CVE-2022-21385

2022-08-29T21:15:00

Description

A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

Affected Software

CPE Name	Name	Version
oracle:linux	oracle linux	-

{"id": "CVE-2022-21385", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2022-21385", "description": "A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)", "published": "2022-08-29T21:15:00", "modified": "2022-09-30T19:19:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.2, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.5, "impactScore": 3.6}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21385", "reporter": "secalert_us@oracle.com", "references": ["https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ea010070d0a7497253d5a6f919f6dd107450b31a"], "cvelist": ["CVE-2022-21385"], "immutableFields": [], "lastseen": "2023-02-09T14:06:18", "viewCount": 60, "enchantments": {"score": {"value": 4.2, "vector": "NONE"}, "dependencies": {"references": [{"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-21385"]}, {"type": "nessus", "idList": ["EULEROS_SA-2022-2848.NASL", "EULEROS_SA-2023-1168.NASL", "ORACLELINUX_ELSA-2022-9726.NASL", "ORACLELINUX_ELSA-2022-9727.NASL", "ORACLELINUX_ELSA-2022-9728.NASL", "ORACLELINUX_ELSA-2022-9729.NASL", "ORACLELINUX_ELSA-2022-9730.NASL", "ORACLELINUX_ELSA-2022-9731.NASL", "ORACLELINUX_ELSA-2022-9787.NASL", "ORACLELINUX_ELSA-2022-9788.NASL", "ORACLELINUX_ELSA-2022-9827.NASL", "ORACLELINUX_ELSA-2022-9828.NASL", "ORACLELINUX_ELSA-2022-9829.NASL", "ORACLELINUX_ELSA-2022-9830.NASL", "SUSE_SU-2022-3263-1.NASL", "SUSE_SU-2022-3265-1.NASL", "SUSE_SU-2022-3274-1.NASL", "SUSE_SU-2022-3282-1.NASL", "SUSE_SU-2022-3291-1.NASL", "SUSE_SU-2022-3294-1.NASL", "SUSE_SU-2022-3408-1.NASL", "SUSE_SU-2022-3422-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2022-9726", "ELSA-2022-9727", "ELSA-2022-9728", "ELSA-2022-9729", "ELSA-2022-9730", "ELSA-2022-9731", "ELSA-2022-9787", "ELSA-2022-9788", "ELSA-2022-9827", "ELSA-2022-9828", "ELSA-2022-9829", "ELSA-2022-9830"]}, {"type": "suse", "idList": ["SUSE-SU-2022:3408-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2022-21385"]}]}, "twitter": {"counter": 4, "tweets": [{"link": "https://twitter.com/threatintelctr/status/1564367830124007425", "text": " NEW: CVE-2022-21385 A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR... (click for more) Severity: MEDIUM https://t.co/n9p0pcVS9r", "author": "threatintelctr", "author_photo": "https://pbs.twimg.com/profile_images/904224973987840000/dMy1x9Ho_400x400.jpg"}, {"link": "https://twitter.com/CVEreport/status/1564351410149511168", "text": "CVE-2022-21385 : A flaw in net_rds_alloc_sgs in Oracle /hashtag/Linux?src=hashtag_click /hashtag/kernels?src=hashtag_click allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 Availability impacts . CVSS Vector CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H ...", "author": "CVEreport", "author_photo": "https://pbs.twimg.com/profile_images/589794568574357505/gwqqrkZn_400x400.png"}]}, "epss": [{"cve": "CVE-2022-21385", "epss": "0.000450000", "percentile": "0.118440000", "modified": "2023-03-19"}], "vulnersScore": 4.2}, "_state": {"score": 1675961081, "dependencies": 1675960477, "twitter": 0, "affected_software_major_version": 1677369691, "epss": 1679303669}, "_internal": {"score_hash": "570925b6b8c02425e87292d83da28422"}, "cna_cvss": {"cna": "Oracle", "cvss": {"3": {"vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "score": 6.2}}}, "cpe": ["cpe:/o:oracle:linux:-"], "cpe23": ["cpe:2.3:o:oracle:linux:-:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-noinfo"], "affectedSoftware": [{"cpeName": "oracle:linux", "version": "-", "operator": "eq", "name": "oracle linux"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:o:oracle:linux:-:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ea010070d0a7497253d5a6f919f6dd107450b31a", "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ea010070d0a7497253d5a6f919f6dd107450b31a", "refsource": "MISC", "tags": ["Exploit", "Mailing List", "Patch", "Third Party Advisory"]}], "product_info": [{"vendor": "Oracle Corporation", "product": "Oracle Linux"}]}

{"debiancve": [{"lastseen": "2023-03-19T22:09:59", "description": "A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-29T21:15:00", "type": "debiancve", "title": "CVE-2022-21385", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-21385"], "modified": "2022-08-29T21:15:00", "id": "DEBIANCVE:CVE-2022-21385", "href": "https://security-tracker.debian.org/tracker/CVE-2022-21385", "cvss": {"score": 0.0, "vector": "NONE"}}], "ubuntucve": [{"lastseen": "2023-03-13T13:15:38", "description": "A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged\nlocal users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability\nimpacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-29T00:00:00", "type": "ubuntucve", "title": "CVE-2022-21385", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-21385"], "modified": "2022-08-29T00:00:00", "id": "UB:CVE-2022-21385", "href": "https://ubuntu.com/security/CVE-2022-21385", "cvss": {"score": 0.0, "vector": "NONE"}}], "oraclelinux": [{"lastseen": "2022-09-01T22:41:38", "description": "[5.4.17-2136.310.7.1]\n- rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry)\n [Orabug: 33981855] {CVE-2022-21385}", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-19T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-21385"], "modified": "2022-08-19T00:00:00", "id": "ELSA-2022-9730", "href": "http://linux.oracle.com/errata/ELSA-2022-9730.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-01T22:41:38", "description": "[5.15.0-1.43.4.2]\n- rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry)\n [Orabug: 33981854] {CVE-2022-21385}", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-19T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-21385"], "modified": "2022-08-19T00:00:00", "id": "ELSA-2022-9729", "href": "http://linux.oracle.com/errata/ELSA-2022-9729.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-01T22:41:42", "description": "[5.4.17-2136.310.7.1]\n- rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 33981855] {CVE-2022-21385}", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-19T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-21385"], "modified": "2022-08-19T00:00:00", "id": "ELSA-2022-9727", "href": "http://linux.oracle.com/errata/ELSA-2022-9727.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-01T22:41:38", "description": "[5.15.0-1.43.4.2]\n- rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 33981854] {CVE-2022-21385}", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-19T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-21385"], "modified": "2022-08-19T00:00:00", "id": "ELSA-2022-9726", "href": "http://linux.oracle.com/errata/ELSA-2022-9726.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-01T22:41:38", "description": "[4.14.35-2047.516.2.1]\n- rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry)\n [Orabug: 33981856] {CVE-2022-21385}", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-19T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-21385"], "modified": "2022-08-19T00:00:00", "id": "ELSA-2022-9731", "href": "http://linux.oracle.com/errata/ELSA-2022-9731.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-01T22:41:38", "description": "[4.14.35-2047.516.2.1]\n- rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 33981856] {CVE-2022-21385}", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-19T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-21385"], "modified": "2022-08-19T00:00:00", "id": "ELSA-2022-9728", "href": "http://linux.oracle.com/errata/ELSA-2022-9728.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-16T00:43:27", "description": "[4.14.35-2047.517.3]\n- KVM: x86: use raw clock values consistently (Paolo Bonzini) [Orabug: 34575637] \n- KVM: x86: reorganize pvclock_gtod_data members (Paolo Bonzini) [Orabug: 34575637] \n- KVM: x86: switch KVMCLOCK base to monotonic raw clock (Marcelo Tosatti) [Orabug: 34575637]\n[4.14.35-2047.517.2]\n- kernfs: Replace global kernfs_open_file_mutex with hashed mutexes. (Imran Khan) [Orabug: 34476942] \n- kernfs: Introduce interface to access global kernfs_open_file_mutex. (Imran Khan) [Orabug: 34476942] \n- kernfs: make ->attr.open RCU protected. (Imran Khan) [Orabug: 34476942] \n- kernfs: Rename kernfs_put_open_node to kernfs_unlink_open_file. (Imran Khan) [Orabug: 34476942] \n- kernfs: Remove reference counting for kernfs_open_node. (Imran Khan) [Orabug: 34476942] \n- rds/ib: handle posted ACK during connection shutdown (Rohit Nair) [Orabug: 34465810] \n- rds/ib: reap tx completions during connection shutdown (Rohit Nair) [Orabug: 34465810] \n- scsi: target: Fix WRITE_SAME No Data Buffer crash (Mike Christie) [Orabug: 34419972] {CVE-2022-21546}\n- rds/rdma: destroy CQs during user initiated rds connection resets (Rohit Nair) [Orabug: 34414240] \n- rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 34510858] {CVE-2022-21385}\n[4.14.35-2047.517.1]\n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34480752] {CVE-2022-2588}\n- Restore 'module, async: async_synchronize_full() on module init iff async is used' (Mridula Shastry) [Orabug: 34469834] \n- net/rds: Replace #ifdef DEBUG with CONFIG_SLUB_DEBUG (Freddy Carrillo) [Orabug: 34405766] \n- ext4: Move to shared i_rwsem even without dioread_nolock mount opt (Ritesh Harjani) [Orabug: 34295843] \n- ext4: Start with shared i_rwsem in case of DIO instead of exclusive (Ritesh Harjani) [Orabug: 34295843] \n- ext4: further refactoring bufferio and dio helper (Junxiao Bi) [Orabug: 34295843] \n- ext4: refactor ext4_file_write_iter (Junxiao Bi) [Orabug: 34295843] \n- xen/manage: Use orderly_reboot() to reboot (Ross Lagerwall) [Orabug: 34211118] \n- xen/manage: revert 'xen/manage: enable C_A_D to force reboot' (Dongli Zhang) [Orabug: 34211118] \n- Linux 4.14.288 (Greg Kroah-Hartman) \n- dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (Miaoqian Lin) \n- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (Miaoqian Lin) \n- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (Michael Walle) \n- ida: don't use BUG_ON() for debugging (Linus Torvalds) \n- i2c: cadence: Unregister the clk notifier in error path (Satish Nagireddy) \n- pinctrl: sunxi: a83t: Fix NAND function name for some pins (Samuel Holland) \n- xfs: remove incorrect ASSERT in xfs_rename (Eric Sandeen) \n- powerpc/powernv: delay rng platform device creation until later in boot (Jason A. Donenfeld) \n- video: of_display_timing.h: include errno.h (Hsin-Yi Wang) \n- fbcon: Disallow setting font bigger than screen size (Helge Deller) \n- iommu/vt-d: Fix PCI bus rescan device hot add (Yian Chen) \n- net: rose: fix UAF bug caused by rose_t0timer_expiry (Duoming Zhou) \n- usbnet: fix memory leak in error case (Oliver Neukum) \n- can: gs_usb: gs_usb_open/close(): fix memory leak (Rhett Aultman) \n- can: grcan: grcan_probe(): remove extra of_node_get() (Liang He) \n- mm/slub: add missing TID updates on slab deactivation (Jann Horn) \n- esp: limit skb_page_frag_refill use to a single page (Sabrina Dubroca) \n- Linux 4.14.287 (Greg Kroah-Hartman) \n- xen/gntdev: Avoid blocking in unmap_grant_pages() (Demi Marie Obenour) \n- net: usb: qmi_wwan: add Telit 0x1070 composition (Daniele Palmas) \n- net: usb: qmi_wwan: add Telit 0x1060 composition (Carlo Lobrano) \n- xen/arm: Fix race in RB-tree based P2M accounting (Oleksandr Tyshchenko) \n- net: Rename and export copy_skb_header (Ilya Lesokhin) \n- ipv6/sit: fix ipip6_tunnel_get_prl return value (katrinzhou) \n- sit: use min (kernel test robot) \n- hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails (Yang Yingliang) \n- NFC: nxp-nci: Don't issue a zero length i2c_master_read() (Michael Walle) \n- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- net: bonding: fix use-after-free after 802.3ad slave unbind (Yevhen Orlov) \n- net: bonding: fix possible NULL deref in rlb code (Eric Dumazet) \n- netfilter: nft_dynset: restore set element counter when failing to update (Pablo Neira Ayuso) \n- caif_virtio: fix race between virtio_device_ready() and ndo_open() (Jason Wang) \n- net: ipv6: unexport __init-annotated seg6_hmac_net_init() (YueHaibing) \n- usbnet: fix memory allocation in helpers (Oliver Neukum) \n- RDMA/qedr: Fix reporting QP timeout attribute (Kamal Heib) \n- net: usb: ax88179_178a: Fix packet receiving (Jose Alonso) \n- net: rose: fix UAF bugs caused by timer handler (Duoming Zhou) \n- SUNRPC: Fix READ_PLUS crasher (Chuck Lever) \n- s390/archrandom: simplify back to earlier design and initialize earlier (Jason A. Donenfeld) \n- dm raid: fix KASAN warning in raid5_add_disks (Mikulas Patocka) \n- dm raid: fix accesses beyond end of raid member array (Heinz Mauelshagen) \n- nvdimm: Fix badblocks clear off-by-one error (Chris Ye) \n- Linux 4.14.286 (Greg Kroah-Hartman) \n- swiotlb: skip swiotlb_bounce when orig_addr is zero (Liu Shixin) \n- kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (Naveen N. Rao) \n- fdt: Update CRC check for rng-seed (Hsin-Yi Wang) \n- xen: unexport __init-annotated xen_xlate_map_ballooned_pages() (Masahiro Yamada) \n- drm: remove drm_fb_helper_modinit (Christoph Hellwig) \n- powerpc/pseries: wire up rng during setup_arch() (Jason A. Donenfeld) \n- modpost: fix section mismatch check for exported init/exit sections (Masahiro Yamada) \n- ARM: cns3xxx: Fix refcount leak in cns3xxx_init (Miaoqian Lin) \n- ARM: Fix refcount leak in axxia_boot_secondary (Miaoqian Lin) \n- ARM: exynos: Fix refcount leak in exynos_map_pmu (Miaoqian Lin) \n- ARM: dts: imx6qdl: correct PU regulator ramp delay (Lucas Stach) \n- powerpc/powernv: wire up rng during setup_arch (Jason A. Donenfeld) \n- powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (Andrew Donnellan) \n- powerpc: Enable execve syscall exit tracepoint (Naveen N. Rao) \n- xtensa: Fix refcount leak bug in time.c (Liang He) \n- xtensa: xtfpga: Fix refcount leak bug in setup (Liang He) \n- iio: adc: axp288: Override TS pin bias current for some models (Hans de Goede) \n- iio: trigger: sysfs: fix use-after-free on remove (Vincent Whitchurch) \n- iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (Zheyu Ma) \n- iio: accel: mma8452: ignore the return value of reset operation (Haibo Chen) \n- iio:accel:bma180: rearrange iio trigger get and register (Dmitry Rokosov) \n- usb: chipidea: udc: check request status before setting device address (Xu Yang) \n- iio: adc: vf610: fix conversion mode sysfs node name (Baruch Siach) \n- igb: Make DMA faster when CPU is active on the PCIe link (Kai-Heng Feng) \n- MIPS: Remove repetitive increase irq_err_count (huhai) \n- x86/xen: Remove undefined behavior in setup_features() (Julien Grall) \n- bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (Jay Vosburgh) \n- USB: serial: option: add Quectel RM500K module support (Macpaul Lin) \n- USB: serial: option: add Quectel EM05-G modem (Yonglin Tan) \n- USB: serial: option: add Telit LE910Cx 0x1250 composition (Carlo Lobrano) \n- random: quiet urandom warning ratelimit suppression message (Jason A. Donenfeld) \n- dm era: commit metadata in postsuspend after worker stops (Nikos Tsironis) \n- ata: libata: add qc->flags in ata_qc_complete_template tracepoint (Edward Wu) \n- random: schedule mix_interrupt_randomness() less often (Jason A. Donenfeld) \n- vt: drop old FONT ioctls (Jiri Slaby) \n- Linux 4.14.285 (Greg Kroah-Hartman) \n- tcp: drop the hash_32() part from the index calculation (Willy Tarreau) \n- tcp: increase source port perturb table to 2^16 (Willy Tarreau) \n- tcp: dynamically allocate the perturb table used by source ports (Willy Tarreau) \n- tcp: add small random increments to the source port (Willy Tarreau) \n- tcp: use different parts of the port_offset for index and offset (Willy Tarreau) \n- tcp: add some entropy in __inet_hash_connect() (Eric Dumazet) \n- xprtrdma: fix incorrect header size calculations (Colin Ian King) \n- usb: gadget: u_ether: fix regression in setting fixed MAC address (Marian Postevca) \n- s390/mm: use non-quiescing sske for KVM switch to keyed guest (Christian Borntraeger) \n- virtio-pci: Remove wrong address verification in vp_del_vqs() (Murilo Opsfelder Araujo) \n- ext4: add reserved GDT blocks check (Zhang Yi) \n- ext4: make variable 'count' signed (Ding Xiang) \n- ext4: fix bug_on ext4_mb_use_inode_pa (Baokun Li) \n- serial: 8250: Store to lsr_save_flags after lsr read (Ilpo Jarvinen) \n- usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (Miaoqian Lin) \n- usb: dwc2: Fix memory leak in dwc2_hcd_init (Miaoqian Lin) \n- USB: serial: io_ti: add Agilent E5805A support (Robert Eckelmann) \n- USB: serial: option: add support for Cinterion MV31 with new baseline (Slark Xiao) \n- comedi: vmk80xx: fix expression for tx buffer size (Ian Abbott) \n- irqchip/gic/realview: Fix refcount leak in realview_gic_of_init (Miaoqian Lin) \n- certs/blacklist_hashes.c: fix const confusion in certs blacklist (Masahiro Yamada) \n- arm64: ftrace: fix branch range checks (Mark Rutland) \n- net: bgmac: Fix an erroneous kfree() in bgmac_remove() (Christophe JAILLET) \n- misc: atmel-ssc: Fix IRQ check in ssc_probe (Miaoqian Lin) \n- tty: goldfish: Fix free_irq() on remove (Vincent Whitchurch) \n- i40e: Fix call trace in setup_tx_descriptors (Aleksandr Loktionov) \n- pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (Trond Myklebust) \n- random: credit cpu and bootloader seeds by default (Jason A. Donenfeld) \n- net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag (Chen Lin) \n- ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg (Wang Yufen) \n- nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (Xiaohui Zhang) \n- virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (chengkaitao) \n- scsi: pmcraid: Fix missing resource cleanup in error case (Chengguang Xu) \n- scsi: ipr: Fix missing/incorrect resource cleanup in error case (Chengguang Xu) \n- scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (James Smart) \n- scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (Wentao Wang) \n- ASoC: wm8962: Fix suspend while playing music (Adam Ford) \n- ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (Sergey Shtylyov) \n- ASoC: cs42l56: Correct typo in minimum level for SX volume controls (Charles Keepax) \n- ASoC: cs42l52: Correct TLV for Bypass Volume (Charles Keepax) \n- ASoC: cs53l30: Correct number of volume levels on SX controls (Charles Keepax) \n- ASoC: cs42l52: Fix TLV scales for mixer controls (Charles Keepax) \n- random: account for arch randomness in bits (Jason A. Donenfeld) \n- random: mark bootloader randomness code as __init (Jason A. Donenfeld) \n- random: avoid checking crng_ready() twice in random_init() (Jason A. Donenfeld) \n- crypto: drbg - make reseeding from get_random_bytes() synchronous (Nicolai Stange) \n- crypto: drbg - always try to free Jitter RNG instance (Stephan Muller) \n- crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed() (Nicolai Stange) \n- crypto: drbg - track whether DRBG was seeded with !rng_is_initialized() (Nicolai Stange) \n- crypto: drbg - prepare for more fine-grained tracking of seeding state (Nicolai Stange) \n- crypto: drbg - always seeded with SP800-90B compliant noise source (Stephan Muller) \n- crypto: drbg - add FIPS 140-2 CTRNG for noise source (Stephan Mueller) \n- Revert 'random: use static branch for crng_ready()' (Jason A. Donenfeld) \n- random: check for signals after page of pool writes (Jason A. Donenfeld) \n- random: wire up fops->splice_{read,write}_iter() (Jens Axboe) \n- random: convert to using fops->write_iter() (Jens Axboe) \n- random: move randomize_page() into mm where it belongs (Jason A. Donenfeld) \n- random: move initialization functions out of hot pages (Jason A. Donenfeld) \n- random: use proper jiffies comparison macro (Jason A. Donenfeld) \n- random: use symbolic constants for crng_init states (Jason A. Donenfeld) \n- siphash: use one source of truth for siphash permutations (Jason A. Donenfeld) \n- random: help compiler out with fast_mix() by using simpler arguments (Jason A. Donenfeld) \n- random: do not use input pool from hard IRQs (Saeed Mirzamohammadi) \n- random: order timer entropy functions below interrupt functions (Jason A. Donenfeld) \n- random: do not pretend to handle premature next security model (Jason A. Donenfeld) \n- random: do not use batches when !crng_ready() (Jason A. Donenfeld) \n- random: insist on random_get_entropy() existing in order to simplify (Jason A. Donenfeld) \n- xtensa: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- sparc: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- um: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- x86/tsc: Use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- nios2: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- arm: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- mips: use fallback for random_get_entropy() instead of just c0 random (Jason A. Donenfeld) \n- m68k: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- timekeeping: Add raw clock fallback for random_get_entropy() (Jason A. Donenfeld) \n- powerpc: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- alpha: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- parisc: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- s390: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- ia64: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- init: call time_init() before rand_initialize() (Jason A. Donenfeld) \n- random: fix sysctl documentation nits (Jason A. Donenfeld) \n- random: document crng_fast_key_erasure() destination possibility (Jason A. Donenfeld) \n- random: make random_get_entropy() return an unsigned long (Jason A. Donenfeld) \n- random: check for signals every PAGE_SIZE chunk of /dev/[u]random (Jason A. Donenfeld) \n- random: check for signal_pending() outside of need_resched() check (Jann Horn) \n- random: do not allow user to keep crng key around on stack (Jason A. Donenfeld) \n- random: do not split fast init input in add_hwgenerator_randomness() (Jan Varho) \n- random: mix build-time latent entropy into pool at init (Jason A. Donenfeld) \n- random: re-add removed comment about get_random_{u32,u64} reseeding (Jason A. Donenfeld) \n- random: treat bootloader trust toggle the same way as cpu trust toggle (Jason A. Donenfeld) \n- random: skip fast_init if hwrng provides large chunk of entropy (Jason A. Donenfeld) \n- random: check for signal and try earlier when generating entropy (Jason A. Donenfeld) \n- random: reseed more often immediately after booting (Jason A. Donenfeld) \n- random: make consistent usage of crng_ready() (Jason A. Donenfeld) \n- random: use SipHash as interrupt entropy accumulator (Jason A. Donenfeld) \n- random: replace custom notifier chain with standard one (Jason A. Donenfeld) \n- random: don't let 644 read-only sysctls be written to (Jason A. Donenfeld) \n- random: give sysctl_random_min_urandom_seed a more sensible value (Jason A. Donenfeld) \n- random: do crng pre-init loading in worker rather than irq (Jason A. Donenfeld) \n- random: unify cycles_t and jiffies usage and types (Jason A. Donenfeld) \n- random: cleanup UUID handling (Jason A. Donenfeld) \n- random: only wake up writers after zap if threshold was passed (Jason A. Donenfeld) \n- random: round-robin registers as ulong, not u32 (Jason A. Donenfeld) \n- random: pull add_hwgenerator_randomness() declaration into random.h (Jason A. Donenfeld) \n- random: check for crng_init == 0 in add_device_randomness() (Jason A. Donenfeld) \n- random: unify early init crng load accounting (Jason A. Donenfeld) \n- random: do not take pool spinlock at boot (Jason A. Donenfeld) \n- random: defer fast pool mixing to worker (Jason A. Donenfeld) \n- random: rewrite header introductory comment (Jason A. Donenfeld) \n- random: group sysctl functions (Jason A. Donenfeld) \n- random: group userspace read/write functions (Jason A. Donenfeld) \n- random: group entropy collection functions (Jason A. Donenfeld) \n- random: group entropy extraction functions (Jason A. Donenfeld) \n- random: remove useless header comment (Jason A. Donenfeld) \n- random: introduce drain_entropy() helper to declutter crng_reseed() (Jason A. Donenfeld) \n- random: deobfuscate irq u32/u64 contributions (Jason A. Donenfeld) \n- random: add proper SPDX header (Jason A. Donenfeld) \n- random: remove unused tracepoints (Jason A. Donenfeld) \n- random: remove ifdef'd out interrupt bench (Jason A. Donenfeld) \n- random: tie batched entropy generation to base_crng generation (Jason A. Donenfeld) \n- random: zero buffer after reading entropy from userspace (Jason A. Donenfeld) \n- random: remove outdated INT_MAX >> 6 check in urandom_read() (Jason A. Donenfeld) \n- random: use hash function for crng_slow_load() (Jason A. Donenfeld) \n- random: absorb fast pool into input pool after fast load (Jason A. Donenfeld) \n- random: do not xor RDRAND when writing into /dev/random (Jason A. Donenfeld) \n- random: ensure early RDSEED goes through mixer on init (Jason A. Donenfeld) \n- random: inline leaves of rand_initialize() (Jason A. Donenfeld) \n- random: use RDSEED instead of RDRAND in entropy extraction (Jason A. Donenfeld) \n- random: fix locking in crng_fast_load() (Dominik Brodowski) \n- random: remove batched entropy locking (Jason A. Donenfeld) \n- random: remove use_input_pool parameter from crng_reseed() (Eric Biggers) \n- random: make credit_entropy_bits() always safe (Jason A. Donenfeld) \n- random: always wake up entropy writers after extraction (Jason A. Donenfeld) \n- random: use linear min-entropy accumulation crediting (Jason A. Donenfeld) \n- random: simplify entropy debiting (Jason A. Donenfeld) \n- random: use computational hash for entropy extraction (Jason A. Donenfeld) \n- random: only call crng_finalize_init() for primary_crng (Dominik Brodowski) \n- random: access primary_pool directly rather than through pointer (Dominik Brodowski) \n- random: continually use hwgenerator randomness (Dominik Brodowski) \n- random: simplify arithmetic function flow in account() (Jason A. Donenfeld) \n- random: access input_pool_data directly rather than through pointer (Jason A. Donenfeld) \n- random: cleanup fractional entropy shift constants (Jason A. Donenfeld) \n- random: prepend remaining pool constants with POOL_ (Jason A. Donenfeld) \n- random: de-duplicate INPUT_POOL constants (Jason A. Donenfeld) \n- random: remove unused OUTPUT_POOL constants (Jason A. Donenfeld) \n- random: rather than entropy_store abstraction, use global (Jason A. Donenfeld) \n- random: try to actively add entropy rather than passively wait for it (Linus Torvalds) \n- random: remove unused extract_entropy() reserved argument (Jason A. Donenfeld) \n- random: remove incomplete last_data logic (Jason A. Donenfeld) \n- random: cleanup integer types (Jason A. Donenfeld) \n- crypto: chacha20 - Fix chacha20_block() keystream alignment (again) (Eric Biggers) \n- random: cleanup poolinfo abstraction (Jason A. Donenfeld) \n- random: fix typo in comments (Schspa Shi) \n- random: don't reset crng_init_cnt on urandom_read() (Jann Horn) \n- random: avoid superfluous call to RDRAND in CRNG extraction (Jason A. Donenfeld) \n- random: early initialization of ChaCha constants (Dominik Brodowski) \n- random: initialize ChaCha20 constants with correct endianness (Eric Biggers) \n- random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs (Jason A. Donenfeld) \n- random: harmonize 'crng init done' messages (Dominik Brodowski) \n- random: mix bootloader randomness into pool (Jason A. Donenfeld) \n- random: do not re-init if crng_reseed completes before primary init (Jason A. Donenfeld) \n- random: do not sign extend bytes for rotation when mixing (Jason A. Donenfeld) \n- random: use BLAKE2s instead of SHA1 in extraction (Jason A. Donenfeld) \n- random: remove unused irq_flags argument from add_interrupt_randomness() (Saeed Mirzamohammadi) \n- random: document add_hwgenerator_randomness() with other input functions (Mark Brown) \n- crypto: blake2s - adjust include guard naming (Eric Biggers) \n(Eric Biggers) \n- MAINTAINERS: co-maintain random.c (Jason A. Donenfeld) \n- random: remove dead code left over from blocking pool (Eric Biggers) \n- random: avoid arch_get_random_seed_long() when collecting IRQ randomness (Ard Biesheuvel) \n- random: add arch_get_random_*long_early() (Mark Rutland) \n- powerpc: Use bool in archrandom.h (Richard Henderson) \n- linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check (Richard Henderson) \n- linux/random.h: Use false with bool (Richard Henderson) \n- linux/random.h: Remove arch_has_random, arch_has_random_seed (Richard Henderson) \n- s390: Remove arch_has_random, arch_has_random_seed (Richard Henderson) \n- powerpc: Remove arch_has_random, arch_has_random_seed (Richard Henderson) \n- x86: Remove arch_has_random, arch_has_random_seed (Richard Henderson) \n- random: avoid warnings for !CONFIG_NUMA builds (Mark Rutland) \n- random: split primary/secondary crng init paths (Mark Rutland) \n- random: remove some dead code of poolinfo (Yangtao Li) \n- random: fix typo in add_timer_randomness() (Yangtao Li) \n- random: Add and use pr_fmt() (Yangtao Li) \n- random: convert to ENTROPY_BITS for better code readability (Yangtao Li) \n- random: remove unnecessary unlikely() (Yangtao Li) \n- random: remove kernel.random.read_wakeup_threshold (Andy Lutomirski) \n- random: delete code to pull data into pools (Andy Lutomirski) \n- random: remove the blocking pool (Andy Lutomirski) \n- random: fix crash on multiple early calls to add_bootloader_randomness() (Dominik Brodowski) \n- char/random: silence a lockdep splat with printk() (Sergey Senozhatsky) \n- random: make /dev/random be almost like /dev/urandom (Andy Lutomirski) \n- random: ignore GRND_RANDOM in getentropy(2) (Andy Lutomirski) \n- random: add GRND_INSECURE to return best-effort non-cryptographic bytes (Andy Lutomirski) \n- random: Add a urandom_read_nowait() for random APIs that don't warn (Andy Lutomirski) \n- random: Don't wake crng_init_wait when crng_init == 1 (Andy Lutomirski) \n- lib/crypto: sha1: re-roll loops to reduce code size (Jason A. Donenfeld) \n- lib/crypto: blake2s: move hmac construction into wireguard (Jason A. Donenfeld) \n- crypto: blake2s - generic C library implementation and selftest (Jason A. Donenfeld) \n- crypto: Deduplicate le32_to_cpu_array() and cpu_to_le32_array() (Andy Shevchenko) \n- Revert 'hwrng: core - Freeze khwrng thread during suspend' (Herbert Xu) \n- char/random: Add a newline at the end of the file (Borislav Petkov) \n- random: Use wait_event_freezable() in add_hwgenerator_randomness() (Stephen Boyd) \n- fdt: add support for rng-seed (Hsin-Yi Wang) \n- random: Support freezable kthreads in add_hwgenerator_randomness() (Stephen Boyd) \n- random: fix soft lockup when trying to read from an uninitialized blocking pool (Theodore Ts'o) \n- latent_entropy: avoid build error when plugin cflags are not set (Vasily Gorbik) \n- random: document get_random_int() family (George Spelvin) \n- random: move rand_initialize() earlier (Kees Cook) \n- random: only read from /dev/random after its pool has received 128 bits (Theodore Ts'o) \n- drivers/char/random.c: make primary_crng static (Rasmus Villemoes) \n- drivers/char/random.c: remove unused stuct poolinfo::poolbits (Rasmus Villemoes) \n- drivers/char/random.c: constify poolinfo_table (Rasmus Villemoes) \n- random: make CPU trust a boot parameter (Kees Cook) \n- random: Make crng state queryable (Jason A. Donenfeld) \n- random: remove preempt disabled region (Ingo Molnar) \n- random: add a config option to trust the CPU's hwrng (Theodore Ts'o) \n- random: Return nbytes filled from hw RNG (Tobin C. Harding) \n- random: Fix whitespace pre random-bytes work (Tobin C. Harding) \n- drivers/char/random.c: remove unused dont_count_entropy (Rasmus Villemoes) \n- random: optimize add_interrupt_randomness (Andi Kleen) \n- random: always fill buffer in get_random_bytes_wait (Jason A. Donenfeld) \n- crypto: chacha20 - Fix keystream alignment for chacha20_block() (Eric Biggers) \n- 9p: missing chunk of 'fs/9p: Don't update file type when updating file attributes' (Al Viro)\n[4.14.35-2047.517.0]\n- mpt3sas: Fix panic observed while accessing the hw ctx queue (Gulam Mohamed) [Orabug: 34446738] \n- driver: marvell: mmc: Add new bus modes overrides from DT (Wojciech Bartczak) [Orabug: 34440004] \n- octeontx2: mmc: Adds mechanism to modify all MMC bus modes timings (Wojciech Bartczak) [Orabug: 34440004] \n- rds/rdma: correctly assign the dest qp num in rds ib connection (Rohit Nair) [Orabug: 34429478] \n- Revert 'uek-rpm: Enable config CONFIG_SCSI_MQ_DEFAULT' (Gulam Mohamed) [Orabug: 34419153] \n- net/rds : Adding support to print SCQ and RCQ completion vectors in rds-info. (Anand Khoje) [Orabug: 34398210] \n- IB/mlx5: Disable BME for unbound devices too (Hakon Bugge) [Orabug: 34395378] \n- net/mlx5: Rearm the FW tracer after each tracer event (Feras Daoud) [Orabug: 34387281] \n- net/mlx5: FW tracer, Add debug prints (Saeed Mahameed) [Orabug: 34387281] \n- perf script: Fix crash because of missing evsel->priv (Ravi Bangoria) [Orabug: 34382257] \n- net/rds: Fix a NULL dereference in rds_tcp_accept_one() (Harshit Mogalapalli) [Orabug: 34371946] \n- ocfs2: kill EBUSY from dlmfs_evict_inode (Junxiao Bi) [Orabug: 34364338] \n- ocfs2: dlmfs: don't clear USER_LOCK_ATTACHED when destroying lock (Junxiao Bi) [Orabug: 34364338] \n- rds: ib: Qualify RNR Retry Timer check with firmware version (Freddy Carrillo) [Orabug: 33665743]", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-16T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-21385", "CVE-2022-21546", "CVE-2022-2588"], "modified": "2022-09-16T00:00:00", "id": "ELSA-2022-9787", "href": "http://linux.oracle.com/errata/ELSA-2022-9787.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-16T00:43:27", "description": "[4.14.35-2047.517.3.el7]\n- KVM: x86: use raw clock values consistently (Paolo Bonzini) [Orabug: 34575637]\n- KVM: x86: reorganize pvclock_gtod_data members (Paolo Bonzini) [Orabug: 34575637]\n- KVM: x86: switch KVMCLOCK base to monotonic raw clock (Marcelo Tosatti) [Orabug: 34575637]\n[4.14.35-2047.517.2.el7]\n- kernfs: Replace global kernfs_open_file_mutex with hashed mutexes. (Imran Khan) [Orabug: 34476942]\n- kernfs: Introduce interface to access global kernfs_open_file_mutex. (Imran Khan) [Orabug: 34476942]\n- kernfs: make ->attr.open RCU protected. (Imran Khan) [Orabug: 34476942]\n- kernfs: Rename kernfs_put_open_node to kernfs_unlink_open_file. (Imran Khan) [Orabug: 34476942]\n- kernfs: Remove reference counting for kernfs_open_node. (Imran Khan) [Orabug: 34476942]\n- scsi: target: Fix WRITE_SAME No Data Buffer crash (Mike Christie) [Orabug: 34419972] {CVE-2022-21546}\n- rds/rdma: destroy CQs during user initiated rds connection resets (Rohit Nair) [Orabug: 34414240]\n- rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 34510858] {CVE-2022-21385}\n[4.14.35-2047.517.1.el7]\n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34480752] {CVE-2022-2588}\n- Restore 'module, async: async_synchronize_full() on module init iff async is used' (Mridula Shastry) [Orabug: 34469834]\n- net/rds: Replace #ifdef DEBUG with CONFIG_SLUB_DEBUG (Freddy Carrillo) [Orabug: 34405766]\n- ext4: Move to shared i_rwsem even without dioread_nolock mount opt (Ritesh Harjani) [Orabug: 34295843]\n- ext4: Start with shared i_rwsem in case of DIO instead of exclusive (Ritesh Harjani) [Orabug: 34295843]\n- ext4: further refactoring bufferio and dio helper (Junxiao Bi) [Orabug: 34295843]\n- ext4: refactor ext4_file_write_iter (Junxiao Bi) [Orabug: 34295843]\n- xen/manage: Use orderly_reboot() to reboot (Ross Lagerwall) [Orabug: 34211118]\n- xen/manage: revert 'xen/manage: enable C_A_D to force reboot' (Dongli Zhang) [Orabug: 34211118]\n- Linux 4.14.288 (Greg Kroah-Hartman) \n- dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (Miaoqian Lin) \n- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (Miaoqian Lin) \n- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (Michael Walle) \n- ida: don't use BUG_ON() for debugging (Linus Torvalds) \n- i2c: cadence: Unregister the clk notifier in error path (Satish Nagireddy) \n- pinctrl: sunxi: a83t: Fix NAND function name for some pins (Samuel Holland) \n- xfs: remove incorrect ASSERT in xfs_rename (Eric Sandeen) \n- powerpc/powernv: delay rng platform device creation until later in boot (Jason A. Donenfeld) \n- video: of_display_timing.h: include errno.h (Hsin-Yi Wang) \n- fbcon: Disallow setting font bigger than screen size (Helge Deller) \n- iommu/vt-d: Fix PCI bus rescan device hot add (Yian Chen) \n- net: rose: fix UAF bug caused by rose_t0timer_expiry (Duoming Zhou) \n- usbnet: fix memory leak in error case (Oliver Neukum) \n- can: gs_usb: gs_usb_open/close(): fix memory leak (Rhett Aultman) \n- can: grcan: grcan_probe(): remove extra of_node_get() (Liang He) \n- mm/slub: add missing TID updates on slab deactivation (Jann Horn) \n- esp: limit skb_page_frag_refill use to a single page (Sabrina Dubroca) \n- Linux 4.14.287 (Greg Kroah-Hartman) \n- xen/gntdev: Avoid blocking in unmap_grant_pages() (Demi Marie Obenour) \n- net: usb: qmi_wwan: add Telit 0x1070 composition (Daniele Palmas) \n- net: usb: qmi_wwan: add Telit 0x1060 composition (Carlo Lobrano) \n- xen/arm: Fix race in RB-tree based P2M accounting (Oleksandr Tyshchenko) {CVE-2022-33744}\n- net: Rename and export copy_skb_header (Ilya Lesokhin) \n- ipv6/sit: fix ipip6_tunnel_get_prl return value (katrinzhou) \n- sit: use min (kernel test robot) \n- hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails (Yang Yingliang) \n- NFC: nxp-nci: Don't issue a zero length i2c_master_read() (Michael Walle) \n- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- net: bonding: fix use-after-free after 802.3ad slave unbind (Yevhen Orlov) \n- net: bonding: fix possible NULL deref in rlb code (Eric Dumazet) \n- netfilter: nft_dynset: restore set element counter when failing to update (Pablo Neira Ayuso) \n- caif_virtio: fix race between virtio_device_ready() and ndo_open() (Jason Wang) \n- net: ipv6: unexport __init-annotated seg6_hmac_net_init() (YueHaibing) \n- usbnet: fix memory allocation in helpers (Oliver Neukum) \n- RDMA/qedr: Fix reporting QP timeout attribute (Kamal Heib) \n- net: usb: ax88179_178a: Fix packet receiving (Jose Alonso) \n- net: rose: fix UAF bugs caused by timer handler (Duoming Zhou) \n- SUNRPC: Fix READ_PLUS crasher (Chuck Lever) \n- s390/archrandom: simplify back to earlier design and initialize earlier (Jason A. Donenfeld) \n- dm raid: fix KASAN warning in raid5_add_disks (Mikulas Patocka) \n- dm raid: fix accesses beyond end of raid member array (Heinz Mauelshagen) \n- nvdimm: Fix badblocks clear off-by-one error (Chris Ye) \n- Linux 4.14.286 (Greg Kroah-Hartman) \n- swiotlb: skip swiotlb_bounce when orig_addr is zero (Liu Shixin) \n- kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (Naveen N. Rao) \n- fdt: Update CRC check for rng-seed (Hsin-Yi Wang) \n- xen: unexport __init-annotated xen_xlate_map_ballooned_pages() (Masahiro Yamada) \n- drm: remove drm_fb_helper_modinit (Christoph Hellwig) \n- powerpc/pseries: wire up rng during setup_arch() (Jason A. Donenfeld) \n- modpost: fix section mismatch check for exported init/exit sections (Masahiro Yamada) \n- ARM: cns3xxx: Fix refcount leak in cns3xxx_init (Miaoqian Lin) \n- ARM: Fix refcount leak in axxia_boot_secondary (Miaoqian Lin) \n- ARM: exynos: Fix refcount leak in exynos_map_pmu (Miaoqian Lin) \n- ARM: dts: imx6qdl: correct PU regulator ramp delay (Lucas Stach) \n- powerpc/powernv: wire up rng during setup_arch (Jason A. Donenfeld) \n- powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (Andrew Donnellan) \n- powerpc: Enable execve syscall exit tracepoint (Naveen N. Rao) \n- xtensa: Fix refcount leak bug in time.c (Liang He) \n- xtensa: xtfpga: Fix refcount leak bug in setup (Liang He) \n- iio: adc: axp288: Override TS pin bias current for some models (Hans de Goede) \n- iio: trigger: sysfs: fix use-after-free on remove (Vincent Whitchurch) \n- iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (Zheyu Ma) \n- iio: accel: mma8452: ignore the return value of reset operation (Haibo Chen) \n- iio:accel:bma180: rearrange iio trigger get and register (Dmitry Rokosov) \n- usb: chipidea: udc: check request status before setting device address (Xu Yang) \n- iio: adc: vf610: fix conversion mode sysfs node name (Baruch Siach) \n- igb: Make DMA faster when CPU is active on the PCIe link (Kai-Heng Feng) \n- MIPS: Remove repetitive increase irq_err_count (huhai) \n- x86/xen: Remove undefined behavior in setup_features() (Julien Grall) \n- bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (Jay Vosburgh) \n- USB: serial: option: add Quectel RM500K module support (Macpaul Lin) \n- USB: serial: option: add Quectel EM05-G modem (Yonglin Tan) \n- USB: serial: option: add Telit LE910Cx 0x1250 composition (Carlo Lobrano) \n- random: quiet urandom warning ratelimit suppression message (Jason A. Donenfeld) \n- dm era: commit metadata in postsuspend after worker stops (Nikos Tsironis) \n- ata: libata: add qc->flags in ata_qc_complete_template tracepoint (Edward Wu) \n- random: schedule mix_interrupt_randomness() less often (Jason A. Donenfeld) \n- vt: drop old FONT ioctls (Jiri Slaby) \n- Linux 4.14.285 (Greg Kroah-Hartman) \n- tcp: drop the hash_32() part from the index calculation (Willy Tarreau) \n- tcp: increase source port perturb table to 2^16 (Willy Tarreau) \n- tcp: dynamically allocate the perturb table used by source ports (Willy Tarreau) \n- tcp: add small random increments to the source port (Willy Tarreau) \n- tcp: use different parts of the port_offset for index and offset (Willy Tarreau) \n- tcp: add some entropy in __inet_hash_connect() (Eric Dumazet) \n- xprtrdma: fix incorrect header size calculations (Colin Ian King) \n- usb: gadget: u_ether: fix regression in setting fixed MAC address (Marian Postevca) \n- s390/mm: use non-quiescing sske for KVM switch to keyed guest (Christian Borntraeger) \n- virtio-pci: Remove wrong address verification in vp_del_vqs() (Murilo Opsfelder Araujo) \n- ext4: add reserved GDT blocks check (Zhang Yi) \n- ext4: make variable 'count' signed (Ding Xiang) \n- ext4: fix bug_on ext4_mb_use_inode_pa (Baokun Li) \n- serial: 8250: Store to lsr_save_flags after lsr read (Ilpo Jarvinen) \n- usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (Miaoqian Lin) \n- usb: dwc2: Fix memory leak in dwc2_hcd_init (Miaoqian Lin) \n- USB: serial: io_ti: add Agilent E5805A support (Robert Eckelmann) \n- USB: serial: option: add support for Cinterion MV31 with new baseline (Slark Xiao) \n- comedi: vmk80xx: fix expression for tx buffer size (Ian Abbott) \n- irqchip/gic/realview: Fix refcount leak in realview_gic_of_init (Miaoqian Lin) \n- certs/blacklist_hashes.c: fix const confusion in certs blacklist (Masahiro Yamada) \n- arm64: ftrace: fix branch range checks (Mark Rutland) \n- net: bgmac: Fix an erroneous kfree() in bgmac_remove() (Christophe JAILLET) \n- misc: atmel-ssc: Fix IRQ check in ssc_probe (Miaoqian Lin) \n- tty: goldfish: Fix free_irq() on remove (Vincent Whitchurch) \n- i40e: Fix call trace in setup_tx_descriptors (Aleksandr Loktionov) \n- pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (Trond Myklebust) \n- random: credit cpu and bootloader seeds by default (Jason A. Donenfeld) \n- net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag (Chen Lin) \n- ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg (Wang Yufen) \n- nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (Xiaohui Zhang) \n- virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (chengkaitao) \n- scsi: pmcraid: Fix missing resource cleanup in error case (Chengguang Xu) \n- scsi: ipr: Fix missing/incorrect resource cleanup in error case (Chengguang Xu) \n- scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (James Smart) \n- scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (Wentao Wang) \n- ASoC: wm8962: Fix suspend while playing music (Adam Ford) \n- ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (Sergey Shtylyov) \n- ASoC: cs42l56: Correct typo in minimum level for SX volume controls (Charles Keepax) \n- ASoC: cs42l52: Correct TLV for Bypass Volume (Charles Keepax) \n- ASoC: cs53l30: Correct number of volume levels on SX controls (Charles Keepax) \n- ASoC: cs42l52: Fix TLV scales for mixer controls (Charles Keepax) \n- random: account for arch randomness in bits (Jason A. Donenfeld) \n- random: mark bootloader randomness code as __init (Jason A. Donenfeld) \n- random: avoid checking crng_ready() twice in random_init() (Jason A. Donenfeld) \n- crypto: drbg - make reseeding from get_random_bytes() synchronous (Nicolai Stange) \n- crypto: drbg - always try to free Jitter RNG instance (Stephan Muller) \n- crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed() (Nicolai Stange) \n- crypto: drbg - track whether DRBG was seeded with !rng_is_initialized() (Nicolai Stange) \n- crypto: drbg - prepare for more fine-grained tracking of seeding state (Nicolai Stange) \n- crypto: drbg - always seeded with SP800-90B compliant noise source (Stephan Muller) \n- crypto: drbg - add FIPS 140-2 CTRNG for noise source (Stephan Mueller) \n- Revert 'random: use static branch for crng_ready()' (Jason A. Donenfeld) \n- random: check for signals after page of pool writes (Jason A. Donenfeld) \n- random: wire up fops->splice_{read,write}_iter() (Jens Axboe) \n- random: convert to using fops->write_iter() (Jens Axboe) \n- random: move randomize_page() into mm where it belongs (Jason A. Donenfeld) \n- random: move initialization functions out of hot pages (Jason A. Donenfeld) \n- random: use proper jiffies comparison macro (Jason A. Donenfeld) \n- random: use symbolic constants for crng_init states (Jason A. Donenfeld) \n- siphash: use one source of truth for siphash permutations (Jason A. Donenfeld) \n- random: help compiler out with fast_mix() by using simpler arguments (Jason A. Donenfeld) \n- random: do not use input pool from hard IRQs (Saeed Mirzamohammadi) \n- random: order timer entropy functions below interrupt functions (Jason A. Donenfeld) \n- random: do not pretend to handle premature next security model (Jason A. Donenfeld) \n- random: do not use batches when !crng_ready() (Jason A. Donenfeld) \n- random: insist on random_get_entropy() existing in order to simplify (Jason