\n \"CVE-2021-3773\",\n \"CVE-2021-4002\",\n \"CVE-2021-4037\",\n \"CVE-2021-4083\",\n \"CVE-2021-4157\",\n \"CVE-2021-4197\",\n \"CVE-2021-4203\",\n \"CVE-2021-20322\",\n \"CVE-2021-21781\",\n \"CVE-2021-26401\",\n \"CVE-2021-29154\",\n \"CVE-2021-37159\",\n \"CVE-2021-41864\",\n \"CVE-2021-42739\",\n \"CVE-2021-43056\",\n \"CVE-2021-43389\",\n \"CVE-2021-43976\",\n \"CVE-2021-44733\",\n \"CVE-2021-45485\",\n \"CVE-2021-45486\",\n \"CVE-2022-0001\",\n \"CVE-2022-0002\",\n \"CVE-2022-0286\",\n \"CVE-2022-0322\",\n \"CVE-2022-1011\"\n );\n script_xref(name:\"RHSA\", value:\"2022:1988\");\n\n script_name(english:\"RHEL 8 : kernel (RHSA-2022:1988)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:1988 advisory.\n\n - kernel: avoid cyclic entity chains due to malformed USB descriptors (CVE-2020-0404)\n\n - kernel: integer overflow in k_ascii() in drivers/tty/vt/keyboard.c (CVE-2020-13974)\n\n - kernel: use-after-free in nouveau kernel module (CVE-2020-27820)\n\n - kernel: speculation on incompletely validated data on IBM Power9 (CVE-2020-4788)\n\n - kernel: out-of-bounds read in bpf_skb_change_head() of filter.c due to a use-after-free (CVE-2021-0941)\n\n - kernel: new DNS Cache Poisoning Attack based on ICMP fragment needed packets replies (CVE-2021-20322)\n\n - kernel: arm: SIGPAGE information disclosure vulnerability (CVE-2021-21781)\n\n - hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715 (CVE-2021-26401)\n\n - kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation\n (CVE-2021-29154)\n\n - kernel: joydev: zero size passed to joydev_handle_JSIOCSBTNMAP() (CVE-2021-3612)\n\n - kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts (CVE-2021-3669)\n\n - kernel: use-after-free in hso_free_net_device() in drivers/net/usb/hso.c (CVE-2021-37159)\n\n - kernel: out-of-bound Read in qrtr_endpoint_post in net/qrtr/qrtr.c (CVE-2021-3743)\n\n - kernel: crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() (CVE-2021-3744)\n\n - kernel: possible use-after-free in bluetooth module (CVE-2021-3752)\n\n - kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks\n (CVE-2021-3759)\n\n - kernel: DoS in ccp_run_aes_gcm_cmd() function (CVE-2021-3764)\n\n - kernel: sctp: Invalid chunks may be used to remotely remove existing associations (CVE-2021-3772)\n\n - kernel: lack of port sanity checking in natd and netfilter leads to exploit of OpenVPN clients\n (CVE-2021-3773)\n\n - kernel: possible leak or coruption of data residing on hugetlbfs (CVE-2021-4002)\n\n - kernel: security regression for CVE-2018-13405 (CVE-2021-4037)\n\n - kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)\n\n - kernel: KVM: SVM: out-of-bounds read/write in sev_es_string_io (CVE-2021-4093)\n\n - kernel: Buffer overwrite in decode_nfs_fh function (CVE-2021-4157)\n\n - kernel: eBPF multiplication integer overflow in prealloc_elems_and_freelist() in kernel/bpf/stackmap.c\n leads to out-of-bounds write (CVE-2021-41864)\n\n - kernel: cgroup: Use open-time creds and namespace for migration perm checks (CVE-2021-4197)\n\n - kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses (CVE-2021-4203)\n\n - kernel: Heap buffer overflow in firedtv driver (CVE-2021-42739)\n\n - kernel: ppc: kvm: allows a malicious KVM guest to crash the host (CVE-2021-43056)\n\n - kernel: an array-index-out-bounds in detach_capi_ctr in drivers/isdn/capi/kcapi.c (CVE-2021-43389)\n\n - kernel: mwifiex_usb_recv() in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker to cause DoS\n via crafted USB device (CVE-2021-43976)\n\n - kernel: use-after-free in the TEE subsystem (CVE-2021-44733)\n\n - kernel: information leak in the IPv6 implementation (CVE-2021-45485)\n\n - kernel: information leak in the IPv4 implementation (CVE-2021-45486)\n\n - hw: cpu: intel: Branch History Injection (BHI) (CVE-2022-0001)\n\n - hw: cpu: intel: Intra-Mode BTI (CVE-2022-0002)\n\n - kernel: Local denial of service in bond_ipsec_add_sa (CVE-2022-0286)\n\n - kernel: DoS in sctp_addto_chunk in net/sctp/sm_make_chunk.c (CVE-2022-0322)\n\n - kernel: FUSE allows UAF reads of write() buffers, allowing theft of (partial) /etc/shadow hashes\n (CVE-2022-1011)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-0404\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-4788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-13974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-0941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3669\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3743\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3759\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3764\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4037\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4083\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4093\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4197\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-4203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-20322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21781\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-26401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-29154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-37159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-41864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-42739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43056\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-43976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-44733\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-45485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-45486\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:1988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1888433\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1901726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1919791\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1946684\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1951739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1974079\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1981950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1985353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986473\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1997467\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1997961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1999544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1999675\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2000627\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2000694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2004949\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2010463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2013180\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2014230\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016169\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2017073\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2018205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2025003\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2025726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2027239\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2028584\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2029923\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2030747\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2034342\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2035652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2036934\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2037019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2039911\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2039914\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2042822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2061700\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2061712\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2061721\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2064855\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3752\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3773\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 119, 125, 129, 190, 200, 252, 284, 287, 327, 330, 354, 362, 400, 401, 416, 459, 476, 681, 787, 908);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-0404', 'CVE-2020-4788', 'CVE-2020-13974', 'CVE-2020-27820', 'CVE-2021-0941', 'CVE-2021-3612', 'CVE-2021-3669', 'CVE-2021-3743', 'CVE-2021-3744', 'CVE-2021-3752', 'CVE-2021-3759', 'CVE-2021-3764', 'CVE-2021-3772', 'CVE-2021-3773', 'CVE-2021-4002', 'CVE-2021-4037', 'CVE-2021-4083', 'CVE-2021-4093', 'CVE-2021-4157', 'CVE-2021-4197', 'CVE-2021-4203', 'CVE-2021-20322', 'CVE-2021-21781', 'CVE-2021-26401', 'CVE-2021-29154', 'CVE-2021-37159', 'CVE-2021-41864', 'CVE-2021-42739', 'CVE-2021-43056', 'CVE-2021-43389', 'CVE-2021-43976', 'CVE-2021-44733', 'CVE-2021-45485', 'CVE-2021-45486', 'CVE-2022-0001', 'CVE-2022-0002', 'CVE-2022-0286', 'CVE-2022-0322', 'CVE-2022-1011');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2022:1988');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.9.1.el8', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.9.1.el8', 'sp':'6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.9.1.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.9.1.el8', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.9.1.el8', 'sp':'6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.9.1.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-372.9.1.el8', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-372.9.1.el8', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-372.9.1.el8', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-372.9.1.el8', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-372.9.1.el8', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-372.9.1.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.9.1.el8', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.9.1.el8', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-372.9.1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-372.9.1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-372.9.1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-372.9.1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-372.9.1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / kernel-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-27T15:20:18", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-1988 advisory.\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\n - IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.\n (CVE-2020-4788)\n\n - An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3612)\n\n - hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.\n (CVE-2021-37159)\n\n - An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel.\n A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. (CVE-2021-3743)\n\n - LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.\n (CVE-2021-26401)\n\n - A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. (CVE-2021-20322)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3752)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. (CVE-2021-44733)\n\n - A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4002)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks (CVE-2021-3759)\n\n - A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint information for further use in traditional network attacks. (CVE-2021-3773)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-111893654References: Upstream kernel (CVE-2020-0404)\n\n - An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case. (CVE-2020-13974)\n\n - A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could happen if removing device (that is not common to remove video card physically without power-off, but same happens if unbind the driver). (CVE-2020-27820)\n\n - In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154177719References:\n Upstream kernel (CVE-2021-0941)\n\n - kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts (CVE-2021-3669)\n\n - kernel: DoS in ccp_run_aes_gcm_cmd() function (CVE-2021-3764)\n\n - kernel: security regression for CVE-2018-13405 (CVE-2021-4037)\n\n - An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66 and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process's memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222 4.19.177 5.4.99 5.10.17 5.11 (CVE-2021-21781)\n\n - An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (CVE-2021-43389)\n\n - In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).\n (CVE-2021-43976)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. (CVE-2021-45486)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service. (CVE-2022-0286)\n\n - A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().\n This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. (CVE-2022-1011)\n\n - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).\n This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. (CVE-2021-41864)\n\n - A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or escalate privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-42739)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-18T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : kernel (ELSA-2022-1988)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-5715", "CVE-2018-13405", "CVE-2019-18808", "CVE-2020-0404", "CVE-2020-13974", "CVE-2020-27820", "CVE-2020-4788", "CVE-2021-0941", "CVE-2021-20322", "CVE-2021-21781", "CVE-2021-26401", "CVE-2021-29154", "CVE-2021-3612", "CVE-2021-3669", "CVE-2021-37159", "CVE-2021-3743", "CVE-2021-3744", "CVE-2021-3752", "CVE-2021-3759", "CVE-2021-3764", "CVE-2021-3772", "CVE-2021-3773", "CVE-2021-4002", "CVE-2021-4037", "CVE-2021-4083", "CVE-2021-4157", "CVE-2021-41864", "CVE-2021-4197", "CVE-2021-4203", "CVE-2021-42739", "CVE-2021-43056", "CVE-2021-43389", "CVE-2021-43976", "CVE-2021-44733", "CVE-2021-45485", "CVE-2021-45486", "CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0286", "CVE-2022-0322", "CVE-2022-1011"], "modified": "2022-05-19T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-stablelists", "p-cpe:/a:oracle:linux:kernel-core", "p-cpe:/a:oracle:linux:kernel-cross-headers", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-core", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-debug-modules", "p-cpe:/a:oracle:linux:kernel-debug-modules-extra", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-modules", "p-cpe:/a:oracle:linux:kernel-modules-extra", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python3-perf"], "id": "ORACLELINUX_ELSA-2022-1988.NASL", "href": "https://www.tenable.com/plugins/nessus/161305", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-1988.