A. Donenfeld) \n- xtensa: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- sparc: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- um: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- x86/tsc: Use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- nios2: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- arm: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- mips: use fallback for random_get_entropy() instead of just c0 random (Jason A. Donenfeld) \n- m68k: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- timekeeping: Add raw clock fallback for random_get_entropy() (Jason A. Donenfeld) \n- powerpc: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- alpha: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- parisc: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- s390: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- ia64: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- init: call time_init() before rand_initialize() (Jason A. Donenfeld) \n- random: fix sysctl documentation nits (Jason A. Donenfeld) \n- random: document crng_fast_key_erasure() destination possibility (Jason A. Donenfeld) \n- random: make random_get_entropy() return an unsigned long (Jason A. Donenfeld) \n- random: check for signals every PAGE_SIZE chunk of /dev/[u]random (Jason A. Donenfeld) \n- random: check for signal_pending() outside of need_resched() check (Jann Horn) \n- random: do not allow user to keep crng key around on stack (Jason A. Donenfeld) \n- random: do not split fast init input in add_hwgenerator_randomness() (Jan Varho) \n- random: mix build-time latent entropy into pool at init (Jason A. Donenfeld) \n- random: re-add removed comment about get_random_{u32,u64} reseeding (Jason A. Donenfeld) \n- random: treat bootloader trust toggle the same way as cpu trust toggle (Jason A. Donenfeld) \n- random: skip fast_init if hwrng provides large chunk of entropy (Jason A. Donenfeld) \n- random: check for signal and try earlier when generating entropy (Jason A. Donenfeld) \n- random: reseed more often immediately after booting (Jason A. Donenfeld) \n- random: make consistent usage of crng_ready() (Jason A. Donenfeld) \n- random: use SipHash as interrupt entropy accumulator (Jason A. Donenfeld) \n- random: replace custom notifier chain with standard one (Jason A. Donenfeld) \n- random: don't let 644 read-only sysctls be written to (Jason A. Donenfeld) \n- random: give sysctl_random_min_urandom_seed a more sensible value (Jason A. Donenfeld) \n- random: do crng pre-init loading in worker rather than irq (Jason A. Donenfeld) \n- random: unify cycles_t and jiffies usage and types (Jason A. Donenfeld) \n- random: cleanup UUID handling (Jason A. Donenfeld) \n- random: only wake up writers after zap if threshold was passed (Jason A. Donenfeld) \n- random: round-robin registers as ulong, not u32 (Jason A. Donenfeld) \n- random: pull add_hwgenerator_randomness() declaration into random.h (Jason A. Donenfeld) \n- random: check for crng_init == 0 in add_device_randomness() (Jason A. Donenfeld) \n- random: unify early init crng load accounting (Jason A. Donenfeld) \n- random: do not take pool spinlock at boot (Jason A. Donenfeld) \n- random: defer fast pool mixing to worker (Jason A. Donenfeld) \n- random: rewrite header introductory comment (Jason A. Donenfeld) \n- random: group sysctl functions (Jason A. Donenfeld) \n- random: group userspace read/write functions (Jason A. Donenfeld) \n- random: group entropy collection functions (Jason A. Donenfeld) \n- random: group entropy extraction functions (Jason A. Donenfeld) \n- random: remove useless header comment (Jason A. Donenfeld) \n- random: introduce drain_entropy() helper to declutter crng_reseed() (Jason A. Donenfeld) \n- random: deobfuscate irq u32/u64 contributions (Jason A. Donenfeld) \n- random: add proper SPDX header (Jason A. Donenfeld) \n- random: remove unused tracepoints (Jason A. Donenfeld) \n- random: remove ifdef'd out interrupt bench (Jason A. Donenfeld) \n- random: tie batched entropy generation to base_crng generation (Jason A. Donenfeld) \n- random: zero buffer after reading entropy from userspace (Jason A. Donenfeld) \n- random: remove outdated INT_MAX >> 6 check in urandom_read() (Jason A. Donenfeld) \n- random: use hash function for crng_slow_load() (Jason A. Donenfeld) \n- random: absorb fast pool into input pool after fast load (Jason A. Donenfeld) \n- random: do not xor RDRAND when writing into /dev/random (Jason A. Donenfeld) \n- random: ensure early RDSEED goes through mixer on init (Jason A. Donenfeld) \n- random: inline leaves of rand_initialize() (Jason A. Donenfeld) \n- random: use RDSEED instead of RDRAND in entropy extraction (Jason A. Donenfeld) \n- random: fix locking in crng_fast_load() (Dominik Brodowski) \n- random: remove batched entropy locking (Jason A. Donenfeld) \n- random: remove use_input_pool parameter from crng_reseed() (Eric Biggers) \n- random: make credit_entropy_bits() always safe (Jason A. Donenfeld) \n- random: always wake up entropy writers after extraction (Jason A. Donenfeld) \n- random: use linear min-entropy accumulation crediting (Jason A. Donenfeld) \n- random: simplify entropy debiting (Jason A. Donenfeld) \n- random: use computational hash for entropy extraction (Jason A. Donenfeld) \n- random: only call crng_finalize_init() for primary_crng (Dominik Brodowski) \n- random: access primary_pool directly rather than through pointer (Dominik Brodowski) \n- random: continually use hwgenerator randomness (Dominik Brodowski) \n- random: simplify arithmetic function flow in account() (Jason A. Donenfeld) \n- random: access input_pool_data directly rather than through pointer (Jason A. Donenfeld) \n- random: cleanup fractional entropy shift constants (Jason A. Donenfeld) \n- random: prepend remaining pool constants with POOL_ (Jason A. Donenfeld) \n- random: de-duplicate INPUT_POOL constants (Jason A. Donenfeld) \n- random: remove unused OUTPUT_POOL constants (Jason A. Donenfeld) \n- random: rather than entropy_store abstraction, use global (Jason A. Donenfeld) \n- random: try to actively add entropy rather than passively wait for it (Linus Torvalds) \n- random: remove unused extract_entropy() reserved argument (Jason A. Donenfeld) \n- random: remove incomplete last_data logic (Jason A. Donenfeld) \n- random: cleanup integer types (Jason A. Donenfeld) \n- crypto: chacha20 - Fix chacha20_block() keystream alignment (again) (Eric Biggers) \n- random: cleanup poolinfo abstraction (Jason A. Donenfeld) \n- random: fix typo in comments (Schspa Shi) \n- random: don't reset crng_init_cnt on urandom_read() (Jann Horn) \n- random: avoid superfluous call to RDRAND in CRNG extraction (Jason A. Donenfeld) \n- random: early initialization of ChaCha constants (Dominik Brodowski) \n- random: initialize ChaCha20 constants with correct endianness (Eric Biggers) \n- random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs (Jason A. Donenfeld) \n- random: harmonize 'crng init done' messages (Dominik Brodowski) \n- random: mix bootloader randomness into pool (Jason A. Donenfeld) \n- random: do not re-init if crng_reseed completes before primary init (Jason A. Donenfeld) \n- random: do not sign extend bytes for rotation when mixing (Jason A. Donenfeld) \n- random: use BLAKE2s instead of SHA1 in extraction (Jason A. Donenfeld) \n- random: remove unused irq_flags argument from add_interrupt_randomness() (Saeed Mirzamohammadi) \n- random: document add_hwgenerator_randomness() with other input functions (Mark Brown) \n- crypto: blake2s - adjust include guard naming (Eric Biggers) \n- crypto: blake2s - include \n instead of \n (Eric Biggers) \n- MAINTAINERS: co-maintain random.c (Jason A. Donenfeld) \n- random: remove dead code left over from blocking pool (Eric Biggers) \n- random: avoid arch_get_random_seed_long() when collecting IRQ randomness (Ard Biesheuvel) \n- random: add arch_get_random_*long_early() (Mark Rutland) \n- powerpc: Use bool in archrandom.h (Richard Henderson) \n- linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check (Richard Henderson) \n- linux/random.h: Use false with bool (Richard Henderson) \n- linux/random.h: Remove arch_has_random, arch_has_random_seed (Richard Henderson) \n- s390: Remove arch_has_random, arch_has_random_seed (Richard Henderson) \n- powerpc: Remove arch_has_random, arch_has_random_seed (Richard Henderson) \n- x86: Remove arch_has_random, arch_has_random_seed (Richard Henderson) \n- random: avoid warnings for !CONFIG_NUMA builds (Mark Rutland) \n- random: split primary/secondary crng init paths (Mark Rutland) \n- random: remove some dead code of poolinfo (Yangtao Li) \n- random: fix typo in add_timer_randomness() (Yangtao Li) \n- random: Add and use pr_fmt() (Yangtao Li) \n- random: convert to ENTROPY_BITS for better code readability (Yangtao Li) \n- random: remove unnecessary unlikely() (Yangtao Li) \n- random: remove kernel.random.read_wakeup_threshold (Andy Lutomirski) \n- random: delete code to pull data into pools (Andy Lutomirski) \n- random: remove the blocking pool (Andy Lutomirski) \n- random: fix crash on multiple early calls to add_bootloader_randomness() (Dominik Brodowski) \n- char/random: silence a lockdep splat with printk() (Sergey Senozhatsky) \n- random: make /dev/random be almost like /dev/urandom (Andy Lutomirski) \n- random: ignore GRND_RANDOM in getentropy(2) (Andy Lutomirski) \n- random: add GRND_INSECURE to return best-effort non-cryptographic bytes (Andy Lutomirski) \n- random: Add a urandom_read_nowait() for random APIs that don't warn (Andy Lutomirski) \n- random: Don't wake crng_init_wait when crng_init == 1 (Andy Lutomirski) \n- lib/crypto: sha1: re-roll loops to reduce code size (Jason A. Donenfeld) \n- lib/crypto: blake2s: move hmac construction into wireguard (Jason A. Donenfeld) \n- crypto: blake2s - generic C library implementation and selftest (Jason A. Donenfeld) \n- crypto: Deduplicate le32_to_cpu_array() and cpu_to_le32_array() (Andy Shevchenko) \n- Revert 'hwrng: core - Freeze khwrng thread during suspend' (Herbert Xu) \n- char/random: Add a newline at the end of the file (Borislav Petkov) \n- random: Use wait_event_freezable() in add_hwgenerator_randomness() (Stephen Boyd) \n- fdt: add support for rng-seed (Hsin-Yi Wang) \n- random: Support freezable kthreads in add_hwgenerator_randomness() (Stephen Boyd) \n- random: fix soft lockup when trying to read from an uninitialized blocking pool (Theodore Ts'o) \n- latent_entropy: avoid build error when plugin cflags are not set (Vasily Gorbik) \n- random: document get_random_int() family (George Spelvin) \n- random: move rand_initialize() earlier (Kees Cook) \n- random: only read from /dev/random after its pool has received 128 bits (Theodore Ts'o) \n- drivers/char/random.c: make primary_crng static (Rasmus Villemoes) \n- drivers/char/random.c: remove unused stuct poolinfo::poolbits (Rasmus Villemoes) \n- drivers/char/random.c: constify poolinfo_table (Rasmus Villemoes) \n- random: make CPU trust a boot parameter (Kees Cook) \n- random: Make crng state queryable (Jason A. Donenfeld) \n- random: remove preempt disabled region (Ingo Molnar) \n- random: add a config option to trust the CPU's hwrng (Theodore Ts'o) \n- random: Return nbytes filled from hw RNG (Tobin C. Harding) \n- random: Fix whitespace pre random-bytes work (Tobin C. Harding) \n- drivers/char/random.c: remove unused dont_count_entropy (Rasmus Villemoes) \n- random: optimize add_interrupt_randomness (Andi Kleen) \n- random: always fill buffer in get_random_bytes_wait (Jason A. Donenfeld) \n- crypto: chacha20 - Fix keystream alignment for chacha20_block() (Eric Biggers) \n- 9p: missing chunk of 'fs/9p: Don't update file type when updating file attributes' (Al Viro)\n[4.14.35-2047.517.0.el7]\n- mpt3sas: Fix panic observed while accessing the hw ctx queue (Gulam Mohamed) [Orabug: 34446738]\n- driver: marvell: mmc: Add new bus modes overrides from DT (Wojciech Bartczak) [Orabug: 34440004]\n- octeontx2: mmc: Adds mechanism to modify all MMC bus modes timings (Wojciech Bartczak) [Orabug: 34440004]\n- rds/rdma: correctly assign the dest qp num in rds ib connection (Rohit Nair) [Orabug: 34429478]\n- Revert 'uek-rpm: Enable config CONFIG_SCSI_MQ_DEFAULT' (Gulam Mohamed) [Orabug: 34419153]\n- net/rds : Adding support to print SCQ and RCQ completion vectors in rds-info. (Anand Khoje) [Orabug: 34398210]\n- IB/mlx5: Disable BME for unbound devices too (Hakon Bugge) [Orabug: 34395378]\n- net/mlx5: Rearm the FW tracer after each tracer event (Feras Daoud) [Orabug: 34387281]\n- net/mlx5: FW tracer, Add debug prints (Saeed Mahameed) [Orabug: 34387281]\n- perf script: Fix crash because of missing evsel->priv (Ravi Bangoria) [Orabug: 34382257]\n- net/rds: Fix a NULL dereference in rds_tcp_accept_one() (Harshit Mogalapalli) [Orabug: 34371946]\n- ocfs2: kill EBUSY from dlmfs_evict_inode (Junxiao Bi) [Orabug: 34364338]\n- ocfs2: dlmfs: don't clear USER_LOCK_ATTACHED when destroying lock (Junxiao Bi) [Orabug: 34364338]\n- rds: ib: Qualify RNR Retry Timer check with firmware version (Freddy Carrillo) [Orabug: 33665743]", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-16T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-21385", "CVE-2022-21546", "CVE-2022-2588"], "modified": "2022-09-16T00:00:00", "id": "ELSA-2022-9788", "href": "http://linux.oracle.com/errata/ELSA-2022-9788.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-22T18:16:29", "description": "[5.4.17-2136.311.6]\n- Revert 'KVM: x86: Print error code in exception injection tracepoint iff valid' (Sherry Yang) [Orabug: 34535896]\n[5.4.17-2136.311.5]\n- netfilter: nf_tables: do not allow RULE_ID to refer to another chain (Thadeu Lima de Souza Cascardo) [Orabug: 34495567] {CVE-2022-2586}\n- netfilter: nf_tables: do not allow SET_ID to refer to another table (Thadeu Lima de Souza Cascardo) [Orabug: 34495567] {CVE-2022-2586}\n[5.4.17-2136.311.4]\n- rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 34514570] {CVE-2022-21385}\n- rds/rdma: destroy CQs during user initiated rds connection resets (Rohit Nair) [Orabug: 34414239] \n- scsi: target: Fix WRITE_SAME No Data Buffer crash (Mike Christie) [Orabug: 34419971] {CVE-2022-21546}\n- rds/ib: handle posted ACK during connection shutdown (Rohit Nair) [Orabug: 34465809] \n- rds/ib: reap tx completions during connection shutdown (Rohit Nair) [Orabug: 34465809] \n- Revert 'net/rds: Connect TCP backends deterministically' (Gerd Rausch) [Orabug: 34476562] \n- kernfs: Replace global kernfs_open_file_mutex with hashed mutexes. (Imran Khan) [Orabug: 34476941] \n- kernfs: Introduce interface to access global kernfs_open_file_mutex. (Imran Khan) [Orabug: 34476941] \n- kernfs: make ->attr.open RCU protected. (Imran Khan) [Orabug: 34476941] \n- kernfs: Rename kernfs_put_open_node to kernfs_unlink_open_file. (Imran Khan) [Orabug: 34476941] \n- kernfs: Remove reference counting for kernfs_open_node. (Imran Khan) [Orabug: 34476941] \n- arm64: mm: Fix case where !CONFIG_NUMA=y (Henry Willard) [Orabug: 34504995] \n- drm: protect drm_master pointers in drm_lease.c (Desmond Cheong Zhi Xi) [Orabug: 34115076] {CVE-2022-1280}\n- drm: serialize drm_file.master with a new spinlock (Desmond Cheong Zhi Xi) [Orabug: 34115076] {CVE-2022-1280}\n- drm: add a locked version of drm_is_current_master (Desmond Cheong Zhi Xi) [Orabug: 34115076] {CVE-2022-1280}\n- i2c: thunderx: missing struct pci_dev definition in mips build (Dave Kleikamp) [Orabug: 34483890] \n- mips: mm: define MADV_DOEXEC and MADV_DONTEXEC (Dave Kleikamp) [Orabug: 34483890] \n- mips64: Fix X.509 certificates parsing (Eric Saint-Etienne) [Orabug: 34483890] \n- thermal: support for Marvell Octeon TX SoC temperature sensors (Eric Saint-Etienne) [Orabug: 34483890] \n- netdev, octeon3-ethernet: move timecounter init to network driver probe() (Dave Aldridge) [Orabug: 34483890] \n- mips64/octeon: Initialize netdevice in octeon_pow struct (Vijay Kumar) [Orabug: 34483890] \n- MIPS: Add syscall auditing support (Ralf Baechle) [Orabug: 34483890] \n- net/ethernet/octeon: Add ptp_dbg_group module param in octeon-pow-ethernet (Vijay Kumar) [Orabug: 34483890] \n- net/ethernet/octeon: Set max/min mtu of pow equivalent to Octeon eth device (Vijay Kumar) [Orabug: 34483890] \n- arch/mips: Discard the contents of the PCI console if the buffer is full for more than 10 milliseconds (Victor Michel) [Orabug: 34483890] \n- vdso: prevent ld from aligning PT_LOAD segments to 64k (Rob Gardner) [Orabug: 34483890] \n- MIPS: Octeon: cache info: Delete cavium-octeon/cacheinfo.c (Henry Willard) [Orabug: 34483890] \n- uek-rpm: build embedded kernels for t73 (Dave Kleikamp) [Orabug: 34483890] \n- mips: define pmd_special & pmd_mkspecial (Dave Kleikamp) [Orabug: 34483890] \n- kbuild: linker should be called with KBUILD_LDFLAGS (Dave Kleikamp) [Orabug: 34483890] \n- MIPS: octeon: Suppress early_init_dt_scan_memory damage. (Henry Willard) [Orabug: 34483890] \n- mips: Fails to create /sys/firmware/fdt during bootup (Vijay Kumar) [Orabug: 34483890] \n- MIPS: probe_kernel_read() should not panic (Rob Gardner) [Orabug: 34483890] \n- mips/cavium-octeon: Change access permission for /proc/pcie_reset to write (Vijay Kumar) [Orabug: 34483890] \n- mips64: Build for Octeon and generic boards only (Vijay Kumar) [Orabug: 34483890] \n- mips: define pmd_pfn and pud_pfn (Dave Kleikamp) [Orabug: 34483890] \n- MIPS: OCTEON: silence 'virt' assembler warnings (Dave Kleikamp) [Orabug: 34483890] \n- MIPS: OCTEON: OCTEON III build and configuration option (Dave Kleikamp) [Orabug: 34483890] \n- KSPLICE for MIPS also would like function-sections (Rob Gardner) [Orabug: 34483890] \n- Provide thread_info flags for KSPLICE freezer support (Rob Gardner) [Orabug: 34483890] \n- mips: add user_addr_max() and PROT_RESERVED (Dave Kleikamp) [Orabug: 34483890] \n- mips: add clear_page_uncached() (Dave Kleikamp) [Orabug: 34483890] \n- net: octeon-ethernet: Fix to reset the device stats in init (Anushka Singh) [Orabug: 34483890] \n- net: phy: Kconfig: fix double definition of ICPLUS_PHY PHYs (Ivan Khoronzhuk) [Orabug: 34483890] \n- drivers: of_mdio.c : fix of_mdiobus_register_phy return code (Serhii Tyshchenko) [Orabug: 34483890] \n- mips/pci/pci-legacy.c: fix for mixed declarations and code (Serhii Tyshchenko) [Orabug: 34483890] \n- mips: octeon: remove unused pcie_17400_set_affinity (Serhii Tyshchenko) [Orabug: 34483890] \n- asm/octeon/cvmx-lmcx-defs.h: fix for platform selection build warnings (Serhii Tyshchenko) [Orabug: 34483890] \n- fix for cvmx-ila build issue (santhosh D) [Orabug: 34483890] \n- fix for cvmx-helper-rgmii build issue (santhosh D) [Orabug: 34483890] \n- fix for cvmx-l2c build issue (santhosh D) [Orabug: 34483890] \n- MIPS: reserve the memblock right after the kernel (Alex Sverdlin) [Orabug: 34483890] \n- MIPS: Octeon: Update mach_bootmem_init for NUMA support to enable CONFIG_NUMA (Anushka Singh) [Orabug: 34483890] \n- Octeon: net: ethernet: Port from 4.14 to 5.4 octeon-2 ethernet driver changes (Anushka Singh) [Orabug: 34483890] \n- MIPS: OCTEON: Add support for pci hot plugged endpoints (Carlos Munoz) [Orabug: 34483890] \n- arch: mips: cavium-octeon: cvmx-pcie: fix config read 32 (Ivan Khoronzhuk) [Orabug: 34483890] \n- MIPS: ftrace: fix init functions tracing (Ivan Khoronzhuk) [Orabug: 34483890] \n- net: octeon: mgmt: Repair filling of RX ring (Alex Sverdlin) [Orabug: 34483890] \n- Octeon: net: octeon_mgmt: Add MTU size (Anushka Singh) [Orabug: 34483890] \n- Octeon: net: octeon_mgmt: Add phy_start and phy_stop (Anushka Singh) [Orabug: 34483890] \n- Octeon: Add working CISCO kernel config for Octeon (Anushka Singh) [Orabug: 34483890] \n- MIPS: Octeon: MIPS: Update default config for kernel v5.4.30 (Anushka Singh) [Orabug: 34483890] \n- Octeon: net: octeon3-ethernet: Port 4.14 to 5.4 octeon3-ethernet driver (Anushka Singh) [Orabug: 34483890] \n- Octeon: octeon3_ethernet: Port 4.14 to 5.4 fixes incompatible-pointer-types (Anushka Singh) [Orabug: 34483890] \n- Octeon: Fix build error in cvmx-qlm.c (Anushka Singh) [Orabug: 34483890] \n- MIPS: Octeon: add some missing fall through annotations (Anushka Singh) [Orabug: 34483890] \n- OCTEON: octeon_edac-lmc : Temp drop use of VLA (Anushka Singh) [Orabug: 34483890] \n- Octeon: Port 4.14 to 5.4 fixes in PCI/MSI (Anushka Singh) [Orabug: 34483890] \n- MIPS: Octeon: Add updated default config for kernel v5.4.30 (Anushka Singh) [Orabug: 34483890] \n- Octeon: Octeon3 Ethernet driver port 4.14 to 5.4 fixes. (Anushka Singh) [Orabug: 34483890] \n- Octeon: (Temporary) Port 4.14 to 5.4 workaround for VLA in cvmx-dma-engine.c (Anushka Singh) [Orabug: 34483890] \n- net: phy: Port 4.14 to 5.4 fixes in Qualcomm/Atheros qca8334/8337 PHYs (Anushka Singh) [Orabug: 34483890] \n- MIPS: Port 4.14 to 5.4 temporary patch for mach_bootmem_init (Anushka Singh) [Orabug: 34483890] \n- MIPS: Octeon: Port 4.14 to 5.4 fixes for VLA (Anushka Singh) [Orabug: 34483890] \n- net: phy: Port 4.14 to 5.4 fixes in TI tlk10232 and Marvell 88X3120 dual-10G PHY drivers (Anushka Singh) [Orabug: 34483890] \n- MIPS: net: phy: Port 4.14 to 5.4 fixes in bcm87xx phy driver (Anushka Singh) [Orabug: 34483890] \n- MIPS: Octeon: gpio: Port 4.14 to 5.4 fixes (Anushka Singh) [Orabug: 34483890] \n- MIPS: Octeon: Setup file Port 4.14 to 5.4 fixes (Anushka Singh) [Orabug: 34483890] \n- MIPS: octeon-irq: Port 4.14 to 5.4 fixes. (Anushka Singh) [Orabug: 34483890] \n- MIPS: Add default config for kernel v5.4.30 (Anushka Singh) [Orabug: 34483890] \n- MIPS: Octeon PCI Console: Port 4.14 to 5.4 fixes. (Anushka Singh) [Orabug: 34483890] \n- MIPS: OCTEON: Port 4.14 to 5.4 fixes for e->base (Anushka Singh) [Orabug: 34483890] \n- MIPS: OCTEON: octeon-usb: Port 4.14 to 5.4 fixes. (Anushka Singh) [Orabug: 34483890] \n- MIPS: Port 4.14 to 5.4 fixes for access_ok(). (Anushka Singh) [Orabug: 34483890] \n- MIPS: Port 4.14 to 5.4 compile-time error resolution for atomic.h functions. (Anushka Singh) [Orabug: 34483890] \n- MIPS: Octeon: kexec (Lukasz Majczak) [Orabug: 34483890] \n- MIPS: Octeon: Take all memory into use by default. (Lukasz Majczak) [Orabug: 34483890] \n- MIPS: octeon: shared_cpu_map cacheinfo (Lukasz Majczak) [Orabug: 34483890] \n- netdev: octeon-ethernet: Register devices in the ptp class. (Lukasz Majczak) [Orabug: 34483890] \n- mtd: spi-nor: Add Micron (MT25Q*) SPI flash devices. (Lukasz Majczak) [Orabug: 34483890] \n- netdev: octeon-ethernet: Add packet hardware timestamp support. (Carlos Munoz) [Orabug: 34483890] \n- Add default kernel config for Octeon3 (Lukasz Majczak) [Orabug: 34483890] \n- MIPS: Octeon: Fix node calculation (Lukasz Majczak) [Orabug: 34483890] \n- MIPS: OCTEON: Sync-up SE to r173908 (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS: Octeon: Read BGXX_SPUX_FEC_CONTROL before using it. (Chandrakala Chavva) [Orabug: 34483890] \n- net: octeon: Fix ndo_get_stats64 return value. (Chandrakala Chavva) [Orabug: 34483890] \n- Fix build issues (Lukasz Majczak) [Orabug: 34483890] \n- MIPS: Octeon: Fix setting MTU (Lukasz Majczak) [Orabug: 34483890] \n- Revert 'MIPS: kexec: remove SMP_DUMP' (Lukasz Majczak) [Orabug: 34483890] \n- MIPS: Octeon: cache info (Lukasz Majczak) [Orabug: 34483890] \n- MIPS: OCTEON: HOTPLUG_CPU changes. (Lukasz Majczak) [Orabug: 34483890] \n- net: phy: Port 4.9 to 4.14 fixes (Lukasz Majczak) [Orabug: 34483890] \n- Octeon: MTD: NAND: Port 4.9 to 4.14 fixes (Lukasz Majczak) [Orabug: 