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161305);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/19\");\n\n script_cve_id(\n \"CVE-2020-0404\",\n \"CVE-2020-4788\",\n \"CVE-2020-13974\",\n \"CVE-2020-27820\",\n \"CVE-2021-0941\",\n \"CVE-2021-3612\",\n \"CVE-2021-3669\",\n \"CVE-2021-3743\",\n \"CVE-2021-3744\",\n \"CVE-2021-3752\",\n \"CVE-2021-3759\",\n \"CVE-2021-3764\",\n \"CVE-2021-3772\",\n \"CVE-2021-3773\",\n \"CVE-2021-4002\",\n \"CVE-2021-4037\",\n \"CVE-2021-4083\",\n \"CVE-2021-4157\",\n \"CVE-2021-4197\",\n \"CVE-2021-4203\",\n \"CVE-2021-20322\",\n \"CVE-2021-21781\",\n \"CVE-2021-26401\",\n \"CVE-2021-29154\",\n \"CVE-2021-37159\",\n \"CVE-2021-41864\",\n \"CVE-2021-42739\",\n \"CVE-2021-43056\",\n \"CVE-2021-43389\",\n \"CVE-2021-43976\",\n \"CVE-2021-44733\",\n \"CVE-2021-45485\",\n \"CVE-2021-45486\",\n \"CVE-2022-0001\",\n \"CVE-2022-0002\",\n \"CVE-2022-0286\",\n \"CVE-2022-0322\",\n \"CVE-2022-1011\"\n );\n\n script_name(english:\"Oracle Linux 8 : kernel (ELSA-2022-1988)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-1988 advisory.\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements,\n allowing them to execute arbitrary code within the kernel context. This affects\n arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\n - IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive\n information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296.\n (CVE-2020-4788)\n\n - An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions\n before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the\n system or possibly escalate their privileges on the system. The highest threat from this vulnerability is\n to confidentiality, integrity, as well as system availability. (CVE-2021-3612)\n\n - hso_free_net_device in drivers/net/usb/hso.c in the Linux kernel through 5.13.4 calls unregister_netdev\n without checking for the NETREG_REGISTERED state, leading to a use-after-free and a double free.\n (CVE-2021-37159)\n\n - An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel.\n A missing sanity check allows a local attacker to gain access to out-of-bounds memory, leading to a system\n crash or a leak of internal kernel information. The highest threat from this vulnerability is to system\n availability. (CVE-2021-3743)\n\n - LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.\n (CVE-2021-26401)\n\n - A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux\n kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an\n off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this\n vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source\n port randomization are indirectly affected as well. (CVE-2021-20322)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP\n association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and\n the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket\n file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race\n condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to\n the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the\n system or escalate their privileges. The highest threat from this vulnerability is to confidentiality,\n integrity, as well as system availability. (CVE-2021-3752)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory\n object. (CVE-2021-44733)\n\n - A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some\n regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the\n memory pages. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4002)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in\n the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could\n potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and\n SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a\n user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - kernel: unaccounted ipc objects in Linux kernel lead to breaking memcg limits and DoS attacks\n (CVE-2021-3759)\n\n - A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint\n information for further use in traditional network attacks. (CVE-2021-3773)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces\n subsystem was found in the way users have access to some less privileged process that are controlled by\n cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of\n control groups. A local user could use this flaw to crash the system or escalate their privileges on the\n system. (CVE-2021-4197)\n\n - An issue was discovered in the Linux kernel for powerpc before 5.14.15. It allows a malicious KVM guest to\n crash the host, when the host is running on Power8, due to an arch/powerpc/kvm/book3s_hv_rmhandlers.S\n implementation bug in the handling of the SRR1 register values. (CVE-2021-43056)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network\n protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more\n buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual\n root cause. This could lead to local escalation of privilege in the kernel with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-111893654References: Upstream kernel (CVE-2020-0404)\n\n - An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer\n overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community\n argue that the integer overflow does not lead to a security issue in this case. (CVE-2020-13974)\n\n - A vulnerability was found in Linux kernel, where a use-after-frees in nouveau's postclose() handler could\n happen if removing device (that is not common to remove video card physically without power-off, but same\n happens if unbind the driver). (CVE-2020-27820)\n\n - In bpf_skb_change_head of filter.c, there is a possible out of bounds read due to a use after free. This\n could lead to local escalation of privilege with System execution privileges needed. User interaction is\n not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154177719References:\n Upstream kernel (CVE-2021-0941)\n\n - kernel: reading /proc/sysvipc/shm does not scale with large shared memory segment counts (CVE-2021-3669)\n\n - kernel: DoS in ccp_run_aes_gcm_cmd() function (CVE-2021-3764)\n\n - kernel: security regression for CVE-2018-13405 (CVE-2021-4037)\n\n - An information disclosure vulnerability exists in the ARM SIGPAGE functionality of Linux Kernel v5.4.66\n and v5.4.54. The latest version (5.11-rc4) seems to still be vulnerable. A userland application can read\n the contents of the sigpage, which can leak kernel memory contents. An attacker can read a process's\n memory at a specific offset to trigger this vulnerability. This was fixed in kernel releases: 4.14.222\n 4.19.177 5.4.99 5.10.17 5.11 (CVE-2021-21781)\n\n - An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in\n the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (CVE-2021-43389)\n\n - In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows\n an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).\n (CVE-2021-43976)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information\n leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based\n attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak\n because the hash table is very small. (CVE-2021-45486)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may\n allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an\n authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local\n denial of service. (CVE-2022-0286)\n\n - A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().\n This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in\n privilege escalation. (CVE-2022-1011)\n\n - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in\n drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).\n This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows\n unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds\n write. (CVE-2021-41864)\n\n - A heap-based buffer overflow flaw was found in the Linux kernel FireDTV media card driver, where the user\n calls the CA_SEND_MSG ioctl. This flaw allows a local user of the host machine to crash the system or\n escalate privileges on the system. The highest threat from this vulnerability is to confidentiality,\n integrity, as well as system availability. (CVE-2021-42739)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-1988.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3752\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3773\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.18.0-372.9.1.el8'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-1988');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.18';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-4.18.0'},\n {'reference':'kernel-abi-stablelists-4.18.0-372.9.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-stablelists-4.18.0'},\n {'reference':'kernel-core-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-core-4.18.0'},\n {'reference':'kernel-cross-headers-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-cross-headers-4.18.0'},\n {'reference':'kernel-cross-headers-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-cross-headers-4.18.0'},\n {'reference':'kernel-debug-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-4.18.0'},\n {'reference':'kernel-debug-core-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-core-4.18.0'},\n {'reference':'kernel-debug-devel-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-4.18.0'},\n {'reference':'kernel-debug-modules-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-4.18.0'},\n {'reference':'kernel-debug-modules-extra-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-extra-4.18.0'},\n {'reference':'kernel-devel-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-4.18.0'},\n {'reference':'kernel-headers-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-4.18.0'},\n {'reference':'kernel-headers-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-4.18.0'},\n {'reference':'kernel-modules-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-4.18.0'},\n {'reference':'kernel-modules-extra-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-extra-4.18.0'},\n {'reference':'kernel-tools-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-4.18.0'},\n {'reference':'kernel-tools-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-4.18.0'},\n {'reference':'kernel-tools-libs-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-4.18.0'},\n {'reference':'kernel-tools-libs-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-4.18.0'},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-4.18.0'},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-4.18.0'},\n {'reference':'perf-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-372.9.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-05T15:47:54", "description": "The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5096 advisory.\n\n - An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.\n (CVE-2020-29374)\n\n - An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as CVE-2021-28950. (CVE-2020-36322)\n\n - A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user privileges to cause a denial of service, slowing and eventually stopping the system while running OSP.\n (CVE-2021-20317)\n\n - A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.\n (CVE-2021-20321)\n\n - A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. (CVE-2021-20322)\n\n - A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (CVE-2021-22600)\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as driver domains.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default).\n Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time.\n (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO, XDP, or software hashing. (CVE-2021-28714) (CVE-2021-28714, CVE-2021-28715)\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)\n\n - A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.\n (CVE-2021-3640)\n\n - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).\n This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)\n\n - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3752)\n\n - A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability. (CVE-2021-3760)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context.\n This occurs because conditional branches can exceed the 128 KB limit of the MIPS architecture.\n (CVE-2021-38300)\n\n - A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4002)\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds write. (CVE-2021-41864)\n\n - The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt mishandles bounds checking. (CVE-2021-42739)\n\n - An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (CVE-2021-43389)\n\n - In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a crafted device) to trigger an out-of-bounds write via a crafted length value. (CVE-2021-43975)\n\n - In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).\n (CVE-2021-43976)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. (CVE-2021-44733)\n\n - pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.\n (CVE-2021-45095)\n\n - In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds memory access when an inode has an invalid last xattr entry. (CVE-2021-45469)\n\n - An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the\n __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances.\n (CVE-2021-45480)\n\n - A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. (CVE-2022-0487)\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\n - An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c. (CVE-2022-24959)\n\n - An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array index and ones associated with NULL function pointer retrieval). Memory corruption might occur.\n (CVE-2022-25258)\n\n - An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory. (CVE-2022-25375)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-09T00:00:00", "type": "nessus", "title": "Debian DSA-5096-1 : linux - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18808", "CVE-2020-29374", "CVE-2020-36322", "CVE-2021-20317", "CVE-2021-20321", "CVE-2021-20322", "CVE-2021-22600", "CVE-2021-28711", "CVE-2021-28712", "CVE-2021-28713", "CVE-2021-28714", "CVE-2021-28715", "CVE-2021-28950", "CVE-2021-3640", "CVE-2021-3744", "CVE-2021-3752", "CVE-2021-3760", "CVE-2021-3764", "CVE-2021-3772", "CVE-2021-38300", "CVE-2021-39685", "CVE-2021-39686", "CVE-2021-39698", "CVE-2021-39713", "CVE-2021-4002", "CVE-2021-4083", "CVE-2021-4135", "CVE-2021-4155", "CVE-2021-41864", "CVE-2021-4202", "CVE-2021-4203", "CVE-2021-42739", "CVE-2021-43389", "CVE-2021-43975", "CVE-2021-43976", "CVE-2021-44733", "CVE-2021-45095", "CVE-2021-45469", "CVE-2021-45480", "CVE-2022-0001", "CVE-2022-0002", "CVE-2022-0322", "CVE-2022-0330", "CVE-2022-0435", "CVE-2022-0487", "CVE-2022-0492", "CVE-2022-0617", "CVE-2022-0644", "CVE-2022-22942", "CVE-2022-24448", "CVE-2022-24959", "CVE-2022-25258", "CVE-2022-25375"], "modified": "2023-04-25T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:hyperv-daemons", "p-cpe:/a:debian:debian_linux:libbpf-dev", "p-cpe:/a:debian:debian_linux:libbpf4.19", "p-cpe:/a:debian:debian_linux:libcpupower-dev", "p-cpe:/a:debian:debian_linux:libcpupower1", "p-cpe:/a:debian:debian_linux:liblockdep-dev", "p-cpe:/a:debian:debian_linux:liblockdep4.19", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-8-arm", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-8-s390", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-8-x86", "p-cpe:/a:debian:debian_linux:linux-config-4.19", "p-cpe:/a:debian:debian_linux:linux-cpupower", "p-cpe:/a:debian:debian_linux:linux-doc-4.19", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-mips", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-mips64el", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-mipsel", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-ppc64el", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-s390x", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-cloud-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-common", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-loongson-3", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-marvell", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-octeon", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rpi", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rt-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-s390x", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-4kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-5kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-686-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-686-pae-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-686-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-amd64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-arm64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-cloud-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-cloud-amd64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-loongson-3", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-loongson-3-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-marvell", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-marvell-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-octeon", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-octeon-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-powerpc64le-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rpi", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rpi-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-686-pae-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-amd64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-arm64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-s390x", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-s390x-dbg", "p-cpe:/a:debian:debian_linux:linux-image-amd64-signed-template", "p-cpe:/a:debian:debian_linux:linux-image-arm64-signed-template", "p-cpe:/a:debian:debian_linux:linux-image-i386-signed-template", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.19", "p-cpe:/a:debian:debian_linux:linux-libc-dev", "p-cpe:/a:debian:debian_linux:linux-perf-4.19", "p-cpe:/a:debian:debian_linux:linux-source-4.19", "p-cpe:/a:debian:debian_linux:linux-support-4.19.0-19", "p-cpe:/a:debian:debian_linux:lockdep", "p-cpe:/a:debian:debian_linux:usbip", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-5096.NASL", "href": "https://www.tenable.com/plugins/nessus/158761", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5096. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158761);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/25\");\n\n script_cve_id(\n \"CVE-2020-29374\",\n \"CVE-2020-36322\",\n \"CVE-2021-3640\",\n \"CVE-2021-3744\",\n \"CVE-2021-3752\",\n \"CVE-2021-3760\",\n \"CVE-2021-3764\",\n \"CVE-2021-3772\",\n \"CVE-2021-4002\",\n \"CVE-2021-4083\",\n \"CVE-2021-4135\",\n \"CVE-2021-4155\",\n \"CVE-2021-4202\",\n \"CVE-2021-4203\",\n \"CVE-2021-20317\",\n \"CVE-2021-20321\",\n \"CVE-2021-20322\",\n \"CVE-2021-22600\",\n \"CVE-2021-28711\",\n \"CVE-2021-28712\",\n \"CVE-2021-28713\",\n \"CVE-2021-28714\",\n \"CVE-2021-28715\",\n \"CVE-2021-28950\",\n \"CVE-2021-38300\",\n \"CVE-2021-39685\",\n \"CVE-2021-39686\",\n \"CVE-2021-39698\",\n \"CVE-2021-39713\",\n \"CVE-2021-41864\",\n \"CVE-2021-42739\",\n \"CVE-2021-43389\",\n \"CVE-2021-43975\",\n \"CVE-2021-43976\",\n \"CVE-2021-44733\",\n \"CVE-2021-45095\",\n \"CVE-2021-45469\",\n \"CVE-2021-45480\",\n \"CVE-2022-0001\",\n \"CVE-2022-0002\",\n \"CVE-2022-0322\",\n \"CVE-2022-0330\",\n \"CVE-2022-0435\",\n \"CVE-2022-0487\",\n \"CVE-2022-0492\",\n \"CVE-2022-0617\",\n \"CVE-2022-0644\",\n \"CVE-2022-22942\",\n \"CVE-2022-24448\",\n \"CVE-2022-24959\",\n \"CVE-2022-25258\",\n \"CVE-2022-25375\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/02\");\n\n script_name(english:\"Debian DSA-5096-1 : linux - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5096 advisory.\n\n - An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The\n get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider\n the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.