34483890] \n- EDAC:Octeon: Fix LMC CSRs access on OcteonII (Chandrakala Chavva) [Orabug: 34483890] \n- EDAC:Octeon: undeclared variable when CONFIG_EDAC_DEBUG=y (Peter Swain) [Orabug: 34483890] \n- net: octeon: NAPI waits once for next packet (Peter Swain) [Orabug: 34483890] \n- MIPS:OCTEON: Sync-up SE files (r172329) (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS:OCTEON: Sync-up SE files (r172318). (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS:OCTEON: Sync-up SE files (r172313) (Chandrakala Chavva) [Orabug: 34483890] \n- edac:octeon: Check if device is present before removing. (Chandrakala Chavva) [Orabug: 34483890] \n- EDAC:Octeon: Fixed EDAC support for OcteonII and OcteonIII. (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS/EDAC: Call edac handle for bigrd/bigwd cases. (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS: Octeon: Sync-up SE files (-r172055) (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS: OCTEON: Backports some bit extract functions from SDK. (Chandrakala Chavva) [Orabug: 34483890] \n- netdev: octeon-ethernet: Fix MTU settings for AGL interface. (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS: OCTEON: Added disable_sbe module parameter (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS: OCTEON: Call panic when co-processor DBE error happens. (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS: OCTEON: Sync-up CIU3 Error data files. (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS/octeon: Add /proc/pcie_reset file. (Peter Swain) [Orabug: 34483890] \n- net: xfrm: Added ipsec kame offload support. (Chandrakala Chavva) [Orabug: 34483890] \n- of_mdio: Add 'cortina,cs4318' to the whitelist. (Steven J. Hill) [Orabug: 34483890] \n- ATA: Disable soft reset for ASM1092 sata port multiplier (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS:Octeon: Sync-up SE files to 170716. (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS: pcie-octeon: reset PCIe on reboot (Peter Swain) [Orabug: 34483890] \n- octeon3: ethernet: driver: Added vlan header size to max mtu. (Abhijit Ayarekar) [Orabug: 34483890] \n- net: octeon: Add IFF_LIVE_ADDR_CHANGE to change mac address live. (Chandrakala Chavva) [Orabug: 34483890] \n- Octeon: MTD: NAND: Do not call is_vmalloc_or_module_addr() (Aaron Williams) [Orabug: 34483890] \n- Cavium: MTD: NAND Ported 3.10 NAND driver to 4.9 (Aaron Williams) [Orabug: 34483890] \n- octeon: mtd: nand: Merged in latest changes from Octeon SDK (Aaron Williams) [Orabug: 34483890] \n- rtc: isl12026: Select CONFIG_NVMEM to ensure it builds. (David Daney) [Orabug: 34483890] \n- MIPS:OCTEON: Sync-up SE files to -r170052 (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS/tlbex: Save and restore ASID around TLBR (David Daney) [Orabug: 34483890] \n- rtc: isl12026: Fix build failure when CONFIG_NVMEM not enabled. (David Daney) [Orabug: 34483890] \n- rtc: isl12026: Add driver. (David Daney) [Orabug: 34483890] \n- i2c: octeon: Emit stop condition if bootloader didn't end last transaction. (David Daney) [Orabug: 34483890] \n- MIPS/PCI/OCTEON: Map irqs after PCI bus rescan. (David Daney) [Orabug: 34483890] \n- EDAC: octeon_edac-lmc: Fix module removal when ECC unsupported. (Steven J. Hill) [Orabug: 34483890] \n- netdev: octeon-ethernet: Check packet backlog periodically to wake up other cpus if needed. (Carlos Munoz) [Orabug: 34483890] \n- Set SDK_VERSION to 5.1.0. (Chandrakala Chavva) [Orabug: 34483890] \n- mtd: nand: octeon: Add NAND flash driver. (Carlos Munoz) [Orabug: 34483890] \n- netdev: octeon-ethernet: use IFF_NO_QUEUE (Peter Swain) [Orabug: 34483890] \n- MIPS: Pass -fno-asynchronous-unwind-tables to compiler. (David Daney) [Orabug: 34483890] \n- MIPS: Add ELF_CORE_COPY_REGS definition. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Correctly calculate totalram_pages (David Daney) [Orabug: 34483890] \n- netdev: octeon-pow: Add napi support. (Carlos Munoz) [Orabug: 34483890] \n- MIPS: OCTEON: Restore 512MB default memory size. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Always try to allocate 1024 MB of 32-bit memory. (David Daney) [Orabug: 34483890] \n- MIPS: pcie-octeon: Use level semantics for int-A interrupts. (David Daney) [Orabug: 34483890] \n- MIPS, pci: Expose Cavium OCTEON PCIe bridges to the PCIe core (David Daney) [Orabug: 34483890] \n- netdev: octeon3-ethernet: Enable srio port and remove srio header on ingress packets. (Carlos Munoz) [Orabug: 34483890] \n- MIPS: OCTEON: Set DIDTO to approx. 250mS. (David Daney) [Orabug: 34483890] \n- MIPS,ftrace: Fix dynamic ftrace patching of MAPPED_KERNEL modules. (David Daney) [Orabug: 34483890] \n- MIPS: oct_ilm: Add OCTEON III support. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Don't translate underlying GPIO irq bits. (Corey Minyard) [Orabug: 34483890] \n- gpio: gpio-octeon: Fix to_irq() support. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Initialize the mport structure correctly. (Carlos Munoz) [Orabug: 34483890] \n- MIPS: Move VMALLOC_START to avoid OCTEON III Core-31034 (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Don't allow interrupts or scheduling from CacheErr handler. (David Daney) [Orabug: 34483890] \n- netdev: octeon-pow: Save aura before freeing the wqe. (Carlos Munoz) [Orabug: 34483890] \n- MIPS: OCTEON: Platform support for OCTEON III USB controller (Steven J. Hill) [Orabug: 34483890] \n- MIPS: OCTEON: Change SDK release string to 5.1.0-prerelease (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Always try to allocate 512 MB of 32-bit memory. (David Daney) [Orabug: 34483890] \n- netdev, octeon3-ethernet: Don't bloat RX buffer pool. (David Daney) [Orabug: 34483890] \n- watchdog: octeon-wdt: Implement G-30204 workaround. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Add missing CONFIG_KEXEC support. (David Daney) [Orabug: 34483890] \n- staging: octeon: Call SET_NETDEV_DEV() (Florian Fainelli) [Orabug: 34483890] \n- mmc: cavium: Fix broken sign extensions in block write code. (David Daney) [Orabug: 34483890] \n- mmc: core: Export API to allow hosts to get the card address (Ulf Hansson) [Orabug: 34483890] \n- MAINTAINERS: Add entry for Cavium MMC driver (Jan Glauber) [Orabug: 34483890] \n- mips/gpio: Fix OCTEON GPIO interrupt support. (David Daney) [Orabug: 34483890] \n- MIPS:OCTEON: Sync up SE files as of r154518. (Carlos Munoz) [Orabug: 34483890] \n- mips: edac: octeon: Use preemptive safe methods. (Carlos Munoz) [Orabug: 34483890] \n- net: phy: Force the link state to be checked during initialization. (Carlos Munoz) [Orabug: 34483890] \n- crypto: octeon: Use proper function to check for features. (Carlos Munoz) [Orabug: 34483890] \n- netdev: octeon3-ethernet: Disable transmit queues. (Carlos Munoz) [Orabug: 34483890] \n- netdev: octeon-ethernet: Handle when octeon_hw_status_add_source() fails. (Carlos Munoz) [Orabug: 34483890] \n- MIPS: OCTEON: Fix build breakage when CONFIG_SMP disabled (David Daney) [Orabug: 34483890] \n- ata: Use WARN instead of BUG in pata_octeon_cf. (David Daney) [Orabug: 34483890] \n- netdev/phy: Initial support for Vitesse vsc8490 phy. (Carlos Munoz) [Orabug: 34483890] \n- netdev: Add driver for Marvell 88X3120 dual 10GBase-T Ethernet phy (David Daney) [Orabug: 34483890] \n- phy/marvell: Add did_interrupt() method for Marvell 88E1240 (David Daney) [Orabug: 34483890] \n- net: phy: add qca833x phy-headed-switch (Peter Swain) [Orabug: 34483890] \n- netdev/phy: Add driver for TI tlk10232 dual-10G PHY. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Enable Micrel 9031 PHY for OCTEON. (Chandrakala Chavva) [Orabug: 34483890] \n- netdev/phy/of: Handle nexus Ethernet PHY devices (Aaron Williams) [Orabug: 34483890] \n- netdev/phy: Add driver for Cortina cs4321 quad 10G PHY. (David Daney) [Orabug: 34483890] \n- perf: context-sensitive keywords: for uncore_foo/miss/ (Peter Swain) [Orabug: 34483890] \n- MIPS: Fix arch in assembly for saa instruction. (Andrew Pinski) [Orabug: 34483890] \n- MIPS: OCTEON: Fix simulator compile error. (Carlos Munoz) [Orabug: 34483890] \n- MIPS: OCTEON: Use IRQF_NO_THREAD when chaining MSIs (David Daney) [Orabug: 34483890] \n- OCTEON: OCLA driver to support blocking IO. (Carlos Munoz) [Orabug: 34483890] \n- RapidIO: Driver for CN6XXX (Chad Reese) [Orabug: 34483890] \n- RapidIO: Add interface to memory map rapidio device memory. (Chad Reese) [Orabug: 34483890] \n- MIPS: OCTEON: Add driver Serial Rapid I/O (sRIO) hardware. (Carlos Munoz) [Orabug: 34483890] \n- netdev: octeon_mgmt: Update with latest changes. (David Daney) [Orabug: 34483890] \n- Revert 'net: octeon: mgmt: Repair filling of RX ring' (Dave Kleikamp) [Orabug: 34483890] \n- Revert 'net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop' (Dave Kleikamp) [Orabug: 34483890] \n- netdev: octeon3-ethernet: Driver for octeon III SOCs. (Carlos Munoz) [Orabug: 34483890] \n- MIPS: OCTEON: Create fpa3 standalone driver. (Carlos Munoz) [Orabug: 34483890] \n- netdev: octeon: Move and update octeon network driver from staging. (Carlos Munoz) [Orabug: 34483890] \n- Revert 'staging/octeon: fix up merge error' (Dave Kleikamp) [Orabug: 34483890] \n- Revert 'staging: octeon: repair 'fixed-link' support' (Dave Kleikamp) [Orabug: 34483890] \n- Revert 'staging: octeon: Drop on uncorrectable alignment or FCS error' (Dave Kleikamp) [Orabug: 34483890] \n- MIPS: Add core-16419 errata workaround (Andrew Pinski) [Orabug: 34483890] \n- mips: octeon: add TDM feature & IRQ (Peter Swain) [Orabug: 34483890] \n- MIPS: traps: call crash_kexec() before panic() when dying (Taras Kondratiuk) [Orabug: 34483890] \n- MIPS:OCTEON: Increase the load address (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS: OCTEON: Add syscall to add timer events. (Carlos Munoz) [Orabug: 34483890] \n- MIPS: kexec: Set memory limits to HIGHMEM_START. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Fix Cache error detection for OCTEON III. (David Daney) [Orabug: 34483890] \n- watchdog: octeon-wdt: Fix timer rate for all OCTEON III parts. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Update octeon-error-injector for OCTEON III. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Fix saving of CVMSEG per-task state. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Handle MSI on multiple nodes. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Increase NR_IRQS for CONFIG_NUMA. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Add csrc-fpa-clk. (David Daney) [Orabug: 34483890] \n- watchdog: octeon-wdt: Fix to work on multi-node systems. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Fix Automatic provisioning CVMSEG space. (David Daney) [Orabug: 34483890] \n- MIPS:OCTEON: Disable error tree handling on shutdown (Corey Minyard) [Orabug: 34483890] \n- MIPS: OCTEON: Fix IPI mechanism used by KEXEC. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Try to allocate at least 256MB of DMA32 memory. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Add NUMA support for cn78XX (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Print warning message if OCTEON II kernel run on earlier chips. (David Daney) [Orabug: 34483890] \n- MIPS: Make setting of MAX_PHYSMEM_BITS settable per sub-architecture. (David Daney) [Orabug: 34483890] \n- MIPS: Make XPHYSADDR() work for all addresses. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: cpu_state not just for _HOTPLUG (Peter Swain) [Orabug: 34483890] \n- MIPS: OCTEON: Add sysfs hooks to add and remove CPUs. (David Daney) [Orabug: 34483890] \n- MIPS: Octeon: Revise memory allocation from bootloader (Leonid Rosenboim) [Orabug: 34483890] \n- MIPS: OCTEON: Automatically provision CVMSEG space. (David Daney) [Orabug: 34483890] \n- MIPS: Octeon: Get first 256MB from 32-bit addresable memory (Leonid Rosenboim) [Orabug: 34483890] \n- MIPS/OCTEON: Add multiple msi support. (Carlos Munoz) [Orabug: 34483890] \n- MIPS: OCTEON: Inhibit CP0_Compare interrupts when not needed. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Add preliminary GPIO interrupt support for cn78XX. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Reorganize PCIe controller code. (Venkat Subbiah) [Orabug: 34483890] \n- MIPS: OCTEON: MSI-X interrupts for cn78XX. (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS/OCTEON: CIU/CIU2 use random msi irqs. (Carlos Munoz) [Orabug: 34483890] \n- MIPS: OCTEON: Add initial error bit detection for cn78XX. (David Daney) [Orabug: 34483890] \n- MIPS: Fix demand activation of OCTEON CVMSEG region. (David Daney) [Orabug: 34483890] \n- MIPS:OCTEON: Enable access to CVMSEG for user space (Chandrakala Chavva) [Orabug: 34483890] \n- watchdog: Octeon: Add 78xx support. (Carlos Munoz) [Orabug: 34483890] \n- MIPS: oct_ilm: Fix debugfs file permissions. (David Daney) [Orabug: 34483890] \n- MIPS: KDUMP: Fix to access non-sectioned memory (Prem Mallappa) [Orabug: 34483890] \n- MIPS: OCTEON: Fix plat_swiotlb_setup() for OCTEON3 (David Daney) [Orabug: 34483890] \n- MIPS: Handle CPU_CAVIUM_OCTEON3 like CPU_CAVIUM_OCTEON2 in clear_page. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Allow CONFIG_CAVIUM_CN63XXP1 to be disabled. (David Daney) [Orabug: 34483890] \n- MIPS/EDAC: Use correct fields for printing error message for O3 model (Chandrakala Chavva) [Orabug: 34483890] \n- edac/octeon_edac-lmc: Fix kernel panic when 1 DDR present (Prem Mallappa) [Orabug: 34483890] \n- MIPS/EDAC: Cavium: Updated L2C error checking for OCTEON3. (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS: Only flush local ICache in get_new_asid(). (David Daney) [Orabug: 34483890] \n- MIPS: Add new function local_flush_icache_all() (David Daney) [Orabug: 34483890] \n- MIPS: Handle indexed load instructions in emulate_load_store_insn(). (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Increase the number of irqs for !PCI case (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Restore printing of L2 Cache information. (David Daney) [Orabug: 34483890] \n- MIPS: Octeon: Add /sys/devices/system/cpu/cpuX/cache (Venkat Subbiah) [Orabug: 34483890] \n- MIPS perf: Rework the mipspmu notifiers. (David Daney) [Orabug: 34483890] \n- MIPS perf: OCTEON: Handle PMU pmu_enable/pmu_diable notifications. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Sync up HOTPLUG_CPU changes. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Per process XKPHYS (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS: move arch/mips/cavium-octeon/cpu.c to arch/mips/kernel/ (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Set the extended bits of DIDTTO too. (David Daney) [Orabug: 34483890] \n- MIPS: Add support for OCTEON III perf events. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Keep reset value for COP0_ERRCTL (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS: OCTEON: Enable tlb parity error for O3 (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS: OCTEON: Use correct L2C CSR for cache locking. (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS: OCTEON: Move L2 Cache probing code to setup.c (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Move xkphys_usermem_{read,write} to octeon-cpu.c (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Fix L1 dacache parity for OCTEON3 (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS: OCTEON: Use current_cpu_type() for CPU model check. (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS: Octeon: Initialize proper CVMX_SSO_NW_TIM register. (David Daney) [Orabug: 34483890] \n- MIPS: Octeon: Merge and cleanup. (Leonid Rosenboim) [Orabug: 34483890] \n- MIPS: OCTEON: Save/Restore wider multiply registers in OCTEON III CPUs (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Add support for CONFIG_CAVIUM_GDB (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Add Cavium OCTEON serial driver. (Carlos Munoz) [Orabug: 34483890] \n- MIPS: Octeon: Rearrange L2 cache locking code (David Daney) [Orabug: 34483890] \n- MIPS/OCTEON: Initialize QLM JTAG. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Import new S.E. and adjust things to match. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Add /proc/octeon_perf support. (David Daney) [Orabug: 34483890] \n- MIPS: Allow sub-architecture 'machines' to override bootmem initialization. (David Daney) [Orabug: 34483890] \n- MIPS: Fix warning spew on CONFIG_PREEMPT_DEBUG and ptrace watch register use. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Fix compile/run time errors from synced cvmx files. (Carlos Munoz) [Orabug: 34483890] \n- Sync-up SE files (latest) (Lukasz Majczak) [Orabug: 34483890] \n- MIPS: OCTEON: octeon-lmc bug fixes (Chandrakala Chavva) [Orabug: 34483890] \n- MIPS: OCTEON: Add module to inject hardware error conditions. (David Daney) [Orabug: 34483890] \n- MIPS: Add accessor functions for OCTEON ERRCTL CP0 register. (David Daney) [Orabug: 34483890] \n- MIPS/OCTEON: Add OCTEON II TLB parity error handling (David Daney) [Orabug: 34483890] \n- MIPS: Add board_mcheck_handler, show process state on machine check exception. (David Daney) [Orabug: 34483890] \n- MIPS: Octeon: Cleanup obsolete CrashKernel memory init in octeon/setup.c (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Add support for running kernel in mapped address space. (David Daney) [Orabug: 34483890] \n- MIPS/edac/OCTEON: Hook up Write Buffer parity errors to EDAC. (David Daney) [Orabug: 34483890] \n- MIPS: Octeon: Add /proc/octeon_info support. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Define cpu_has_local_ebase to 0. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Use virt_to_phys() and phys_to_virt() in octeon/setup.c (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Add framework for managing and reporting hardware status bit assertions. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Populate kernel memory from cvmx_bootmem named blocks. (David Daney) [Orabug: 34483890] \n- MIPS: Octeon: Disable probing MDIO for Landbird NIC 10g cards. (David Daney) [Orabug: 34483890] \n- MIPS: Octeon: Add config option to disable ELF NOTE segments (David Daney) [Orabug: 34483890] \n- MIPS: Octeon: Add simple Octeon IPI infrastructure (David Daney) [Orabug: 34483890] \n- MIPS: Octeon: Quit using all the mailbox bits. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Handle userspace access to CVMSEG (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Add driver for OCTEON PCI console. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Make PCIe work with Little Endian kernel. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Rearrange CVMSEG slots. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Add ability to used an initrd from a named memory block. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Change load address to waste less memory. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Add parameter to disable PCI on command line. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Print address of passed device tree. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Introduce xkphys_read, xkphys_write sysmips(2) calls (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Add sysfs support for CPU power throttling. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Add PTP clocksource. (David Daney) [Orabug: 34483890] \n- MIPS: msi-octeon: Add MSI-X support for OCTEON III. (Lukasz Majczak) [Orabug: 34483890] \n- MIPS: OCTEON: Add support for SRIO interrupt sources. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Add utility helper function octeon_read_ptp_csr() (David Daney) [Orabug: 34483890] \n- gpio: gpio-octeon: Add cn78XX support. (David Daney) [Orabug: 34483890] \n- MIPS: Add Octeon2 optimizations to clear_page. (David Daney) [Orabug: 34483890] \n- MIPS: Add ZCB and ZCBT instructions to uasm. (David Daney) [Orabug: 34483890] \n- MIPS: Use Octeon2 atomic instructions when cpu_has_octeon2_isa. (David Daney) [Orabug: 34483890] \n- MIPS: OCTEON: Add OCTEON II build and configuration option (David Daney) [Orabug: 34483890] \n- MIPS: Octeon: Fast access to the thread pointer (David Daney) [Orabug: 34483890]\n[5.4.17-2136.311.3]\n- arm64: pensando: Kernel PCIe manager for Pensando SmartNIC (Rob Gardner) [Orabug: 33480595] \n- PCI: pciehp: Add quirk to handle spurious DLLSC on a x4x4 SSD (Thomas Tai) [Orabug: 34358323] \n- ext4: Move to shared i_rwsem even without dioread_nolock mount opt (Ritesh Harjani) [Orabug: 34405736] \n- ext4: Start with shared i_rwsem in case of DIO instead of exclusive (Ritesh Harjani) [Orabug: 34405736] \n- ext4: further refactoring bufferio and dio helper (Junxiao Bi) [Orabug: 34405736] \n- ext4: refactor ext4_file_write_iter (Junxiao Bi) [Orabug: 34405736] \n- net/mlx5: E-Switch, change VFs default admin state to auto in switchdev (Maor Dickman) [Orabug: 34477073] \n- xen/manage: Use orderly_reboot() to reboot (Ross Lagerwall) [Orabug: 34480732] \n- xen/manage: revert 'xen/manage: enable C_A_D to force reboot' (Dongli Zhang) [Orabug: 34480732]\n[5.4.17-2136.311.2]\n- s390/archrandom: prevent CPACF trng invocations in interrupt context (Harald Freudenberger) \n- xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (Demi Marie Obenour) \n- LTS tag: v5.4.206 (Sherry Yang) \n- Revert 'mtd: rawnand: gpmi: Fix setting busy timeout setting' (Greg Kroah-Hartman) \n- LTS tag: v5.4.205 (Sherry Yang) \n- dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (Miaoqian Lin) \n- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (Miaoqian Lin) \n- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (Michael Walle) \n- dmaengine: pl330: Fix lockdep warning about non-static key (Dmitry Osipenko) \n- ida: don't use BUG_ON() for debugging (Linus Torvalds) \n- dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo (Samuel Holland) \n- misc: rtsx_usb: set return value in rsp_buf alloc err path (Shuah Khan) \n- misc: rtsx_usb: use separate command and response buffers (Shuah Khan) \n- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (Shuah Khan) \n- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (Peter Robinson) \n- i2c: cadence: Unregister the clk notifier in error path (Satish Nagireddy) \n- selftests: forwarding: fix error message in learning_test (Vladimir Oltean) \n- selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT (Vladimir Oltean) \n- selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT (Vladimir Oltean) \n- ibmvnic: Properly dispose of all skbs during a failover. (Rick Lindsley) \n- ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt (Claudiu Beznea) \n- ARM: at91: pm: use proper compatible for sama5d2's rtc (Claudiu Beznea) \n- pinctrl: sunxi: sunxi_pconf_set: use correct offset (Andrei Lalaev) \n- pinctrl: sunxi: a83t: Fix NAND function name for some pins (Samuel Holland) \n- ARM: meson: Fix refcount leak in meson_smp_prepare_cpus (Miaoqian Lin) \n- can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits (Jimmy Assarsson) \n- can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression (Jimmy Assarsson) \n- can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info (Jimmy Assarsson) \n- powerpc/powernv: delay rng platform device creation until later in boot (Jason A. Donenfeld) \n- video: of_display_timing.h: include errno.h (Hsin-Yi Wang) \n- fbcon: Prevent that screen size is smaller than font size (Helge Deller) \n- fbcon: Disallow setting font bigger than screen size (Helge Deller) \n- fbmem: Check virtual screen