\n (CVE-2020-29374)\n\n - An issue was discovered in the FUSE filesystem implementation in the Linux kernel before 5.10.6, aka\n CID-5d069dbe8aaf. fuse_do_getattr() calls make_bad_inode() in inappropriate situations, causing a system\n crash. NOTE: the original fix for this vulnerability was incomplete, and its incompleteness is tracked as\n CVE-2021-28950. (CVE-2020-36322)\n\n - A flaw was found in the Linux kernel. A corrupted timer tree caused the task wakeup to be missing in the\n timerqueue_add function in lib/timerqueue.c. This flaw allows a local attacker with special user\n privileges to cause a denial of service, slowing and eventually stopping the system while running OSP.\n (CVE-2021-20317)\n\n - A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users\n do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.\n (CVE-2021-20321)\n\n - A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux\n kernel functionality was found to allow the ability to quickly scan open UDP ports. This flaw allows an\n off-path remote user to effectively bypass the source port UDP randomization. The highest threat from this\n vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source\n port randomization are indirectly affected as well. (CVE-2021-20322)\n\n - A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through\n crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected\n versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (CVE-2021-22600)\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to\n multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the\n ability to run PV backends in regular unprivileged guests, typically referred to as driver domains.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets\n compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain\n could try to attack other guests via sending events at a high frequency leading to a Denial of Service in\n the guest due to trying to service interrupts for elongated amounts of time. There are three affected\n backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch\n 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - Guest can force Linux netback driver to hog large amounts of kernel memory T[his CNA information record\n relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.]\n Incoming data packets for a guest in the Linux kernel's netback driver are buffered until the guest is\n ready to process them. There are some measures taken for avoiding to pile up too much data, but those can\n be bypassed by the guest: There is a timeout how long the client side of an interface can stop consuming\n new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default).\n Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time.\n (CVE-2021-28715) The timeout could even never trigger if the guest manages to have only one free slot in\n its RX queue ring page and the next package would require more than one free slot, which may be the case\n when using GSO, XDP, or software hashing. (CVE-2021-28714) (CVE-2021-28714, CVE-2021-28715)\n\n - An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A stall on CPU can occur\n because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1. (CVE-2021-28950)\n\n - A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the\n way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del()\n together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A\n privileged local user could use this flaw to crash the system or escalate their privileges on the system.\n (CVE-2021-3640)\n\n - A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in\n drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption).\n This vulnerability is similar with the older CVE-2019-18808. (CVE-2021-3744)\n\n - A use-after-free flaw was found in the Linux kernel's Bluetooth subsystem in the way user calls connect to\n the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the\n system or escalate their privileges. The highest threat from this vulnerability is to confidentiality,\n integrity, as well as system availability. (CVE-2021-3752)\n\n - A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat\n to confidentiality, integrity, and system availability. (CVE-2021-3760)\n\n - A flaw was found in the Linux SCTP stack. A blind attacker may be able to kill an existing SCTP\n association through invalid chunks if the attacker knows the IP-addresses and port numbers being used and\n the attacker can send packets with spoofed IP addresses. (CVE-2021-3772)\n\n - arch/mips/net/bpf_jit.c in the Linux kernel before 5.4.10 can generate undesirable machine code when\n transforming unprivileged cBPF programs, allowing execution of arbitrary code within the kernel context.\n This occurs because conditional branches can exceed the 128 KB limit of the MIPS architecture.\n (CVE-2021-38300)\n\n - A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some\n regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the\n memory pages. A local user could use this flaw to get unauthorized access to some data. (CVE-2021-4002)\n\n - A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket\n file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race\n condition. This flaw allows a local user to crash the system or escalate their privileges on the system.\n This flaw affects Linux kernel versions prior to 5.16-rc4. (CVE-2021-4083)\n\n - prealloc_elems_and_freelist in kernel/bpf/stackmap.c in the Linux kernel before 5.14.12 allows\n unprivileged users to trigger an eBPF multiplication integer overflow with a resultant out-of-bounds\n write. (CVE-2021-41864)\n\n - The firewire subsystem in the Linux kernel through 5.14.13 has a buffer overflow related to\n drivers/media/firewire/firedtv-avc.c and drivers/media/firewire/firedtv-ci.c, because avc_ca_pmt\n mishandles bounds checking. (CVE-2021-42739)\n\n - An issue was discovered in the Linux kernel before 5.14.15. There is an array-index-out-of-bounds flaw in\n the detach_capi_ctr function in drivers/isdn/capi/kcapi.c. (CVE-2021-43389)\n\n - In the Linux kernel through 5.15.2, hw_atl_utils_fw_rpc_wait in\n drivers/net/ethernet/aquantia/atlantic/hw_atl/hw_atl_utils.c allows an attacker (who can introduce a\n crafted device) to trigger an out-of-bounds write via a crafted length value. (CVE-2021-43975)\n\n - In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows\n an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).\n (CVE-2021-43976)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory\n object. (CVE-2021-44733)\n\n - pep_sock_accept in net/phonet/pep.c in the Linux kernel through 5.15.8 has a refcount leak.\n (CVE-2021-45095)\n\n - In __f2fs_setxattr in fs/f2fs/xattr.c in the Linux kernel through 5.15.11, there is an out-of-bounds\n memory access when an inode has an invalid last xattr entry. (CVE-2021-45469)\n\n - An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the\n __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances.\n (CVE-2021-45480)\n\n - A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c\n in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system\n Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. (CVE-2022-0487)\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the\n kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups\n v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\n - An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in\n drivers/net/hamradio/yam.c. (CVE-2022-24959)\n\n - An issue was discovered in drivers/usb/gadget/composite.c in the Linux kernel before 5.16.10. The USB\n Gadget subsystem lacks certain validation of interface OS descriptor requests (ones with a large array\n index and ones associated with NULL function pointer retrieval). Memory corruption might occur.\n (CVE-2022-25258)\n\n - An issue was discovered in drivers/usb/gadget/function/rndis.c in the Linux kernel before 5.16.10. The\n RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive\n information from kernel memory. (CVE-2022-25375)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988044\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/linux\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-29374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2020-36322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-20317\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-20321\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-20322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-22600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-28711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-28712\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-28713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-28714\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-28715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-28950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-3640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-3744\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-3752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-3760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-3764\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-3772\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-38300\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-39685\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-39686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-39698\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-39713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4083\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4135\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4155\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-41864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4202\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-4203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-42739\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-43389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-43975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-43976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-44733\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-45095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-45469\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-45480\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0330\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0435\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0492\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-0644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-22942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-24448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-24959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-25258\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-25375\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/linux\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0435\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'vmwgfx Driver File Descriptor Handling Priv Esc');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:hyperv-daemons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbpf-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libbpf4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:liblockdep-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:liblockdep4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-8-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-8-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-8-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-config-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-cpupower\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-mips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-mips64el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-mipsel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-ppc64el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-all-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-cloud-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rt-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-19-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-4kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-5kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-686-pae-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-686-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-amd64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-arm64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-cloud-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-cloud-amd64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-loongson-3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-octeon-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-powerpc64le-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rpi-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-686-pae-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-amd64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-arm64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-rt-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-19-s390x-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-amd64-signed-template\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-arm64-signed-template\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-i386-signed-template\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.19.0-19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:lockdep\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usbip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(10)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '10.0', 'prefix': 