sizes in fb_set_var() (Helge Deller) \n- fbdev: fbmem: Fix logo center image dx issue (Guiling Deng) \n- iommu/vt-d: Fix PCI bus rescan device hot add (Yian Chen) \n- net: rose: fix UAF bug caused by rose_t0timer_expiry (Duoming Zhou) \n- usbnet: fix memory leak in error case (Oliver Neukum) \n- can: gs_usb: gs_usb_open/close(): fix memory leak (Rhett Aultman) \n- can: grcan: grcan_probe(): remove extra of_node_get() (Liang He) \n- can: bcm: use call_rcu() instead of costly synchronize_rcu() (Oliver Hartkopp) \n- mm/slub: add missing TID updates on slab deactivation (Jann Horn) \n- esp: limit skb_page_frag_refill use to a single page (Sabrina Dubroca) \n- LTS tag: v5.4.204 (Sherry Yang) \n- clocksource/drivers/ixp4xx: remove EXPORT_SYMBOL_GPL from ixp4xx_timer_setup() (Greg Kroah-Hartman) \n- net: usb: qmi_wwan: add Telit 0x1070 composition (Daniele Palmas) \n- net: usb: qmi_wwan: add Telit 0x1060 composition (Carlo Lobrano) \n- xen/arm: Fix race in RB-tree based P2M accounting (Oleksandr Tyshchenko) \n- xen/blkfront: force data bouncing when backend is untrusted (Roger Pau Monne) \n- xen/netfront: force data bouncing when backend is untrusted (Roger Pau Monne) \n- xen/netfront: fix leaking data in shared pages (Roger Pau Monne) \n- xen/blkfront: fix leaking data in shared pages (Roger Pau Monne) \n- selftests/rseq: Change type of rseq_offset to ptrdiff_t (Mathieu Desnoyers) \n- selftests/rseq: x86-32: use %gs segment selector for accessing rseq thread area (Mathieu Desnoyers) \n- selftests/rseq: x86-64: use %fs segment selector for accessing rseq thread area (Mathieu Desnoyers) \n- selftests/rseq: Fix: work-around asm goto compiler bugs (Mathieu Desnoyers) \n- selftests/rseq: Remove arm/mips asm goto compiler work-around (Mathieu Desnoyers) \n- selftests/rseq: Fix warnings about #if checks of undefined tokens (Mathieu Desnoyers) \n- selftests/rseq: Fix ppc32 offsets by using long rather than off_t (Mathieu Desnoyers) \n- selftests/rseq: Fix ppc32 missing instruction selection 'u' and 'x' for load/store (Mathieu Desnoyers) \n- selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big endian (Mathieu Desnoyers) \n- selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35 (Mathieu Desnoyers) \n- selftests/rseq: Introduce thread pointer getters (Mathieu Desnoyers) \n- selftests/rseq: Introduce rseq_get_abi() helper (Mathieu Desnoyers) \n- selftests/rseq: Remove volatile from __rseq_abi (Mathieu Desnoyers) \n- selftests/rseq: Remove useless assignment to cpu variable (Mathieu Desnoyers) \n- selftests/rseq: introduce own copy of rseq uapi header (Mathieu Desnoyers) \n- selftests/rseq: remove ARRAY_SIZE define from individual tests (Shuah Khan) \n- rseq/selftests,x86_64: Add rseq_offset_deref_addv() (Peter Oskolkov) \n- ipv6/sit: fix ipip6_tunnel_get_prl return value (katrinzhou) \n- sit: use min (kernel test robot) \n- net: dsa: bcm_sf2: force pause link settings (Doug Berger) \n- hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails (Yang Yingliang) \n- xen/gntdev: Avoid blocking in unmap_grant_pages() (Demi Marie Obenour) \n- net: tun: avoid disabling NAPI twice (Jakub Kicinski) \n- NFC: nxp-nci: Don't issue a zero length i2c_master_read() (Michael Walle) \n- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- net: bonding: fix use-after-free after 802.3ad slave unbind (Yevhen Orlov) \n- net: bonding: fix possible NULL deref in rlb code (Eric Dumazet) \n- net/sched: act_api: Notify user space if any actions were flushed before error (Victor Nogueira) \n- netfilter: nft_dynset: restore set element counter when failing to update (Pablo Neira Ayuso) \n- s390: remove unneeded 'select BUILD_BIN2C' (Masahiro Yamada) \n- PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events (Miaoqian Lin) \n- caif_virtio: fix race between virtio_device_ready() and ndo_open() (Jason Wang) \n- net: ipv6: unexport __init-annotated seg6_hmac_net_init() (YueHaibing) \n- usbnet: fix memory allocation in helpers (Oliver Neukum) \n- linux/dim: Fix divide by 0 in RDMA DIM (Tao Liu) \n- RDMA/qedr: Fix reporting QP timeout attribute (Kamal Heib) \n- net: tun: stop NAPI when detaching queues (Jakub Kicinski) \n- net: tun: unlink NAPI from device on destruction (Jakub Kicinski) \n- selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test (Dimitris Michailidis) \n- virtio-net: fix race between ndo_open() and virtio_device_ready() (Jason Wang) \n- net: usb: ax88179_178a: Fix packet receiving (Jose Alonso) \n- net: rose: fix UAF bugs caused by timer handler (Duoming Zhou) \n- s390/archrandom: simplify back to earlier design and initialize earlier (Jason A. Donenfeld) \n- dm raid: fix KASAN warning in raid5_add_disks (Mikulas Patocka) \n- dm raid: fix accesses beyond end of raid member array (Heinz Mauelshagen) \n- powerpc/bpf: Fix use of user_pt_regs in uapi (Naveen N. Rao) \n- powerpc/prom_init: Fix kernel config grep (Liam Howlett) \n- nvdimm: Fix badblocks clear off-by-one error (Chris Ye) \n- ipv6: take care of disable_policy when restoring routes (Nicolas Dichtel) \n- LTS tag: v5.4.203 (Sherry Yang) \n- crypto: arm/ghash-ce - define fpu before fpu registers are referenced (Stefan Agner) \n- crypto: arm - use Kconfig based compiler checks for crypto opcodes (Ard Biesheuvel) \n- ARM: 9029/1: Make iwmmxt.S support Clang's integrated assembler (Jian Cai) \n- ARM: OMAP2+: drop unnecessary adrl (Stefan Agner) \n- ARM: 8929/1: use APSR_nzcv instead of r15 as mrc operand (Stefan Agner) \n- ARM: 8933/1: replace Sun/Solaris style flag on section directive (Nick Desaulniers) \n- crypto: arm/sha512-neon - avoid ADRL pseudo instruction (Ard Biesheuvel) \n- crypto: arm/sha256-neon - avoid ADRL pseudo instruction (Ard Biesheuvel) \n- ARM: 8971/1: replace the sole use of a symbol with its definition (Jian Cai) \n- ARM: 8990/1: use VFP assembler mnemonics in register load/store macros (Stefan Agner) \n- ARM: 8989/1: use .fpu assembler directives instead of assembler arguments (Stefan Agner) \n- net: mscc: ocelot: allow unregistered IP multicast flooding (Vladimir Oltean) \n- kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (Naveen N. Rao) \n- powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (Naveen N. Rao) \n- drm: remove drm_fb_helper_modinit (Christoph Hellwig) \n- LTS tag: v5.4.202 (Sherry Yang) \n- powerpc/pseries: wire up rng during setup_arch() (Jason A. Donenfeld) \n- kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt) (Masahiro Yamada) \n- random: update comment from copy_to_user() -> copy_to_iter() (Jason A. Donenfeld) \n- modpost: fix section mismatch check for exported init/exit sections (Masahiro Yamada) \n- ARM: cns3xxx: Fix refcount leak in cns3xxx_init (Miaoqian Lin) \n- ARM: Fix refcount leak in axxia_boot_secondary (Miaoqian Lin) \n- soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (Miaoqian Lin) \n- ARM: exynos: Fix refcount leak in exynos_map_pmu (Miaoqian Lin) \n- ARM: dts: imx6qdl: correct PU regulator ramp delay (Lucas Stach) \n- powerpc/powernv: wire up rng during setup_arch (Jason A. Donenfeld) \n- powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (Andrew Donnellan) \n- powerpc: Enable execve syscall exit tracepoint (Naveen N. Rao) \n- parisc: Enable ARCH_HAS_STRICT_MODULE_RWX (Helge Deller) \n- xtensa: Fix refcount leak bug in time.c (Liang He) \n- xtensa: xtfpga: Fix refcount leak bug in setup (Liang He) \n- iio: adc: axp288: Override TS pin bias current for some models (Hans de Goede) \n- iio: adc: stm32: fix maximum clock rate for stm32mp15x (Olivier Moysan) \n- iio: trigger: sysfs: fix use-after-free on remove (Vincent Whitchurch) \n- iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (Zheyu Ma) \n- iio: accel: mma8452: ignore the return value of reset operation (Haibo Chen) \n- iio:accel:mxc4005: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:accel:bma180: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:chemical:ccs811: rearrange iio trigger get and register (Dmitry Rokosov) \n- usb: chipidea: udc: check request status before setting device address (Xu Yang) \n- xhci: turn off port power in shutdown (Mathias Nyman) \n- iio: adc: vf610: fix conversion mode sysfs node name (Baruch Siach) \n- s390/cpumf: Handle events cycles and instructions identical (Thomas Richter) \n- gpio: winbond: Fix error code in winbond_gpio_get() (Dan Carpenter) \n- Revert 'net/tls: fix tls_sk_proto_close executed repeatedly' (Jakub Kicinski) \n- virtio_net: fix xdp_rxq_info bug after suspend/resume (Stephan Gerhold) \n- igb: Make DMA faster when CPU is active on the PCIe link (Kai-Heng Feng) \n- regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (Aidan MacDonald) \n- ice: ethtool: advertise 1000M speeds properly (Anatolii Gerasymenko) \n- afs: Fix dynamic root getattr (David Howells) \n- MIPS: Remove repetitive increase irq_err_count (huhai) \n- x86/xen: Remove undefined behavior in setup_features() (Julien Grall) \n- udmabuf: add back sanity check (Gerd Hoffmann) \n- net/tls: fix tls_sk_proto_close executed repeatedly (Ziyang Xuan) \n- erspan: do not assume transport header is always set (Eric Dumazet) \n- drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (Miaoqian Lin) \n- net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (Peilin Ye) \n- bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (Jay Vosburgh) \n- phy: aquantia: Fix AN when higher speeds than 1G are not advertised (Claudiu Manoil) ", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-09-22T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3669", "CVE-2022-1280", "CVE-2022-21385", "CVE-2022-21546", "CVE-2022-2586"], "modified": "2022-09-22T00:00:00", "id": "ELSA-2022-9828", "href": "http://linux.oracle.com/errata/ELSA-2022-9828.html", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-09-21T20:46:15", "description": "[5.4.17-2136.311.6]\n- Revert 'KVM: x86: Print error code in exception injection tracepoint iff\n valid' (Sherry Yang) [Orabug: 34535896]\n[5.4.17-2136.311.5]\n- netfilter: nf_tables: do not allow RULE_ID to refer to another chain (Thadeu Lima de Souza Cascardo) [Orabug: 34495567] {CVE-2022-2586}\n- netfilter: nf_tables: do not allow SET_ID to refer to another table (Thadeu Lima de Souza Cascardo) [Orabug: 34495567] {CVE-2022-2586}\n[5.4.17-2136.311.4]\n- rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 34514570] {CVE-2022-21385}\n- rds/rdma: destroy CQs during user initiated rds connection resets (Rohit Nair) [Orabug: 34414239]\n- scsi: target: Fix WRITE_SAME No Data Buffer crash (Mike Christie) [Orabug: 34419971] {CVE-2022-21546}\n- Revert 'net/rds: Connect TCP backends deterministically' (Gerd Rausch) [Orabug: 34476562]\n- kernfs: Replace global kernfs_open_file_mutex with hashed mutexes. (Imran Khan) [Orabug: 34476941]\n- kernfs: Introduce interface to access global kernfs_open_file_mutex. (Imran Khan) [Orabug: 34476941]\n- kernfs: make ->attr.open RCU protected. (Imran Khan) [Orabug: 34476941]\n- kernfs: Rename kernfs_put_open_node to kernfs_unlink_open_file. (Imran Khan) [Orabug: 34476941]\n- kernfs: Remove reference counting for kernfs_open_node. (Imran Khan) [Orabug: 34476941]\n- arm64: mm: Fix case where !CONFIG_NUMA=y (Henry Willard) [Orabug: 34504995]\n- drm: protect drm_master pointers in drm_lease.c (Desmond Cheong Zhi Xi) [Orabug: 34115076] {CVE-2022-1280}\n- drm: serialize drm_file.master with a new spinlock (Desmond Cheong Zhi Xi) [Orabug: 34115076] {CVE-2022-1280}\n- drm: add a locked version of drm_is_current_master (Desmond Cheong Zhi Xi) [Orabug: 34115076] {CVE-2022-1280}\n- i2c: thunderx: missing struct pci_dev definition in mips build (Dave Kleikamp) [Orabug: 34483890]\n- mips: mm: define MADV_DOEXEC and MADV_DONTEXEC (Dave Kleikamp) [Orabug: 34483890]\n- mips64: Fix X.509 certificates parsing (Eric Saint-Etienne) [Orabug: 34483890]\n- thermal: support for Marvell Octeon TX SoC temperature sensors (Eric Saint-Etienne) [Orabug: 34483890]\n- netdev, octeon3-ethernet: move timecounter init to network driver probe() (Dave Aldridge) [Orabug: 34483890]\n- mips64/octeon: Initialize netdevice in octeon_pow struct (Vijay Kumar) [Orabug: 34483890]\n- MIPS: Add syscall auditing support (Ralf Baechle) [Orabug: 34483890]\n- net/ethernet/octeon: Add ptp_dbg_group module param in octeon-pow-ethernet (Vijay Kumar) [Orabug: 34483890]\n- net/ethernet/octeon: Set max/min mtu of pow equivalent to Octeon eth device (Vijay Kumar) [Orabug: 34483890]\n- arch/mips: Discard the contents of the PCI console if the buffer is full for more than 10 milliseconds (Victor Michel) [Orabug: 34483890]\n- vdso: prevent ld from aligning PT_LOAD segments to 64k (Rob Gardner) [Orabug: 34483890]\n- MIPS: Octeon: cache info: Delete cavium-octeon/cacheinfo.c (Henry Willard) [Orabug: 34483890]\n- uek-rpm: build embedded kernels for t73 (Dave Kleikamp) [Orabug: 34483890]\n- mips: define pmd_special & pmd_mkspecial (Dave Kleikamp) [Orabug: 34483890]\n- kbuild: linker should be called with KBUILD_LDFLAGS (Dave Kleikamp) [Orabug: 34483890]\n- MIPS: octeon: Suppress early_init_dt_scan_memory damage. (Henry Willard) [Orabug: 34483890]\n- mips: Fails to create /sys/firmware/fdt during bootup (Vijay Kumar) [Orabug: 34483890]\n- MIPS: probe_kernel_read() should not panic (Rob Gardner) [Orabug: 34483890]\n- mips/cavium-octeon: Change access permission for /proc/pcie_reset to write (Vijay Kumar) [Orabug: 34483890]\n- mips64: Build for Octeon and generic boards only (Vijay Kumar) [Orabug: 34483890]\n- mips: define pmd_pfn and pud_pfn (Dave Kleikamp) [Orabug: 34483890]\n- MIPS: OCTEON: silence 'virt' assembler warnings (Dave Kleikamp) [Orabug: 34483890]\n- MIPS: OCTEON: OCTEON III build and configuration option (Dave Kleikamp) [Orabug: 34483890]\n- KSPLICE for MIPS also would like function-sections (Rob Gardner) [Orabug: 34483890]\n- Provide thread_info flags for KSPLICE freezer support (Rob Gardner) [Orabug: 34483890]\n- mips: add user_addr_max() and PROT_RESERVED (Dave Kleikamp) [Orabug: 34483890]\n- mips: add clear_page_uncached() (Dave Kleikamp) [Orabug: 34483890]\n- net: octeon-ethernet: Fix to reset the device stats in init (Anushka Singh) [Orabug: 34483890]\n- net: phy: Kconfig: fix double definition of ICPLUS_PHY PHYs (Ivan Khoronzhuk) [Orabug: 34483890]\n- drivers: of_mdio.c : fix of_mdiobus_register_phy return code (Serhii Tyshchenko) [Orabug: 34483890]\n- mips/pci/pci-legacy.c: fix for mixed declarations and code (Serhii Tyshchenko) [Orabug: 34483890]\n- mips: octeon: remove unused pcie_17400_set_affinity (Serhii Tyshchenko) [Orabug: 34483890]\n- asm/octeon/cvmx-lmcx-defs.h: fix for platform selection build warnings (Serhii Tyshchenko) [Orabug: 34483890]\n- fix for cvmx-ila build issue (santhosh D) [Orabug: 34483890]\n- fix for cvmx-helper-rgmii build issue (santhosh D) [Orabug: 34483890]\n- fix for cvmx-l2c build issue (santhosh D) [Orabug: 34483890]\n- MIPS: reserve the memblock right after the kernel (Alex Sverdlin) [Orabug: 34483890]\n- MIPS: Octeon: Update mach_bootmem_init for NUMA support to enable CONFIG_NUMA (Anushka Singh) [Orabug: 34483890]\n- Octeon: net: ethernet: Port from 4.14 to 5.4 octeon-2 ethernet driver changes (Anushka Singh) [Orabug: 34483890]\n- MIPS: OCTEON: Add support for pci hot plugged endpoints (Carlos Munoz) [Orabug: 34483890]\n- arch: mips: cavium-octeon: cvmx-pcie: fix config read 32 (Ivan Khoronzhuk) [Orabug: 34483890]\n- MIPS: ftrace: fix init functions tracing (Ivan Khoronzhuk) [Orabug: 34483890]\n- net: octeon: mgmt: Repair filling of RX ring (Alex Sverdlin) [Orabug: 34483890]\n- Octeon: net: octeon_mgmt: Add MTU size (Anushka Singh) [Orabug: 34483890]\n- Octeon: net: octeon_mgmt: Add phy_start and phy_stop (Anushka Singh) [Orabug: 34483890]\n- Octeon: Add working CISCO kernel config for Octeon (Anushka Singh) [Orabug: 34483890]\n- MIPS: Octeon: MIPS: Update default config for kernel v5.4.30 (Anushka Singh) [Orabug: 34483890]\n- Octeon: net: octeon3-ethernet: Port 4.14 to 5.4 octeon3-ethernet driver (Anushka Singh) [Orabug: 34483890]\n- Octeon: octeon3_ethernet: Port 4.14 to 5.4 fixes incompatible-pointer-types (Anushka Singh) [Orabug: 34483890]\n- Octeon: Fix build error in cvmx-qlm.c (Anushka Singh) [Orabug: 34483890]\n- MIPS: Octeon: add some missing fall through annotations (Anushka Singh) [Orabug: 34483890]\n- OCTEON: octeon_edac-lmc : Temp drop use of VLA (Anushka Singh) [Orabug: 34483890]\n- Octeon: Port 4.14 to 5.4 fixes in PCI/MSI (Anushka Singh) [Orabug: 34483890]\n- MIPS: Octeon: Add updated default config for kernel v5.4.30 (Anushka Singh) [Orabug: 34483890]\n- Octeon: Octeon3 Ethernet driver port 4.14 to 5.4 fixes. (Anushka Singh) [Orabug: 34483890]\n- Octeon: (Temporary) Port 4.14 to 5.4 workaround for VLA in cvmx-dma-engine.c (Anushka Singh) [Orabug: 34483890]\n- net: phy: Port 4.14 to 5.4 fixes in Qualcomm/Atheros qca8334/8337 PHYs (Anushka Singh) [Orabug: 34483890]\n- MIPS: Port 4.14 to 5.4 temporary patch for mach_bootmem_init (Anushka Singh) [Orabug: 34483890]\n- MIPS: Octeon: Port 4.14 to 5.4 fixes for VLA (Anushka Singh) [Orabug: 34483890]\n- net: phy: Port 4.14 to 5.4 fixes in TI tlk10232 and Marvell 88X3120 dual-10G PHY drivers (Anushka Singh) [Orabug: 34483890]\n- MIPS: net: phy: Port 4.14 to 5.4 fixes in bcm87xx phy driver (Anushka Singh) [Orabug: 34483890]\n- MIPS: Octeon: gpio: Port 4.14 to 5.4 fixes (Anushka Singh) [Orabug: 34483890]\n- MIPS: Octeon: Setup file Port 4.14 to 5.4 fixes (Anushka Singh) [Orabug: 34483890]\n- MIPS: octeon-irq: Port 4.14 to 5.4 fixes. (Anushka Singh) [Orabug: 34483890]\n- MIPS: Add default config for kernel v5.4.30 (Anushka Singh) [Orabug: 34483890]\n- MIPS: Octeon PCI Console: Port 4.14 to 5.4 fixes. (Anushka Singh) [Orabug: 34483890]\n- MIPS: OCTEON: Port 4.14 to 5.4 fixes for e->base (Anushka Singh) [Orabug: 34483890]\n- MIPS: OCTEON: octeon-usb: Port 4.14 to 5.4 fixes. (Anushka Singh) [Orabug: 34483890]\n- MIPS: Port 4.14 to 5.4 fixes for access_ok(). (Anushka Singh) [Orabug: 34483890]\n- MIPS: Port 4.14 to 5.4 compile-time error resolution for atomic.h functions. (Anushka Singh) [Orabug: 34483890]\n- MIPS: Octeon: kexec (Lukasz Majczak) [Orabug: 34483890]\n- MIPS: Octeon: Take all memory into use by default. (Lukasz Majczak) [Orabug: 34483890]\n- MIPS: octeon: shared_cpu_map cacheinfo (Lukasz Majczak) [Orabug: 34483890]\n- netdev: octeon-ethernet: Register devices in the ptp class. (Lukasz Majczak) [Orabug: 34483890]\n- mtd: spi-nor: Add Micron (MT25Q*) SPI flash devices. (Lukasz Majczak) [Orabug: 34483890]\n- netdev: octeon-ethernet: Add packet hardware timestamp support. (Carlos Munoz) [Orabug: 34483890]\n- Add default kernel config for Octeon3 (Lukasz Majczak) [Orabug: 34483890]\n- MIPS: Octeon: Fix node calculation (Lukasz Majczak) [Orabug: 34483890]\n- MIPS: OCTEON: Sync-up SE to r173908 (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS: Octeon: Read BGXX_SPUX_FEC_CONTROL before using it. (Chandrakala Chavva) [Orabug: 34483890]\n- net: octeon: Fix ndo_get_stats64 return value. (Chandrakala Chavva) [Orabug: 34483890]\n- Fix build issues (Lukasz Majczak) [Orabug: 34483890]\n- MIPS: Octeon: Fix setting MTU (Lukasz Majczak) [Orabug: 34483890]\n- Revert 'MIPS: kexec: remove SMP_DUMP' (Lukasz Majczak) [Orabug: 34483890]\n- MIPS: OCTEON: HOTPLUG_CPU changes. (Lukasz Majczak) [Orabug: 34483890]\n- net: phy: Port 4.9 to 4.14 fixes (Lukasz Majczak) [Orabug: 34483890]\n- Octeon: MTD: NAND: Port 4.9 to 4.14 fixes (Lukasz Majczak) [Orabug: 34483890]\n- EDAC:Octeon: Fix LMC CSRs access on OcteonII (Chandrakala Chavva) [Orabug: 34483890]\n- EDAC:Octeon: undeclared variable when CONFIG_EDAC_DEBUG=y (Peter Swain) [Orabug: 34483890]\n- net: octeon: NAPI waits once for next packet (Peter Swain) [Orabug: 34483890]\n- MIPS:OCTEON: Sync-up SE files (r172329) (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS:OCTEON: Sync-up SE files (r172318). (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS:OCTEON: Sync-up SE files (r172313) (Chandrakala Chavva) [Orabug: 34483890]\n- edac:octeon: Check if device is present before removing. (Chandrakala Chavva) [Orabug: 34483890]\n- EDAC:Octeon: Fixed EDAC support for OcteonII and OcteonIII. (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS/EDAC: Call edac handle for bigrd/bigwd cases. (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS: Octeon: Sync-up SE files (-r172055) (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS: OCTEON: Backports some bit extract functions from SDK. (Chandrakala Chavva) [Orabug: 34483890]\n- netdev: octeon-ethernet: Fix MTU settings for AGL interface. (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS: OCTEON: Added disable_sbe module parameter (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS: OCTEON: Call panic when co-processor DBE error happens. (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS: OCTEON: Sync-up CIU3 Error data files. (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS/octeon: Add /proc/pcie_reset file. (Peter Swain) [Orabug: 34483890]\n- net: xfrm: Added ipsec kame offload support. (Chandrakala Chavva) [Orabug: 34483890]\n- of_mdio: Add 'cortina,cs4318' to the whitelist. (Steven J. Hill) [Orabug: 34483890]\n- ATA: Disable soft reset for ASM1092 sata port multiplier (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS:Octeon: Sync-up SE files to 170716. (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS: pcie-octeon: reset PCIe on reboot (Peter Swain) [Orabug: 34483890]\n- octeon3: ethernet: driver: Added vlan header size to max mtu. (Abhijit Ayarekar) [Orabug: 34483890]\n- net: octeon: Add IFF_LIVE_ADDR_CHANGE to change mac address live. (Chandrakala Chavva) [Orabug: 34483890]\n- Octeon: MTD: NAND: Do not call is_vmalloc_or_module_addr() (Aaron Williams) [Orabug: 34483890]\n- Cavium: MTD: NAND Ported 3.10 NAND driver to 4.9 (Aaron Williams) [Orabug: 34483890]\n- octeon: mtd: nand: Merged in latest changes from Octeon SDK (Aaron Williams) [Orabug: 34483890]\n- rtc: isl12026: Select CONFIG_NVMEM to ensure it builds. (David Daney) [Orabug: 34483890]\n- MIPS:OCTEON: Sync-up SE files to -r170052 (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS/tlbex: Save and restore ASID around TLBR (David Daney) [Orabug: 34483890]\n- rtc: isl12026: Fix build failure when CONFIG_NVMEM not enabled. (David Daney) [Orabug: 34483890]\n- rtc: isl12026: Add driver. (David Daney) [Orabug: 34483890]\n- i2c: octeon: Emit stop condition if bootloader didn't end last transaction. (David Daney) [Orabug: 34483890]\n- MIPS/PCI/OCTEON: Map irqs after PCI bus rescan. (David Daney) [Orabug: 34483890]\n- EDAC: octeon_edac-lmc: Fix module removal when ECC unsupported. (Steven J. Hill) [Orabug: 34483890]\n- netdev: octeon-ethernet: Check packet backlog periodically to wake up other cpus if needed. (Carlos Munoz) [Orabug: 34483890]\n- Set SDK_VERSION to 5.1.0. (Chandrakala Chavva) [Orabug: 34483890]\n- mtd: nand: octeon: Add NAND flash driver. (Carlos Munoz) [Orabug: 34483890]\n- netdev: octeon-ethernet: use IFF_NO_QUEUE (Peter Swain) [Orabug: 34483890]\n- MIPS: Pass -fno-asynchronous-unwind-tables to compiler. (David Daney) [Orabug: 34483890]\n- MIPS: Add ELF_CORE_COPY_REGS definition. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Correctly calculate totalram_pages (David Daney) [Orabug: 34483890]\n- netdev: octeon-pow: Add napi support. (Carlos Munoz) [Orabug: 34483890]\n- MIPS: OCTEON: Restore 512MB default memory size. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Always try to allocate 1024 MB of 32-bit memory. (David Daney) [Orabug: 34483890]\n- MIPS: pcie-octeon: Use level semantics for int-A interrupts. (David Daney) [Orabug: 34483890]\n- MIPS, pci: Expose Cavium OCTEON PCIe bridges to the PCIe core (David Daney) [Orabug: 34483890]\n- netdev: octeon3-ethernet: Enable srio port and remove srio header on ingress packets. (Carlos Munoz) [Orabug: 34483890]\n- MIPS: OCTEON: Set DIDTO to approx. 250mS. (David Daney) [Orabug: 34483890]\n- MIPS,ftrace: Fix dynamic ftrace patching of MAPPED_KERNEL modules. (David Daney) [Orabug: 34483890]\n- MIPS: oct_ilm: Add OCTEON III support. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Don't translate underlying GPIO irq bits. (Corey Minyard) [Orabug: 34483890]\n- gpio: gpio-octeon: Fix to_irq() support. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Initialize the mport structure correctly. (Carlos Munoz) [Orabug: 34483890]\n- MIPS: Move VMALLOC_START to avoid OCTEON III Core-31034 (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Don't allow interrupts or scheduling from CacheErr handler. (David Daney) [Orabug: 34483890]\n- netdev: octeon-pow: Save aura before freeing the wqe. (Carlos Munoz) [Orabug: 34483890]\n- MIPS: OCTEON: Platform support for OCTEON III USB controller (Steven J. Hill) [Orabug: 34483890]\n- MIPS: OCTEON: Change SDK release string to 5.1.0-prerelease (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Always try to allocate 512 MB of 32-bit memory. (David Daney) [Orabug: 34483890]\n- netdev, octeon3-ethernet: Don't bloat RX buffer pool. (David Daney) [Orabug: 34483890]\n- watchdog: octeon-wdt: Implement G-30204 workaround. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Add missing CONFIG_KEXEC support. (David Daney) [Orabug: 34483890]\n- staging: octeon: Call SET_NETDEV_DEV() (Florian Fainelli) [Orabug: 34483890]\n- mmc: cavium: Fix broken sign extensions in block write code. (David Daney) [Orabug: 34483890]\n- mmc: core: Export API to allow hosts to get the card address (Ulf Hansson) [Orabug: 34483890]\n- MAINTAINERS: Add entry for Cavium MMC driver (Jan Glauber) [Orabug: 34483890]\n- mips/gpio: Fix OCTEON GPIO interrupt support. (David Daney) [Orabug: 34483890]\n- MIPS:OCTEON: Sync up SE files as of r154518. (Carlos Munoz) [Orabug: 34483890]\n- mips: edac: octeon: Use preemptive safe methods. (Carlos Munoz) [Orabug: 34483890]\n- net: phy: Force the link state to be checked during initialization. (Carlos Munoz) [Orabug: 34483890]\n- crypto: octeon: Use proper function to check for features. (Carlos Munoz) [Orabug: 34483890]\n- netdev: octeon3-ethernet: Disable transmit queues. (Carlos Munoz) [Orabug: 34483890]\n- netdev: octeon-ethernet: Handle when octeon_hw_status_add_source() fails. (Carlos Munoz) [Orabug: 34483890]\n- MIPS: OCTEON: Fix build breakage when CONFIG_SMP disabled (David Daney) [Orabug: 34483890]\n- ata: Use WARN instead of BUG in pata_octeon_cf. (David Daney) [Orabug: 34483890]\n- netdev/phy: Initial support for Vitesse vsc8490 phy. (Carlos Munoz) [Orabug: 34483890]\n- netdev: Add driver for Marvell 88X3120 dual 10GBase-T Ethernet phy (David Daney) [Orabug: 34483890]\n- phy/marvell: Add did_interrupt() method for Marvell 88E1240 (David Daney) [Orabug: 34483890]\n- net: phy: add qca833x phy-headed-switch (Peter Swain) [Orabug: 34483890]\n- netdev/phy: Add driver for TI tlk10232 dual-10G PHY. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Enable Micrel 9031 PHY for OCTEON. (Chandrakala Chavva) [Orabug: 34483890]\n- netdev/phy/of: Handle nexus Ethernet PHY devices (Aaron Williams) [Orabug: 34483890]\n- netdev/phy: Add driver for Cortina cs4321 quad 10G PHY. (David Daney) [Orabug: 34483890]\n- perf: context-sensitive keywords: for uncore_foo/miss/ (Peter Swain) [Orabug: 34483890]\n- MIPS: Fix arch in assembly for saa instruction. (Andrew Pinski) [Orabug: 34483890]\n- MIPS: OCTEON: Fix simulator compile error. (Carlos Munoz) [Orabug: 34483890]\n- MIPS: OCTEON: Use IRQF_NO_THREAD when chaining MSIs (David Daney) [Orabug: 34483890]\n- OCTEON: OCLA driver to support blocking IO. (Carlos Munoz) [Orabug: 34483890]\n- RapidIO: Driver for CN6XXX (Chad Reese) [Orabug: 34483890]\n- RapidIO: Add interface to memory map rapidio device memory. (Chad Reese) [Orabug: 34483890]\n- MIPS: OCTEON: Add driver Serial Rapid I/O (sRIO) hardware. (Carlos Munoz) [Orabug: 34483890]\n- netdev: octeon_mgmt: Update with latest changes. (David Daney) [Orabug: 34483890]\n- Revert 'net: octeon: mgmt: Repair filling of RX ring' (Dave Kleikamp) [Orabug: 34483890]\n- Revert 'net: ethernet: cavium: octeon_mgmt: use phy_start and phy_stop' (Dave Kleikamp) [Orabug: 34483890]\n- netdev: octeon3-ethernet: Driver for octeon III SOCs. (Carlos Munoz) [Orabug: 34483890]\n- MIPS: OCTEON: Create fpa3 standalone driver. (Carlos Munoz) [Orabug: 34483890]\n- netdev: octeon: Move and update octeon network driver from staging. (Carlos Munoz) [Orabug: 34483890]\n- Revert 'staging/octeon: fix up merge error' (Dave Kleikamp) [Orabug: 34483890]\n- Revert 'staging: octeon: repair 'fixed-link' support' (Dave Kleikamp) [Orabug: 34483890]\n- Revert 'staging: octeon: Drop on uncorrectable alignment or FCS error' (Dave Kleikamp) [Orabug: 34483890]\n- MIPS: Add core-16419 errata workaround (Andrew Pinski) [Orabug: 34483890]\n- mips: octeon: add TDM feature & IRQ (Peter Swain) [Orabug: 34483890]\n- MIPS: traps: call crash_kexec() before panic() when dying (Taras Kondratiuk) [Orabug: 34483890]\n- MIPS:OCTEON: Increase the load address (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS: OCTEON: Add syscall to add timer events. (Carlos Munoz) [Orabug: 34483890]\n- MIPS: kexec: Set memory limits to HIGHMEM_START. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Fix Cache error detection for OCTEON III. (David Daney) [Orabug: 34483890]\n- watchdog: octeon-wdt: Fix timer rate for all OCTEON III parts. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Update octeon-error-injector for OCTEON III. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Fix saving of CVMSEG per-task state. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Handle MSI on multiple nodes. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Increase NR_IRQS for CONFIG_NUMA. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Add csrc-fpa-clk. (David Daney) [Orabug: 34483890]\n- watchdog: octeon-wdt: Fix to work on multi-node systems. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Fix Automatic provisioning CVMSEG space. (David Daney) [Orabug: 34483890]\n- MIPS:OCTEON: Disable error tree handling on shutdown (Corey Minyard) [Orabug: 34483890]\n- MIPS: OCTEON: Fix IPI mechanism used by KEXEC. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Try to allocate at least 256MB of DMA32 memory. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Add NUMA support for cn78XX (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Print warning message if OCTEON II kernel run on earlier chips. (David Daney) [Orabug: 34483890]\n- MIPS: Make setting of MAX_PHYSMEM_BITS settable per sub-architecture. (David Daney) [Orabug: 34483890]\n- MIPS: Make XPHYSADDR() work for all addresses. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: cpu_state not just for _HOTPLUG (Peter Swain) [Orabug: 34483890]\n- MIPS: OCTEON: Add sysfs hooks to add and remove CPUs. (David Daney) [Orabug: 34483890]\n- MIPS: Octeon: Revise memory allocation from bootloader (Leonid Rosenboim) [Orabug: 34483890]\n- MIPS: OCTEON: Automatically provision CVMSEG space. (David Daney) [Orabug: 34483890]\n- MIPS: Octeon: Get first 256MB from 32-bit addresable memory (Leonid Rosenboim) [Orabug: 34483890]\n- MIPS/OCTEON: Add multiple msi support. (Carlos Munoz) [Orabug: 34483890]\n- MIPS: OCTEON: Inhibit CP0_Compare interrupts when not needed. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Add preliminary GPIO interrupt support for cn78XX. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Reorganize PCIe controller code. (Venkat Subbiah) [Orabug: 34483890]\n- MIPS: OCTEON: MSI-X interrupts for cn78XX. (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS/OCTEON: CIU/CIU2 use random msi irqs. (Carlos Munoz) [Orabug: 34483890]\n- MIPS: OCTEON: Add initial error bit detection for cn78XX. (David Daney) [Orabug: 34483890]\n- MIPS: Fix demand activation of OCTEON CVMSEG region. (David Daney) [Orabug: 34483890]\n- MIPS:OCTEON: Enable access to CVMSEG for user space (Chandrakala Chavva) [Orabug: 34483890]\n- watchdog: Octeon: Add 78xx support. (Carlos Munoz) [Orabug: 34483890]\n- MIPS: oct_ilm: Fix debugfs file permissions. (David Daney) [Orabug: 34483890]\n- MIPS: KDUMP: Fix to access non-sectioned memory (Prem Mallappa) [Orabug: 34483890]\n- MIPS: OCTEON: Fix plat_swiotlb_setup() for OCTEON3 (David Daney) [Orabug: 34483890]\n- MIPS: Handle CPU_CAVIUM_OCTEON3 like CPU_CAVIUM_OCTEON2 in clear_page. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Allow CONFIG_CAVIUM_CN63XXP1 to be disabled. (David Daney) [Orabug: 34483890]\n- MIPS/EDAC: Use correct fields for printing error message for O3 model (Chandrakala Chavva) [Orabug: 34483890]\n- edac/octeon_edac-lmc: Fix kernel panic when 1 DDR present (Prem Mallappa) [Orabug: 34483890]\n- MIPS/EDAC: Cavium: Updated L2C error checking for OCTEON3. (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS: Only flush local ICache in get_new_asid(). (David Daney) [Orabug: 34483890]\n- MIPS: Add new function local_flush_icache_all() (David Daney) [Orabug: 34483890]\n- MIPS: Handle indexed load instructions in emulate_load_store_insn(). (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Increase the number of irqs for !PCI case (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Restore printing of L2 Cache information. (David Daney) [Orabug: 34483890]\n- MIPS: Octeon: Add /sys/devices/system/cpu/cpuX/cache (Venkat Subbiah) [Orabug: 34483890]\n- MIPS perf: Rework the mipspmu notifiers. (David Daney) [Orabug: 34483890]\n- MIPS perf: OCTEON: Handle PMU pmu_enable/pmu_diable notifications. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Sync up HOTPLUG_CPU changes. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Per process XKPHYS (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS: move arch/mips/cavium-octeon/cpu.c to arch/mips/kernel/ (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Set the extended bits of DIDTTO too. (David Daney) [Orabug: 34483890]\n- MIPS: Add support for OCTEON III perf events. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Keep reset value for COP0_ERRCTL (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS: OCTEON: Enable tlb parity error for O3 (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS: OCTEON: Use correct L2C CSR for cache locking. (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS: OCTEON: Move L2 Cache probing code to setup.c (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Move xkphys_usermem_{read,write} to octeon-cpu.c (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Fix L1 dacache parity for OCTEON3 (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS: OCTEON: Use current_cpu_type() for CPU model check. (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS: Octeon: Initialize proper CVMX_SSO_NW_TIM register. (David Daney) [Orabug: 34483890]\n- MIPS: Octeon: Merge and cleanup. (Leonid Rosenboim) [Orabug: 34483890]\n- MIPS: OCTEON: Save/Restore wider multiply registers in OCTEON III CPUs (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Add support for CONFIG_CAVIUM_GDB (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Add Cavium OCTEON serial driver. (Carlos Munoz) [Orabug: 34483890]\n- MIPS: Octeon: Rearrange L2 cache locking code (David Daney) [Orabug: 34483890]\n- MIPS/OCTEON: Initialize QLM JTAG. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Import new S.E. and adjust things to match. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Add /proc/octeon_perf support. (David Daney) [Orabug: 34483890]\n- MIPS: Allow sub-architecture 'machines' to override bootmem initialization. (David Daney) [Orabug: 34483890]\n- MIPS: Fix warning spew on CONFIG_PREEMPT_DEBUG and ptrace watch register use. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Fix compile/run time errors from synced cvmx files. (Carlos Munoz) [Orabug: 34483890]\n- Sync-up SE files (latest) (Lukasz Majczak) [Orabug: 34483890]\n- MIPS: OCTEON: octeon-lmc bug fixes (Chandrakala Chavva) [Orabug: 34483890]\n- MIPS: OCTEON: Add module to inject hardware error conditions. (David Daney) [Orabug: 34483890]\n- MIPS: Add accessor functions for OCTEON ERRCTL CP0 register. (David Daney) [Orabug: 34483890]\n- MIPS/OCTEON: Add OCTEON II TLB parity error handling (David Daney) [Orabug: 34483890]\n- MIPS: Add board_mcheck_handler, show process state on machine check exception. (David Daney) [Orabug: 34483890]\n- MIPS: Octeon: Cleanup obsolete CrashKernel memory init in octeon/setup.c (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Add support for running kernel in mapped address space. (David Daney) [Orabug: 34483890]\n- MIPS/edac/OCTEON: Hook up Write Buffer parity errors to EDAC. (David Daney) [Orabug: 34483890]\n- MIPS: Octeon: Add /proc/octeon_info support. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Define cpu_has_local_ebase to 0. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Use virt_to_phys() and phys_to_virt() in octeon/setup.c (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Add framework for managing and reporting hardware status bit assertions. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Populate kernel memory from cvmx_bootmem named blocks. (David Daney) [Orabug: 34483890]\n- MIPS: Octeon: Disable probing MDIO for Landbird NIC 10g cards. (David Daney) [Orabug: 34483890]\n- MIPS: Octeon: Add config option to disable ELF NOTE segments (David Daney) [Orabug: 34483890]\n- MIPS: Octeon: Add simple Octeon IPI infrastructure (David Daney) [Orabug: 34483890]\n- MIPS: Octeon: Quit using all the mailbox bits. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Handle userspace access to CVMSEG (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Add driver for OCTEON PCI console. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Make PCIe work with Little Endian kernel. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Rearrange CVMSEG slots. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Add ability to used an initrd from a named memory block. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Change load address to waste less memory. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Add parameter to disable PCI on command line. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Print address of passed device tree. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Introduce xkphys_read, xkphys_write sysmips(2) calls (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Add sysfs support for CPU power throttling. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Add PTP clocksource. (David Daney) [Orabug: 34483890]\n- MIPS: msi-octeon: Add MSI-X support for OCTEON III. (Lukasz Majczak) [Orabug: 34483890]\n- MIPS: OCTEON: Add support for SRIO interrupt sources. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Add utility helper function octeon_read_ptp_csr() (David Daney) [Orabug: 34483890]\n- gpio: gpio-octeon: Add cn78XX support. (David Daney) [Orabug: 34483890]\n- MIPS: Add Octeon2 optimizations to clear_page. (David Daney) [Orabug: 34483890]\n- MIPS: Add ZCB and ZCBT instructions to uasm. (David Daney) [Orabug: 34483890]\n- MIPS: Use Octeon2 atomic instructions when cpu_has_octeon2_isa. (David Daney) [Orabug: 34483890]\n- MIPS: OCTEON: Add OCTEON II build and configuration option (David Daney) [Orabug: 34483890]\n- MIPS: Octeon: Fast access to the thread pointer (David Daney) [Orabug: 34483890]\n[5.4.17-2136.311.3]\n- arm64: pensando: Kernel PCIe manager for Pensando SmartNIC (Rob Gardner) [Orabug: 33480595]\n- PCI: pciehp: Add quirk to handle spurious DLLSC on a x4x4 SSD (Thomas Tai) [Orabug: 34358323]\n- ext4: Move to shared i_rwsem even without dioread_nolock mount opt (Ritesh Harjani) [Orabug: 34405736]\n- ext4: Start with shared i_rwsem in case of DIO instead of exclusive (Ritesh Harjani) [Orabug: 34405736]\n- ext4: further refactoring bufferio and dio helper (Junxiao Bi) [Orabug: 34405736]\n- ext4: refactor ext4_file_write_iter (Junxiao Bi) [Orabug: 34405736]\n- net/mlx5: E-Switch, change VFs default admin state to auto in switchdev (Maor Dickman) [Orabug: 34477073]\n- xen/manage: Use orderly_reboot() to reboot (Ross Lagerwall) [Orabug: 34480732]\n- xen/manage: revert 'xen/manage: enable C_A_D to force reboot' (Dongli Zhang) [Orabug: 34480732]\n[5.4.17-2136.311.2]\n- s390/archrandom: prevent CPACF trng invocations in interrupt context (Harald Freudenberger) \n- xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (Demi Marie Obenour) \n- LTS tag: v5.4.206 (Sherry Yang) \n- Revert 'mtd: rawnand: gpmi: Fix setting busy timeout setting' (Greg Kroah-Hartman) \n- LTS tag: v5.4.205 (Sherry Yang) \n- dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (Miaoqian Lin) \n- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (Miaoqian Lin) \n- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (Michael Walle) \n- dmaengine: pl330: Fix lockdep warning about non-static key (Dmitry Osipenko) \n- ida: don't use BUG_ON() for debugging (Linus Torvalds) \n- dt-bindings: dma: allwinner,sun50i-a64-dma: Fix min/max typo (Samuel Holland) \n- misc: rtsx_usb: set return value in rsp_buf alloc err path (Shuah Khan) \n- misc: rtsx_usb: use separate command and response buffers (Shuah Khan) \n- misc: rtsx_usb: fix use of dma mapped buffer for usb bulk transfer (Shuah Khan) \n- dmaengine: imx-sdma: Allow imx8m for imx7 FW revs (Peter Robinson) \n- i2c: cadence: Unregister the clk notifier in error path (Satish Nagireddy) \n- selftests: forwarding: fix error message in learning_test (Vladimir Oltean) \n- selftests: forwarding: fix learning_test when h1 supports IFF_UNICAST_FLT (Vladimir Oltean) \n- selftests: forwarding: fix flood_unicast_test when h2 supports IFF_UNICAST_FLT (Vladimir Oltean) \n- ibmvnic: Properly dispose of all skbs during a failover. (Rick Lindsley) \n- ARM: at91: pm: use proper compatibles for sam9x60's rtc and rtt (Claudiu Beznea) \n- ARM: at91: pm: use proper compatible for sama5d2's rtc (Claudiu Beznea) \n- pinctrl: sunxi: sunxi_pconf_set: use correct offset (Andrei Lalaev) \n- pinctrl: sunxi: a83t: Fix NAND function name for some pins (Samuel Holland) \n- ARM: meson: Fix refcount leak in meson_smp_prepare_cpus (Miaoqian Lin) \n- can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits (Jimmy Assarsson) \n- can: kvaser_usb: kvaser_usb_leaf: fix CAN clock frequency regression (Jimmy Assarsson) \n- can: kvaser_usb: replace run-time checks with struct kvaser_usb_driver_info (Jimmy Assarsson) \n- powerpc/powernv: delay rng platform device creation until later in boot (Jason A. Donenfeld) \n- video: of_display_timing.h: include errno.h (Hsin-Yi Wang) \n- fbcon: Prevent that screen size is smaller than font size (Helge Deller) \n- fbcon: Disallow setting font bigger than screen size (Helge Deller) \n- fbmem: Check virtual screen sizes in fb_set_var() (Helge Deller) \n- fbdev: fbmem: Fix logo center image dx issue (Guiling Deng) \n- iommu/vt-d: Fix PCI bus rescan device hot add (Yian Chen) \n- net: rose: fix UAF bug caused by rose_t0timer_expiry (Duoming Zhou) \n- usbnet: fix memory leak in error case (Oliver Neukum) \n- can: gs_usb: gs_usb_open/close(): fix memory leak (Rhett Aultman) \n- can: grcan: grcan_probe(): remove extra of_node_get() (Liang He) \n- can: bcm: use call_rcu() instead of costly synchronize_rcu() (Oliver Hartkopp) \n- mm/slub: add missing TID updates on slab deactivation (Jann Horn) \n- esp: limit skb_page_frag_refill use to a single page (Sabrina Dubroca) \n- LTS tag: v5.4.204 (Sherry Yang) \n- clocksource/drivers/ixp4xx: remove EXPORT_SYMBOL_GPL from ixp4xx_timer_setup() (Greg Kroah-Hartman) \n- net: usb: qmi_wwan: add Telit 0x1070 composition (Daniele Palmas) \n- net: usb: qmi_wwan: add Telit 0x1060 composition (Carlo Lobrano) \n- xen/arm: Fix race in RB-tree based P2M accounting (Oleksandr Tyshchenko) {CVE-2022-33744}\n- xen/blkfront: force data bouncing when backend is untrusted (Roger Pau Monne) {CVE-2022-33742}\n- xen/netfront: force data bouncing when backend is untrusted (Roger Pau Monne) {CVE-2022-33741}\n- xen/netfront: fix leaking data in shared pages (Roger Pau Monne) {CVE-2022-33740}\n- xen/blkfront: fix leaking data in shared pages (Roger Pau Monne) {CVE-2022-26365}\n- selftests/rseq: Change type of rseq_offset to ptrdiff_t (Mathieu Desnoyers) \n- selftests/rseq: x86-32: use %gs segment selector for accessing rseq thread area (Mathieu Desnoyers) \n- selftests/rseq: x86-64: use %fs segment selector for accessing rseq thread area (Mathieu Desnoyers) \n- selftests/rseq: Fix: work-around asm goto compiler bugs (Mathieu Desnoyers) \n- selftests/rseq: Remove arm/mips asm goto compiler work-around (Mathieu Desnoyers) \n- selftests/rseq: Fix warnings about #if checks of undefined tokens (Mathieu Desnoyers) \n- selftests/rseq: Fix ppc32 offsets by using long rather than off_t (Mathieu Desnoyers) \n- selftests/rseq: Fix ppc32 missing instruction selection 'u' and 'x' for load/store (Mathieu Desnoyers) \n- selftests/rseq: Fix ppc32: wrong rseq_cs 32-bit field pointer on big endian (Mathieu Desnoyers) \n- selftests/rseq: Uplift rseq selftests for compatibility with glibc-2.35 (Mathieu Desnoyers) \n- selftests/rseq: Introduce thread pointer getters (Mathieu Desnoyers) \n- selftests/rseq: Introduce rseq_get_abi() helper (Mathieu Desnoyers) \n- selftests/rseq: Remove volatile from __rseq_abi (Mathieu Desnoyers) \n- selftests/rseq: Remove useless assignment to cpu variable (Mathieu Desnoyers) \n- selftests/rseq: introduce own copy of rseq uapi header (Mathieu Desnoyers) \n- selftests/rseq: remove ARRAY_SIZE define from individual tests (Shuah Khan) \n- rseq/selftests,x86_64: Add rseq_offset_deref_addv() (Peter Oskolkov) \n- ipv6/sit: fix ipip6_tunnel_get_prl return value (katrinzhou) \n- sit: use min (kernel test robot) \n- net: dsa: bcm_sf2: force pause link settings (Doug Berger) \n- hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails (Yang Yingliang) \n- xen/gntdev: Avoid blocking in unmap_grant_pages() (Demi Marie Obenour) \n- net: tun: avoid disabling NAPI twice (Jakub Kicinski) \n- NFC: nxp-nci: Don't issue a zero length i2c_master_read() (Michael Walle) \n- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- net: bonding: fix use-after-free after 802.3ad slave unbind (Yevhen Orlov) \n- net: bonding: fix possible NULL deref in rlb code (Eric Dumazet) \n- net/sched: act_api: Notify user space if any actions were flushed before error (Victor Nogueira) \n- netfilter: nft_dynset: restore set element counter when failing to update (Pablo Neira Ayuso) \n- s390: remove unneeded 'select BUILD_BIN2C' (Masahiro Yamada) \n- PM / devfreq: exynos-ppmu: Fix refcount leak in of_get_devfreq_events (Miaoqian Lin) \n- caif_virtio: fix race between virtio_device_ready() and ndo_open() (Jason Wang) \n- net: ipv6: unexport __init-annotated seg6_hmac_net_init() (YueHaibing) \n- usbnet: fix memory allocation in helpers (Oliver Neukum) \n- linux/dim: Fix divide by 0 in RDMA DIM (Tao Liu) \n- RDMA/qedr: Fix reporting QP timeout attribute (Kamal Heib) \n- net: tun: stop NAPI when detaching queues (Jakub Kicinski) \n- net: tun: unlink NAPI from device on destruction (Jakub Kicinski) \n- selftests/net: pass ipv6_args to udpgso_bench's IPv6 TCP test (Dimitris Michailidis) \n- virtio-net: fix race between ndo_open() and virtio_device_ready() (Jason Wang) \n- net: usb: ax88179_178a: Fix packet receiving (Jose Alonso) \n- net: rose: fix UAF bugs caused by timer handler (Duoming Zhou) \n- s390/archrandom: simplify back to earlier design and initialize earlier (Jason A. Donenfeld) \n- dm raid: fix KASAN warning in raid5_add_disks (Mikulas Patocka) \n- dm raid: fix accesses beyond end of raid member array (Heinz Mauelshagen) \n- powerpc/bpf: Fix use of user_pt_regs in uapi (Naveen N. Rao) \n- powerpc/prom_init: Fix kernel config grep (Liam Howlett) \n- nvdimm: Fix badblocks clear off-by-one error (Chris Ye) \n- ipv6: take care of disable_policy when restoring routes (Nicolas Dichtel) \n- LTS tag: v5.4.203 (Sherry Yang) \n- crypto: arm/ghash-ce - define fpu before fpu registers are referenced (Stefan Agner) \n- crypto: arm - use Kconfig based compiler checks for crypto opcodes (Ard Biesheuvel) \n- ARM: 9029/1: Make iwmmxt.S support Clang's integrated assembler (Jian Cai) \n- ARM: OMAP2+: drop unnecessary adrl (Stefan Agner) \n- ARM: 8929/1: use APSR_nzcv instead of r15 as mrc operand (Stefan Agner) \n- ARM: 8933/1: replace Sun/Solaris style flag on section directive (Nick Desaulniers) \n- crypto: arm/sha512-neon - avoid ADRL pseudo instruction (Ard Biesheuvel) \n- crypto: arm/sha256-neon - avoid ADRL pseudo instruction (Ard Biesheuvel) \n- ARM: 8971/1: replace the sole use of a symbol with its definition (Jian Cai) \n- ARM: 8990/1: use VFP assembler mnemonics in register load/store macros (Stefan Agner) \n- ARM: 8989/1: use .fpu assembler directives instead of assembler arguments (Stefan Agner) \n- net: mscc: ocelot: allow unregistered IP multicast flooding (Vladimir Oltean) \n- kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (Naveen N. Rao) \n- powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (Naveen N. Rao) \n- drm: remove drm_fb_helper_modinit (Christoph Hellwig) \n- LTS tag: v5.4.202 (Sherry Yang) \n- powerpc/pseries: wire up rng during setup_arch() (Jason A. Donenfeld) \n- kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt) (Masahiro Yamada) \n- random: update comment from copy_to_user() -> copy_to_iter() (Jason A. Donenfeld) \n- modpost: fix section mismatch check for exported init/exit sections (Masahiro Yamada) \n- ARM: cns3xxx: Fix refcount leak in cns3xxx_init (Miaoqian Lin) \n- ARM: Fix refcount leak in axxia_boot_secondary (Miaoqian Lin) \n- soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (Miaoqian Lin) \n- ARM: exynos: Fix refcount leak in exynos_map_pmu (Miaoqian Lin) \n- ARM: dts: imx6qdl: correct PU regulator ramp delay (Lucas Stach) \n- powerpc/powernv: wire up rng during setup_arch (Jason A. Donenfeld) \n- powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (Andrew Donnellan) \n- powerpc: Enable execve syscall exit tracepoint (Naveen N. Rao) \n- parisc: Enable ARCH_HAS_STRICT_MODULE_RWX (Helge Deller) \n- xtensa: Fix refcount leak bug in time.c (Liang He) \n- xtensa: xtfpga: Fix refcount leak bug in setup (Liang He) \n- iio: adc: axp288: Override TS pin bias current for some models (Hans de Goede) \n- iio: adc: stm32: fix maximum clock rate for stm32mp15x (Olivier Moysan) \n- iio: trigger: sysfs: fix use-after-free on remove (Vincent Whitchurch) \n- iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (Zheyu Ma) \n- iio: accel: mma8452: ignore the return value of reset operation (Haibo Chen) \n- iio:accel:mxc4005: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:accel:bma180: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:chemical:ccs811: rearrange iio trigger get and register (Dmitry Rokosov) \n- usb: chipidea: udc: check request status before setting device address (Xu Yang) \n- xhci: turn off port power in shutdown (Mathias Nyman) \n- iio: adc: vf610: fix conversion mode sysfs node name (Baruch Siach) \n- s390/cpumf: Handle events cycles and instructions identical (Thomas Richter) \n- gpio: winbond: Fix error code in winbond_gpio_get() (Dan Carpenter) \n- Revert 'net/tls: fix tls_sk_proto_close executed repeatedly' (Jakub Kicinski) \n- virtio_net: fix xdp_rxq_info bug after suspend/resume (Stephan Gerhold) \n- igb: Make DMA faster when CPU is active on the PCIe link (Kai-Heng Feng) \n- regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (Aidan MacDonald) \n- ice: ethtool: advertise 1000M speeds properly (Anatolii Gerasymenko) \n- afs: Fix dynamic root getattr (David Howells) \n- MIPS: Remove repetitive increase irq_err_count (huhai) \n- x86/xen: Remove undefined behavior in setup_features() (Julien Grall) \n- udmabuf: add back sanity check (Gerd Hoffmann) \n- erspan: do not assume transport header is always set (Eric Dumazet) \n- drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (Miaoqian Lin) \n- net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (Peilin Ye) \n- bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (Jay Vosburgh) \n- phy: aquantia: Fix AN when higher speeds than 1G are not advertised (Claudiu Manoil) \n- bpf: Fix request_sock leak in sk lookup helpers (Jon Maxwell) \n- USB: serial: option: add Quectel RM500K module support (Macpaul Lin) \n- USB: serial: option: add Quectel EM05-G modem (Yonglin Tan) ", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-09-21T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3669", "CVE-2022-1280", "CVE-2022-21385", "CVE-2022-21546", "CVE-2022-2586"], "modified": "2022-09-21T00:00:00", "id": "ELSA-2022-9829", "href": "http://linux.oracle.com/errata/ELSA-2022-9829.html", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2022-09-21T22:44:06", "description": "[5.15.0-2.52.3.el8]\n- posix-cpu-timers: Cleanup CPU timers before freeing them during exec (Thadeu Lima de Souza Cascardo) [Orabug: 34495548] {CVE-2022-2585}\n- fix race between exit_itimers() and /proc/pid/timers (Oleg Nesterov) [Orabug: 34495548] \n- rds: ib: Add preemption control when using per-cpu variables (Hakon Bugge) [Orabug: 34505120] \n- ocfs2: fix handle refcount leak in two exception handling paths (Chenyuan Mi) [Orabug: 34436530] \n- netfilter: nf_tables: do not allow RULE_ID to refer to another chain (Thadeu Lima de Souza Cascardo) [Orabug: 34495566] {CVE-2022-2586}\n- netfilter: nf_tables: do not allow CHAIN_ID to refer to another table (Thadeu Lima de Souza Cascardo) [Orabug: 34495566] {CVE-2022-2586}\n- netfilter: nf_tables: do not allow SET_ID to refer to another table (Thadeu Lima de Souza Cascardo) [Orabug: 34495566] {CVE-2022-2586}\n- rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 34510687] {CVE-2022-21385}\n- kernfs: Replace global kernfs_open_file_mutex with hashed mutexes. (Imran Khan) [Orabug: 34476940] \n- kernfs: Introduce interface to access global kernfs_open_file_mutex. (Imran Khan) [Orabug: 34476940] \n- kernfs: make ->attr.open RCU protected. (Imran Khan) [Orabug: 34476940] \n- kernfs: Rename kernfs_put_open_node to kernfs_unlink_open_file. (Imran Khan) [Orabug: 34476940] \n- kernfs: Remove reference counting for kernfs_open_node. (Imran Khan) [Orabug: 34476940] \n- Revert net/rds: Connect TCP backends deterministically (Gerd Rausch) [Orabug: 34476561] \n- rds/ib: handle posted ACK during connection shutdown (Rohit Nair) [Orabug: 34465808] \n- rds/ib: reap tx completions during connection shutdown (Rohit Nair) [Orabug: 34465808] \n- uek-rpm: Set CONFIG_VSOCKETS=m and CONFIG_VSOCKETS_DIAG=m (Victor Erminpour) [Orabug: 34461322] \n- scsi: target: Fix WRITE_SAME No Data Buffer crash (Mike Christie) [Orabug: 34419970] {CVE-2022-21546}\n- rds/rdma: destroy CQs during user initiated rds connection resets (Rohit Nair) [Orabug: 34414238]\n[5.15.0-2.52.2]\n- PCI: pciehp: Add quirk to handle spurious DLLSC on a x4x4 SSD (Thomas Tai) [Orabug: 34358322] \n- net/mlx5: E-Switch, change VFs default admin state to auto in switchdev (Maor Dickman) [Orabug: 34477072] \n- xen/manage: Use orderly_reboot() to reboot (Ross Lagerwall) [Orabug: 34480751] \n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34484536] {CVE-2022-2588}\n[5.15.0-2.52.1]\n- LTS version: v5.15.52 (Jack Vogel) \n- io_uring: fix not locked access to fixed buf table (Pavel Begunkov) \n- net: mscc: ocelot: allow unregistered IP multicast flooding to CPU (Vladimir Oltean) \n- rtw88: rtw8821c: enable rfe 6 devices (Ping-Ke Shih) \n- rtw88: 8821c: support RFE type4 wifi NIC (Guo-Feng Fan) \n- fs: account for group membership (Christian Brauner) \n- fs: fix acl translation (Christian Brauner) \n- fs: support mapped mounts of mapped filesystems (Christian Brauner) \n- fs: add i_user_ns() helper (Christian Brauner) \n- fs: port higher-level mapping helpers (Christian Brauner) \n- fs: remove unused low-level mapping helpers (Christian Brauner) \n- fs: use low-level mapping helpers (Christian Brauner) \n- docs: update mapping documentation (Christian Brauner) \n- fs: account for filesystem mappings (Christian Brauner) \n- fs: tweak fsuidgid_has_mapping() (Christian Brauner) \n- fs: move mapping helpers (Christian Brauner) \n- fs: add is_idmapped_mnt() helper (Christian Brauner) \n- powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (Naveen N. Rao) \n- xfs: Fix the free logic of state in xfs_attr_node_hasname (Yang Xu) \n- xfs: use kmem_cache_free() for kmem_cache objects (Rustam Kovhaev) \n- bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (Coly Li) \n- tick/nohz: unexport __init-annotated tick_nohz_full_setup() (Masahiro Yamada) \n- LTS version: v5.15.51 (Jack Vogel) \n- powerpc/pseries: wire up rng during setup_arch() (Jason A. Donenfeld) \n- kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt) (Masahiro Yamada) \n- dma-direct: use the correct size for dma_set_encrypted() (Dexuan Cui) \n- perf build-id: Fix caching files with a wrong build ID (Adrian Hunter) \n- random: update comment from copy_to_user() -> copy_to_iter() (Jason A. Donenfeld) \n- ARM: dts: bcm2711-rpi-400: Fix GPIO line names (Stefan Wahren) \n- modpost: fix section mismatch check for exported init/exit sections (Masahiro Yamada) \n- ARM: cns3xxx: Fix refcount leak in cns3xxx_init (Miaoqian Lin) \n- memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings (Miaoqian Lin) \n- ARM: Fix refcount leak in axxia_boot_secondary (Miaoqian Lin) \n- soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (Miaoqian Lin) \n- ARM: exynos: Fix refcount leak in exynos_map_pmu (Miaoqian Lin) \n- arm64: dts: ti: k3-am64-main: Remove support for HS400 speed mode (Aswath Govindraju) \n- ARM: dts: imx6qdl: correct PU regulator ramp delay (Lucas Stach) \n- ARM: dts: imx7: Move hsic_phy power domain to HSIC PHY node (Alexander Stein) \n- drm/msm/dp: Always clear mask bits to disable interrupts at dp_ctrl_reset_irq_ctrl() (Kuogee Hsieh) \n- powerpc/powernv: wire up rng during setup_arch (Jason A. Donenfeld) \n- powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (Andrew Donnellan) \n- powerpc: Enable execve syscall exit tracepoint (Naveen N. Rao) \n- powerpc/microwatt: wire up rng during setup_arch() (Jason A. Donenfeld) \n- parisc: Enable ARCH_HAS_STRICT_MODULE_RWX (Helge Deller) \n- parisc/stifb: Fix fb_is_primary_device() only available with CONFIG_FB_STI (Helge Deller) \n- xtensa: Fix refcount leak bug in time.c (Liang He) \n- xtensa: xtfpga: Fix refcount leak bug in setup (Liang He) \n- iio: adc: ti-ads131e08: add missing fwnode_handle_put() in ads131e08_alloc_channels() (Jialin Zhang) \n- iio: adc: adi-axi-adc: Fix refcount leak in adi_axi_adc_attach_client (Miaoqian Lin) \n- iio: adc: rzg2l_adc: add missing fwnode_handle_put() in rzg2l_adc_parse_properties() (Jialin Zhang) \n- iio: adc: axp288: Override TS pin bias current for some models (Hans de Goede) \n- iio: adc: stm32: Fix IRQs on STM32F4 by removing custom spurious IRQs message (Yannick Brosseau) \n- iio: adc: stm32: Fix ADCs iteration in irq handler (Yannick Brosseau) \n- iio: afe: rescale: Fix boolean logic bug (Linus Walleij) \n- iio: imu: inv_icm42600: Fix broken icm42600 (chip id 0 value) (Jean-Baptiste Maneyrol) \n- iio: adc: stm32: fix maximum clock rate for stm32mp15x (Olivier Moysan) \n- iio: trigger: sysfs: fix use-after-free on remove (Vincent Whitchurch) \n- iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (Zheyu Ma) \n- iio: accel: mma8452: ignore the return value of reset operation (Haibo Chen) \n- iio:accel:mxc4005: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:accel:bma180: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:accel:kxcjk-1013: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:chemical:ccs811: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:humidity:hts221: rearrange iio trigger get and register (Dmitry Rokosov) \n- f2fs: attach inline_data after setting compression (Jaegeuk Kim) \n- btrfs: fix deadlock with fsync+fiemap+transaction commit (Josef Bacik) \n- btrfs: dont set lock_owner when locking extent buffer for reading (Zygo Blaxell) \n- dt-bindings: usb: ehci: Increase the number of PHYs (Geert Uytterhoeven) \n- dt-bindings: usb: ohci: Increase the number of PHYs (Geert Uytterhoeven) \n- usb: chipidea: udc: check request status before setting device address (Xu Yang) \n- USB: gadget: Fix double-free bug in raw_gadget driver (Alan Stern) \n- usb: gadget: Fix non-unique driver names in raw-gadget driver (Alan Stern) \n- xhci-pci: Allow host runtime PM as default for Intel Meteor Lake xHCI (Utkarsh Patel) \n- xhci-pci: Allow host runtime PM as default for Intel Raptor Lake xHCI (Tanveer Alam) \n- xhci: turn off port power in shutdown (Mathias Nyman) \n- usb: typec: wcove: Drop wrong dependency to INTEL_SOC_PMIC (Andy Shevchenko) \n- iio: adc: vf610: fix conversion mode sysfs node name (Baruch Siach) \n- iio: magnetometer: yas530: Fix memchr_inv() misuse (Linus Walleij) \n- iio: mma8452: fix probe fail when device tree compatible is used. (Haibo Chen) \n- s390/cpumf: Handle events cycles and instructions identical (Thomas Richter) \n- gpio: winbond: Fix error code in winbond_gpio_get() (Dan Carpenter) \n- nvme: move the Samsung X5 quirk entry to the core quirks (Christoph Hellwig) \n- nvme-pci: add NO APST quirk for Kioxia device (Enzo Matsumiya) \n- sock: redo the psock vs ULP protection check (Jakub Kicinski) \n- Revert net/tls: fix tls_sk_proto_close executed repeatedly (Jakub Kicinski) \n- virtio_net: fix xdp_rxq_info bug after suspend/resume (Stephan Gerhold) \n- igb: Make DMA faster when CPU is active on the PCIe link (Kai-Heng Feng) \n- regmap-irq: Fix offset/index mismatch in read_sub_irq_data() (Aidan MacDonald) \n- regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (Aidan MacDonald) \n- ice: ethtool: advertise 1000M speeds properly (Anatolii Gerasymenko) \n- afs: Fix dynamic root getattr (David Howells) \n- MIPS: Remove repetitive increase irq_err_count (huhai) \n- x86/xen: Remove undefined behavior in setup_features() (Julien Grall) \n- xen-blkfront: Handle NULL gendisk (Jason Andryuk) \n- selftests: netfilter: correct PKTGEN_SCRIPT_PATHS in nft_concat_range.sh (Jie2x Zhou) \n- udmabuf: add back sanity check (Gerd Hoffmann) \n- net/tls: fix tls_sk_proto_close executed repeatedly (Ziyang Xuan) \n- erspan: do not assume transport header is always set (Eric Dumazet) \n- perf arm-spe: Dont set data source if its not a memory operation (Leo Yan) \n- drm/msm/dp: force link training for display resolution change (Kuogee Hsieh) \n- drm/msm/dp: do not initialize phy until plugin interrupt received (Kuogee Hsieh) \n- drm/msm/dp: dp_link_parse_sink_count() return immediately if aux read failed (Kuogee Hsieh) \n- drm/msm/dp: Drop now unused hpd_high member (Bjorn Andersson) \n- drm/msm/dp: check core_initialized before disable interrupts at dp_display_unbind() (Kuogee Hsieh) \n- drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (Miaoqian Lin) \n- net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (Peilin Ye) \n- ethtool: Fix get module eeprom fallback (Ivan Vecera) \n- bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (Jay Vosburgh) \n- igb: fix a use-after-free issue in igb_clean_tx_ring (Lorenzo Bianconi) \n- tipc: fix use-after-free Read in tipc_named_reinit (Hoang Le) \n- net: fix data-race in dev_isalive() (Eric Dumazet) \n- net: Write lock dev_base_lock without disabling bottom halves. (Sebastian Andrzej Siewior) \n- KVM: arm64: Prevent kmemleak from accessing pKVM memory (Quentin Perret) \n- phy: aquantia: Fix AN when higher speeds than 1G are not advertised (Claudiu Manoil) \n- scsi: storvsc: Correct reporting of Hyper-V I/O size limits (Saurabh Sengar) \n- bpf, x86: Fix tail call count offset calculation on bpf2bpf call (Jakub Sitnicki) \n- drm/sun4i: Fix crash during suspend after component bind failure (Samuel Holland) \n- bpf: Fix request_sock leak in sk lookup helpers (Jon Maxwell) \n- drm/msm: use for_each_sgtable_sg to iterate over scatterlist (Jonathan Marek) \n- xsk: Fix generic transmit when completion queue reservation fails (Ciara Loftus) \n- scsi: iscsi: Exclude zero from the endpoint ID range (Sergey Gorenko) \n- drm/msm: Switch ordering of runpm put vs devfreq_idle (Rob Clark) \n- scsi: scsi_debug: Fix zone transition to full condition (Damien Le Moal) \n- netfilter: use get_random_u32 instead of prandom (Florian Westphal) \n- drm/msm: Fix double pm_runtime_disable() call (Maximilian Luz) \n- drm/msm: Ensure mmap offset is initialized (Rob Clark) \n- USB: serial: option: add Quectel RM500K module support (Macpaul Lin) \n- USB: serial: option: add Quectel EM05-G modem (Yonglin Tan) \n- USB: serial: option: add Telit LE910Cx 0x1250 composition (Carlo Lobrano) \n- USB: serial: pl2303: add support for more HXN (G) types (Johan Hovold) \n- drm/i915: Implement w/a 22010492432 for adl-s (Ville Syrjala) \n- tracing/kprobes: Check whether get_kretprobe() returns NULL in kretprobe_dispatcher() (Masami Hiramatsu (Google)) \n- dm mirror log: clear log bits up to BITS_PER_LONG boundary (Mikulas Patocka) \n- dm era: commit metadata in postsuspend after worker stops (Nikos Tsironis) \n- ata: libata: add qc->flags in ata_qc_complete_template tracepoint (Edward Wu) \n- mtd: rawnand: gpmi: Fix setting busy timeout setting (Sascha Hauer) \n- MAINTAINERS: Add new IOMMU development mailing list (Joerg Roedel) \n- xen/gntdev: Avoid blocking in unmap_grant_pages() (Demi Marie Obenour) \n- mmc: mediatek: wait dma stop bit reset to 0 (Mengqi Zhang) \n- mmc: sdhci-pci-o2micro: Fix card detect by dealing with debouncing (Chevron Li) \n- scsi: ibmvfc: Allocate/free queue resource only during probe/remove (Tyrel Datwyler) \n- scsi: ibmvfc: Store vhost pointer during subcrq allocation (Tyrel Datwyler) \n- btrfs: add error messages to all unrecognized mount options (David Sterba) \n- btrfs: prevent remounting to v1 space cache for subpage mount (Qu Wenruo) \n- btrfs: fix hang during unmount when block group reclaim task is running (Filipe Manana) \n- 9p: fix fid refcount leak in v9fs_vfs_get_link (Dominique Martinet) \n- 9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl (Dominique Martinet) \n- 9p: Fix refcounting during full path walks for fid lookups (Tyler Hicks) \n- net: openvswitch: fix parsing of nw_proto for IPv6 fragments (Rosemarie ORiorden) \n- ALSA: hda/realtek: Add quirk for Clevo NS50PU (Tim Crawford) \n- ALSA: hda/realtek: Add quirk for Clevo PD70PNT (Tim Crawford) \n- ALSA: hda/realtek: Apply fixup for Lenovo Yoga Duet 7 properly (Takashi Iwai) \n- ALSA: hda/realtek - ALC897 headset MIC no sound (Kailang Yang) \n- ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (Soham Sen) \n- ALSA: hda/conexant: Fix missing beep setup (Takashi Iwai) \n- ALSA: hda/via: Fix missing beep setup (Takashi Iwai) \n- random: quiet urandom warning ratelimit suppression message (Jason A. Donenfeld) \n- random: schedule mix_interrupt_randomness() less often (Jason A. Donenfeld) \n- LTS version: v5.15.50 (Jack Vogel) \n- arm64: mm: Dont invalidate FROM_DEVICE buffers at start of DMA transfer (Will Deacon) \n- serial: core: Initialize rs485 RTS polarity already on probe (Lukas Wunner) \n- selftests/bpf: Add selftest for calling global functions from freplace (Toke Hoiland-Jorgensen) \n- bpf: Fix calling global functions from BPF_PROG_TYPE_EXT programs (Toke Hoiland-Jorgensen) \n- usb: gadget: u_ether: fix regression in setting fixed MAC address (Marian Postevca) \n- zonefs: fix zonefs_iomap_begin() for reads (Damien Le Moal) \n- drm/amd/display: Dont reinitialize DMCUB on s0ix resume (Nicholas Kazlauskas) \n- s390/mm: use non-quiescing sske for KVM switch to keyed guest (Christian Borntraeger) \n- LTS version: v5.15.49 (Jack Vogel) \n- clk: imx8mp: fix usb_root_clk parent (Peng Fan) \n(Masahiro Yamada) \n- virtio-pci: Remove wrong address verification in vp_del_vqs() (Murilo Opsfelder Araujo) \n- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (Andy Chi) \n- KVM: arm64: Dont read a HW interrupt pending state in user context (Marc Zyngier) \n- ext4: add reserved GDT blocks check (Zhang Yi) \n- ext4: make variable count signed (Ding Xiang) \n- ext4: fix bug_on ext4_mb_use_inode_pa (Baokun Li) \n- ext4: fix super block checksum incorrect after mount (Ye Bin) \n- cfi: Fix __cfi_slowpath_diag RCU usage with cpuidle (Sami Tolvanen) \n- drm/amd/display: Cap OLED brightness per max frame-average luminance (Roman Li) \n- dm mirror log: round up region bitmap size to BITS_PER_LONG (Mikulas Patocka) \n- bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (Shinichiro Kawasaki) \n- serial: 8250: Store to lsr_save_flags after lsr read (Ilpo Jarvinen) \n- tty: n_gsm: Debug output allocation must use GFP_ATOMIC (Tony Lindgren) \n- usb: gadget: f_fs: change ep->ep safe in ffs_epfile_io() (Linyu Yuan) \n- usb: gadget: f_fs: change ep->status safe in ffs_epfile_io() (Linyu Yuan) \n- usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (Miaoqian Lin) \n- usb: cdnsp: Fixed setting last_trb incorrectly (Jing Leng) \n- usb: dwc2: Fix memory leak in dwc2_hcd_init (Miaoqian Lin) \n- USB: serial: io_ti: add Agilent E5805A support (Robert Eckelmann) \n- USB: serial: option: add support for Cinterion MV31 with new baseline (Slark Xiao) \n- crypto: memneq - move into lib/ (Jason A. Donenfeld) \n- comedi: vmk80xx: fix expression for tx buffer size (Ian Abbott) \n- mei: me: add raptor lake point S DID (Alexander Usyskin) \n- mei: hbm: drop capability response on early shutdown (Alexander Usyskin) \n- i2c: designware: Use standard optional ref clock implementation (Serge Semin) \n- sched: Fix balance_push() vs __sched_setscheduler() (Peter Zijlstra) \n- irqchip/realtek-rtl: Fix refcount leak in map_interrupts (Miaoqian Lin) \n- irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions (Miaoqian Lin) \n- irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions (Miaoqian Lin) \n- irqchip/gic/realview: Fix refcount leak in realview_gic_of_init (Miaoqian Lin) \n- i2c: npcm7xx: Add check for platform_driver_register (Jiasheng Jiang) \n- faddr2line: Fix overlapping text