'hyperv-daemons', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'libbpf-dev', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'libbpf4.19', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'libcpupower-dev', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'libcpupower1', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'liblockdep-dev', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'liblockdep4.19', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-compiler-gcc-8-arm', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-compiler-gcc-8-s390', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-compiler-gcc-8-x86', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-config-4.19', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-cpupower', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-doc-4.19', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-4kc-malta', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-5kc-malta', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-686', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-686-pae', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-all', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-all-amd64', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-all-arm64', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-all-armel', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-all-armhf', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-all-i386', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-all-mips', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-all-mips64el', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-all-mipsel', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-all-ppc64el', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-all-s390x', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-amd64', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-arm64', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-armmp', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-armmp-lpae', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-cloud-amd64', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-common', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-common-rt', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-loongson-3', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-marvell', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-octeon', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-powerpc64le', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-rpi', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-rt-686-pae', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-rt-amd64', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-rt-arm64', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-rt-armmp', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-headers-4.19.0-19-s390x', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-4kc-malta', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-4kc-malta-dbg', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-5kc-malta', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-5kc-malta-dbg', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-686-dbg', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-686-pae-dbg', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-686-pae-unsigned', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-686-unsigned', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-amd64-dbg', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-amd64-unsigned', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-arm64-dbg', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-arm64-unsigned', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-armmp', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-armmp-dbg', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-armmp-lpae', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-armmp-lpae-dbg', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-cloud-amd64-dbg', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-cloud-amd64-unsigned', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-loongson-3', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-loongson-3-dbg', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-marvell', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-marvell-dbg', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-octeon', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-octeon-dbg', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-powerpc64le', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-powerpc64le-dbg', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-rpi', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-rpi-dbg', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-rt-686-pae-dbg', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-rt-686-pae-unsigned', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-rt-amd64-dbg', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-rt-amd64-unsigned', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-rt-arm64-dbg', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-rt-arm64-unsigned', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-rt-armmp', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-rt-armmp-dbg', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-s390x', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-4.19.0-19-s390x-dbg', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-amd64-signed-template', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-arm64-signed-template', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-image-i386-signed-template', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-kbuild-4.19', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-libc-dev', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-perf-4.19', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-source-4.19', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'linux-support-4.19.0-19', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'lockdep', 'reference': '4.19.232-1'},\n {'release': '10.0', 'prefix': 'usbip', 'reference': '4.19.232-1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'hyperv-daemons / libbpf-dev / libbpf4.19 / libcpupower-dev / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-07T13:09:02", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. (CVE-2021-33061)\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds.\n (CVE-2021-33656)\n\n - In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-185125206References: Upstream kernel (CVE-2021-39698)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel (CVE-2021-39713)\n\n - A data leak flaw was found in the way XFS_IOC_ALLOCSP IOCTL in the XFS filesystem allowed for size increase of files with unaligned size. A local attacker could use this flaw to leak data on the XFS filesystem otherwise not accessible to them. (CVE-2021-4155)\n\n - A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures.\n Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. (CVE-2021-4159)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file. (CVE-2021-45868)\n\n - Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0001)\n\n - Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-0002)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.\n (CVE-2022-0492)\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attac