section failures, the sequel (Josh Poimboeuf) \n- block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (Bart Van Assche) \n- init: Initialize noop_backing_dev_info early (Jan Kara) \n- certs/blacklist_hashes.c: fix const confusion in certs blacklist (Masahiro Yamada) \n- arm64: ftrace: consistently handle PLTs. (Mark Rutland) \n- arm64: ftrace: fix branch range checks (Mark Rutland) \n- net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (Duoming Zhou) \n- net: bgmac: Fix an erroneous kfree() in bgmac_remove() (Christophe JAILLET) \n- mlxsw: spectrum_cnt: Reorder counter pools (Petr Machata) \n- nvme: add device name to warning in uuid_show() (Thomas WeiBschuh) \n- rtc: ftrtc010: Use platform_get_irq() to get the interrupt (Lad Prabhakar) \n- rtc: ftrtc010: Use platform_get_irq() to get the interrupt (Lad Prabhakar) \n- rtc: mt6397: check return value after calling platform_get_resource() (Yang Yingliang) \n- ARM: dts: aspeed: ast2600-evb: Enable RX delay for MAC0/MAC1 (Howard Chiu) \n- clocksource/drivers/riscv: Events are stopped during CPU suspend (Samuel Holland) \n- soc: rockchip: Fix refcount leak in rockchip_grf_init (Miaoqian Lin) \n- extcon: ptn5150: Add queue work sync before driver release (Li Jun) \n- ksmbd: fix reference count leak in smb_check_perm_dacl() (Xin Xiong) \n- coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier (Guilherme G. Piccoli) \n- soundwire: intel: prevent pm_runtime resume prior to system suspend (Pierre-Louis Bossart) \n- export: fix string handling of namespace in EXPORT_SYMBOL_NS (Greg Kroah-Hartman) \n- serial: sifive: Report actual baud base rather than fixed 115200 (Maciej W. Rozycki) \n- power: supply: axp288_fuel_gauge: Drop BIOS version check from T3 MRD DMI quirk (Hans de Goede) \n- phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (Johan Hovold) \n- misc/pvpanic: Convert regular spinlock into trylock on panic path (Guilherme G. Piccoli) \n- pvpanic: Fix typos in the comments (Andy Shevchenko) \n- rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails (Krzysztof Kozlowski) \n- iio: adc: sc27xx: Fine tune the scale calibration values (Cixi Geng) \n- iio: adc: sc27xx: fix read big scale voltage not right (Cixi Geng) \n- iio: proximity: vl53l0x: Fix return value check of wait_for_completion_timeout (Miaoqian Lin) \n- iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (Miaoqian Lin) \n- rpmsg: virtio: Fix the unregistration of the device rpmsg_ctrl (Arnaud Pouliquen) \n- rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() (Hangyu Hua) \n- rpmsg: virtio: Fix possible double free in rpmsg_probe() (Hangyu Hua) \n- usb: typec: mux: Check dev_set_name() return value (Bjorn Andersson) \n- firmware: stratix10-svc: fix a missing check on list iterator (Xiaomeng Tong) \n- misc: fastrpc: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) \n- usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (Wesley Cheng) \n- rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- pwm: raspberrypi-poe: Fix endianness in firmware struct (Uwe Kleine-Konig) \n- pwm: lp3943: Fix duty calculation in case period was clamped (Uwe Kleine-Konig) \n- staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (Christophe JAILLET) \n- usb: musb: Fix missing of_node_put() in omap2430_probe (Miaoqian Lin) \n- USB: storage: karma: fix rio_karma_init return (Lin Ma) \n- usb: usbip: add missing device lock on tweak configuration cmd (Niels Dossche) \n- usb: usbip: fix a refcount leak in stub_probe() (Hangyu Hua) \n- remoteproc: imx_rproc: Ignore create mem entry for resource table (Peng Fan) \n- tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (Sherry Sun) \n- serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe (Miaoqian Lin) \n- tty: n_tty: Restore EOF push handling behavior (Daniel Gibson) \n- tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (Miaoqian Lin) \n- tty: goldfish: Use tty_port_destroy() to destroy port (Wang Weiyang) \n- lkdtm/bugs: Dont expect thread termination without CONFIG_UBSAN_TRAP (Christophe Leroy) \n- lkdtm/bugs: Check for the NULL pointer after calling kmalloc (Jiasheng Jiang) \n- iio: adc: ad7124: Remove shift from scan_type (Alexandru Tachici) \n- staging: greybus: codecs: fix type confusion of list iterator variable (Jakob Koschel) \n- pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (Randy Dunlap) \n- LTS version: v5.15.46 (Jack Vogel) \n- block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (Jan Kara) \n- pinctrl/rockchip: support setting input-enable param (Caleb Connolly) \n- md: bcache: check the return value of kzalloc() in detached_dev_do_request() (Jia-Ju Bai) \n- md: fix double free of io_acct_set bioset (Xiao Ni) \n- md: Dont set mddev private to NULL in raid0 pers->free (Xiao Ni) \n- fs/ntfs3: Fix invalid free in log_replay (Namjae Jeon) \n- exportfs: support idmapped mounts (Christian Brauner) \n- fs: add two trivial lookup helpers (Christian Brauner) \n- interconnect: qcom: icc-rpmh: Add BCMs to commit list in pre_aggregate (Mike Tipton) \n- interconnect: qcom: sc7180: Drop IP0 interconnects (Stephen Boyd) \n- ext4: only allow test_dummy_encryption when supported (Eric Biggers) \n- MIPS: IP30: Remove incorrect cpu_has_fpu override (Maciej W. Rozycki) \n- MIPS: IP27: Remove incorrect cpu_has_fpu override (Maciej W. Rozycki) \n- RDMA/rxe: Generate a completion for unsupported/invalid opcode (Xiao Yang) \n- RDMA/hns: Remove the num_cqc_timer variable (Yixing Liu) \n- staging: r8188eu: delete rtw_wx_read/write32() (Dan Carpenter) \n- Revert random: use static branch for crng_ready() (Jason A. Donenfeld) \n- list: test: Add a test for list_is_head() (David Gow) \n- kseltest/cgroup: Make test_stress.sh work if run interactively (Waiman Long) \n- net: ipa: fix page free in ipa_endpoint_replenish_one() (Alex Elder) \n- net: ipa: fix page free in ipa_endpoint_trans_release() (Alex Elder) \n- phy: qcom-qmp: fix reset-controller leak on probe errors (Johan Hovold) \n- coresight: core: Fix coresight device probe failure issue (Mao Jinlong) \n- blk-iolatency: Fix inflight count imbalances and IO hangs on offline (Tejun Heo) \n- vdpasim: allow to enable a vq repeatedly (Eugenio Perez) \n- dt-bindings: gpio: altera: correct interrupt-cells (Dinh Nguyen) \n- docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (Akira Yokosawa) \n- SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (Steve French) \n- ARM: pxa: maybe fix gpio lookup tables (Arnd Bergmann) \n- ARM: dts: s5pv210: Remove spi-cs-high on panel in Aries (Jonathan Bakker) \n- phy: qcom-qmp: fix struct clk leak on probe errors (Johan Hovold) \n- clk: tegra: Add missing reset deassertion (Diogo Ivo) \n- arm64: tegra: Add missing DFLL reset on Tegra210 (Diogo Ivo) \n- arm64: dts: qcom: ipq8074: fix the sleep clock frequency (Kathiravan T) \n- gma500: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- serial: pch: dont overwrite xmit->buf[0] by x_char (Jiri Slaby) \n- bcache: avoid journal no-space deadlock by reserving 1 journal bucket (Coly Li) \n- bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (Coly Li) \n- bcache: improve multithreaded bch_sectors_dirty_init() (Coly Li) \n- bcache: improve multithreaded bch_btree_check() (Coly Li) \n- stm: ltdc: fix two incorrect NULL checks on list iterator (Xiaomeng Tong) \n- carl9170: tx: fix an incorrect use of list iterator (Xiaomeng Tong) \n- ASoC: rt5514: Fix event generation for DSP Voice Wake Up control (Mark Brown) \n- rtl818x: Prevent using not initialized queues (Alexander Wetzel) \n- xtensa/simdisk: fix proc_read_simdisk() (Yi Yang) \n- mm/memremap: fix missing call to untrack_pfn() in pagemap_range() (Miaohe Lin) \n- hugetlb: fix huge_pmd_unshare address update (Mike Kravetz) \n- nodemask.h: fix compilation error with GCC12 (Christophe de Dinechin) \n- mm/page_alloc: always attempt to allocate at least one page during bulk allocation (Mel Gorman) \n- Revert mm/cma.c: remove redundant cma_mutex lock (Dong Aisheng) \n- iommu/dma: Fix iova map result check bug (Yunfei Wang) \n- iommu/msm: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- ksmbd: fix outstanding credits related bugs (Hyunchul Lee) \n- ftrace: Clean up hash direct_functions on register failures (Song Liu) \n- kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (Naveen N. Rao) \n- um: Fix out-of-bounds read in LDT setup (Vincent Whitchurch) \n- um: chan_user: Fix winch_tramp() return value (Johannes Berg) \n- um: Use asm-generic/dma-mapping.h (Johannes Berg) \n- mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (Felix Fietkau) \n- cfg80211: declare MODULE_FIRMWARE for regulatory.db (Dimitri John Ledkov) \n- thermal: devfreq_cooling: use local ops instead of global ops (Kant Fan) \n- irqchip: irq-xtensa-mx: fix initial IRQ affinity (Max Filippov) \n- irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (Pali Rohar) \n- csky: patch_text: Fixup last cpu should be master (Guo Ren) \n- mmc: core: Allows to override the timeout value for ioctl() path (Bean Huo) \n- RDMA/hfi1: Fix potential integer multiplication overflow errors (Dennis Dalessandro) \n- Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug (Sean Christopherson) \n- ima: remove the IMA_TEMPLATE Kconfig option (GUO Zihua) \n- media: coda: Add more H264 levels for CODA960 (Nicolas Dufresne) \n- media: coda: Fix reported H264 profile (Nicolas Dufresne) \n- mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N (Tokunori Ikegami) \n- mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (Tokunori Ikegami) \n- md: fix an incorrect NULL check in md_reload_sb (Xiaomeng Tong) \n- md: fix an incorrect NULL check in does_sb_need_changing (Xiaomeng Tong) \n- drm/i915/dsi: fix VBT send packet port selection for ICL+ (Jani Nikula) \n- drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (Brian Norris) \n- drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- drm/nouveau/clk: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem (Lucas Stach) \n- drm/nouveau/subdev/bus: Ratelimit logging for fault errors (Lyude Paul) \n- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. (Dave Airlie) \n- landlock: Fix same-layer rule unions (Mickael Salaun) \n- landlock: Create find_rule() from unmask_layers() (Mickael Salaun) \n- landlock: Reduce the maximum number of layers to 16 (Mickael Salaun) \n- landlock: Define access_mask_t to enforce a consistent access mask size (Mickael Salaun) \n- selftests/landlock: Test landlock_create_ruleset(2) argument check ordering (Mickael Salaun) \n- landlock: Change landlock_restrict_self(2) check ordering (Mickael Salaun) \n- landlock: Change landlock_add_rule(2) argument check ordering (Mickael Salaun) \n- selftests/landlock: Add tests for O_PATH (Mickael Salaun) \n- selftests/landlock: Fully test file rename with remove access (Mickael Salaun) \n- selftests/landlock: Extend access right tests to directories (Mickael Salaun) \n- selftests/landlock: Add tests for unknown access rights (Mickael Salaun) \n- selftests/landlock: Extend tests for minimal valid attribute size (Mickael Salaun) \n- selftests/landlock: Make tests build with old libc (Mickael Salaun) \n- landlock: Fix landlock_add_rule(2) documentation (Mickael Salaun) \n- samples/landlock: Format with clang-format (Mickael Salaun) \n- samples/landlock: Add clang-format exceptions (Mickael Salaun) \n- selftests/landlock: Format with clang-format (Mickael Salaun) \n- selftests/landlock: Normalize array assignment (Mickael Salaun) \n- selftests/landlock: Add clang-format exceptions (Mickael Salaun) \n- landlock: Format with clang-format (Mickael Salaun) \n- landlock: Add clang-format exceptions (Mickael Salaun) \n- scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (Manivannan Sadhasivam) \n- scsi: dc395x: Fix a missing check on list iterator (Xiaomeng Tong) \n- dlm: fix missing lkb refcount handling (Alexander Aring) \n- dlm: uninitialized variable on error in dlm_listen_for_all() (Dan Carpenter) \n- dlm: fix plock invalid read (Alexander Aring) \n- s390/stp: clock_delta should be signed (Sven Schnelle) \n- s390/perf: obtain sie_block from the right address (Nico Boehr) \n- mm, compaction: fast_find_migrateblock() should return pfn in the target zone (Rei Yamamoto) \n- staging: r8188eu: prevent ->Ssid overflow in rtw_wx_set_scan() (Denis Efremov) \n- PCI: qcom: Fix unbalanced PHY init on probe errors (Johan Hovold) \n- PCI: qcom: Fix runtime PM imbalance on probe errors (Johan Hovold) \n- PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299 (Bjorn Helgaas) \n- drm/amdgpu: add beige goby PCI ID (Alex Deucher) \n- tracing: Initialize integer variable to prevent garbage return value (Gautam Menghani) \n- tracing: Fix potential double free in create_var_ref() (Keita Suzuki) \n- tty: goldfish: Introduce gf_ioread32()/gf_iowrite32() (Laurent Vivier) \n- ACPI: property: Release subnode properties with data nodes (Sakari Ailus) \n- ext4: avoid cycles in directory h-tree (Jan Kara) \n- ext4: verify dir block before splitting it (Jan Kara) \n- ext4: fix bug_on in __es_tree_search (Baokun Li) \n- ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state (Theodore Tso) \n- ext4: fix bug_on in ext4_writepages (Ye Bin) \n- ext4: fix warning in ext4_handle_inode_extension (Ye Bin) \n- ext4: fix race condition between ext4_write and ext4_convert_inline_data (Baokun Li) \n- ext4: fix use-after-free in ext4_rename_dir_prepare (Ye Bin) \n- ext4: mark group as trimmed only if it was fully scanned (Dmitry Monakhov) \n- bfq: Make sure bfqg for which we are queueing requests is online (Jan Kara) \n- bfq: Get rid of __bio_blkcg() usage (Jan Kara) \n- bfq: Track whether bfq_group is still online (Jan Kara) \n- bfq: Remove pointless bfq_init_rq() calls (Jan Kara) \n- bfq: Drop pointless unlock-lock pair (Jan Kara) \n- bfq: Update cgroup information before merging bio (Jan Kara) \n- bfq: Split shared queues on move between cgroups (Jan Kara) \n- bfq: Avoid merging queues with different parents (Jan Kara) \n- bfq: Avoid false marking of bic as stably merged (Jan Kara) \n- efi: Do not import certificates from UEFI Secure Boot for T2 Macs (Aditya Garg) \n- fs-writeback: writeback_sb_inodes:Recalculate wrote according skipped pages (Zhihao Cheng) \n- iwlwifi: mvm: fix assert 1F04 upon reconfig (Emmanuel Grumbach) \n- wifi: mac80211: fix use-after-free in chanctx code (Johannes Berg) \n- objtool: Fix symbol creation (Peter Zijlstra) \n- objtool: Fix objtool regression on x32 systems (Mikulas Patocka) \n- f2fs: fix to do sanity check for inline inode (Chao Yu) \n- f2fs: fix fallocate to use file_modified to update permissions consistently (Chao Yu) \n- f2fs: dont use casefolded comparison for . and .. (Eric Biggers) \n- f2fs: fix to do sanity check on total_data_blocks (Chao Yu) \n- f2fs: dont need inode lock for system hidden quota (Jaegeuk Kim) \n- f2fs: fix deadloop in foreground GC (Chao Yu) \n- f2fs: fix to clear dirty inode in f2fs_evict_inode() (Chao Yu) \n- f2fs: fix to do sanity check on block address in f2fs_do_zero_range() (Chao Yu) \n- f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() (Chao Yu) \n- NFSv4.1 mark qualified async operations as MOVEABLE tasks (Olga Kornievskaia) \n- NFS: Convert GFP_NOFS to GFP_KERNEL (Trond Myklebust) \n- NFS: Create a new nfs_alloc_fattr_with_label() function (Anna Schumaker) \n- NFS: Always initialise fattr->label in nfs_fattr_alloc() (Trond Myklebust) \n- video: fbdev: vesafb: Fix a use-after-free due early fb_info cleanup (Javier Martinez Canillas) \n- perf jevents: Fix event syntax error caused by ExtSel (Zhengjun Xing) \n- perf c2c: Use stdio interface if slang is not supported (Leo Yan) \n- perf build: Fix btf__load_from_kernel_by_id() feature check (Jiri Olsa) \n- i2c: rcar: fix PM ref counts in probe error paths (Kuninori Morimoto) \n- i2c: npcm: Handle spurious interrupts (Tali Perry) \n- i2c: npcm: Correct register access width (Tyrone Ting) \n- i2c: npcm: Fix timeout calculation (Tali Perry) \n- iommu/amd: Increase timeout waiting for GA log enablement (Joerg Roedel) \n- dmaengine: stm32-mdma: fix chan initialization in stm32_mdma_irq_handler() (Amelie Delaunay) \n- dmaengine: stm32-mdma: remove GISR1 register (Amelie Delaunay) \n- video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (Miaoqian Lin) \n- NFS: Further fixes to the writeback error handling (Trond Myklebust) \n- NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (Trond Myklebust) \n- NFS: Dont report errors from nfs_pageio_complete() more than once (Trond Myklebust) \n- NFS: Do not report flush errors in nfs_write_end() (Trond Myklebust) \n- NFS: Dont report ENOSPC write errors twice (Trond Myklebust) \n- NFS: fsync() should report filesystem errors over EINTR/ERESTARTSYS (Trond Myklebust) \n- NFS: Do not report EINTR/ERESTARTSYS as mapping errors (Trond Myklebust) \n- dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (Christophe JAILLET) \n- i2c: at91: Initialize dma_buf in at91_twi_xfer() (Nathan Chancellor) \n- iommu/mediatek: Fix NULL pointer dereference when printing dev_name (Miles Chen) \n- MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon (Guenter Roeck) \n- iommu/arm-smmu-v3-sva: Fix mm use-after-free (Jean-Philippe Brucker) \n- cpufreq: mediatek: Unregister platform device on exit (Rex-BC Chen) \n- cpufreq: mediatek: Use module_init and add module_exit (Jia-Wei Chang) \n- i2c: at91: use dma safe buffers (Michael Walle) \n- iommu/mediatek: Add mutex for m4u_group and m4u_dom in data (Yong Wu) \n- iommu/mediatek: Remove clk_disable in mtk_iommu_remove (Yong Wu) \n- iommu/mediatek: Add list_del in mtk_iommu_remove (Yong Wu) \n- iommu/mediatek: Fix 2 HW sharing pgtable issue (Yong Wu) \n- iommu/amd: Enable swiotlb in all cases (Mario Limonciello) \n- f2fs: fix dereference of stale list iterator after loop body (Jakob Koschel) \n- f2fs: fix to do sanity check on inline_dots inode (Chao Yu) \n- f2fs: support fault injection for dquot_initialize() (Chao Yu) \n- OPP: call of_node_put() on error path in _bandwidth_supported() (Dan Carpenter) \n- Input: stmfts - do not leave device disabled in stmfts_input_open (Dmitry Torokhov) \n- KVM: LAPIC: Drop pending LAPIC timer injection when canceling the timer (Wanpeng Li) \n- RDMA/hfi1: Prevent use of lock before it is initialized (Douglas Miller) \n- mailbox: forward the hrtimer if not queued and under a lock (Bjorn Ardo) \n- nfsd: destroy percpu stats counters after reply cache shutdown (Julian Schroeder) \n- mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() (Yang Yingliang) \n- powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup (Miaoqian Lin) \n- powerpc/xive: Fix refcount leak in xive_spapr_init (Miaoqian Lin) \n- powerpc/xive: Add some error handling code to xive_spapr_init() (Christophe JAILLET) \n- macintosh: via-pmu and via-cuda need RTC_LIB (Randy Dunlap) \n- powerpc/perf: Fix the threshold compare group constraint for power9 (Kajol Jain) \n- powerpc/perf: Fix the threshold compare group constraint for power10 (Kajol Jain) \n- powerpc/64: Only WARN if __pa()/__va() called with bad addresses (Michael Ellerman) \n- hwrng: omap3-rom - fix using wrong clk_disable() in omap_rom_rng_runtime_resume() (Yang Yingliang) \n- PCI: microchip: Fix potential race in interrupt handling (Daire McNamara) \n- PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (Kuppuswamy Sathyanarayanan) \n- Input: sparcspkr - fix refcount leak in bbc_beep_probe (Miaoqian Lin) \n- hugetlbfs: fix hugetlbfs_statfs() locking (Mina Almasry) \n- ARM: dts: at91: sama7g5: remove interrupt-parent from gic node (Eugen Hristev) \n- crypto: cryptd - Protect per-CPU resource by disabling BH. (Sebastian Andrzej Siewior) ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-21T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21385", "CVE-2022-21546", "CVE-2022-2585", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-34918"], "modified": "2022-09-21T00:00:00", "id": "ELSA-2022-9830", "href": "http://linux.oracle.com/errata/ELSA-2022-9830.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-09-21T22:44:04", "description": "[5.15.0-2.52.3]\n- posix-cpu-timers: Cleanup CPU timers before freeing them during exec (Thadeu Lima de Souza Cascardo) [Orabug: 34495548] {CVE-2022-2585}\n- fix race between exit_itimers() and /proc/pid/timers (Oleg Nesterov) [Orabug: 34495548] \n- rds: ib: Add preemption control when using per-cpu variables (Hakon Bugge) [Orabug: 34505120] \n- ocfs2: fix handle refcount leak in two exception handling paths (Chenyuan Mi) [Orabug: 34436530] \n- netfilter: nf_tables: do not allow RULE_ID to refer to another chain (Thadeu Lima de Souza Cascardo) [Orabug: 34495566] {CVE-2022-2586}\n- netfilter: nf_tables: do not allow CHAIN_ID to refer to another table (Thadeu Lima de Souza Cascardo) [Orabug: 34495566] {CVE-2022-2586}\n- netfilter: nf_tables: do not allow SET_ID to refer to another table (Thadeu Lima de Souza Cascardo) [Orabug: 34495566] {CVE-2022-2586}\n- rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 34510687] {CVE-2022-21385}\n- kernfs: Replace global kernfs_open_file_mutex with hashed mutexes. (Imran Khan) [Orabug: 34476940] \n- kernfs: Introduce interface to access global kernfs_open_file_mutex. (Imran Khan) [Orabug: 34476940] \n- kernfs: make ->attr.open RCU protected. (Imran Khan) [Orabug: 34476940] \n- kernfs: Rename kernfs_put_open_node to kernfs_unlink_open_file. (Imran Khan) [Orabug: 34476940] \n- kernfs: Remove reference counting for kernfs_open_node. (Imran Khan) [Orabug: 34476940] \n- Revert net/rds: Connect TCP backends deterministically (Gerd Rausch) [Orabug: 34476561] \n- rds/ib: handle posted ACK during connection shutdown (Rohit Nair) [Orabug: 34465808] \n- rds/ib: reap tx completions during connection shutdown (Rohit Nair) [Orabug: 34465808] \n- uek-rpm: Set CONFIG_VSOCKETS=m and CONFIG_VSOCKETS_DIAG=m (Victor Erminpour) [Orabug: 34461322] \n- scsi: target: Fix WRITE_SAME No Data Buffer crash (Mike Christie) [Orabug: 34419970] {CVE-2022-21546}\n- rds/rdma: destroy CQs during user initiated rds connection resets (Rohit Nair) [Orabug: 34414238]\n[5.15.0-2.52.2]\n- PCI: pciehp: Add quirk to handle spurious DLLSC on a x4x4 SSD (Thomas Tai) [Orabug: 34358322] \n- net/mlx5: E-Switch, change VFs default admin state to auto in switchdev (Maor Dickman) [Orabug: 34477072] \n- xen/manage: Use orderly_reboot() to reboot (Ross Lagerwall) [Orabug: 34480751] \n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34484536] {CVE-2022-2588}\n[5.15.0-2.52.1]\n- LTS version: v5.15.52 (Jack Vogel) \n- io_uring: fix not locked access to fixed buf table (Pavel Begunkov) \n- net: mscc: ocelot: allow unregistered IP multicast flooding to CPU (Vladimir Oltean) \n- rtw88: rtw8821c: enable rfe 6 devices (Ping-Ke Shih) \n- rtw88: 8821c: support RFE type4 wifi NIC (Guo-Feng Fan) \n- fs: account for group membership (Christian Brauner) \n- fs: fix acl translation (Christian Brauner) \n- fs: support mapped mounts of mapped filesystems (Christian Brauner) \n- fs: add i_user_ns() helper (Christian Brauner) \n- fs: port higher-level mapping helpers (Christian Brauner) \n- fs: remove unused low-level mapping helpers (Christian Brauner) \n- fs: use low-level mapping helpers (Christian Brauner) \n- docs: update mapping documentation (Christian Brauner) \n- fs: account for filesystem mappings (Christian Brauner) \n- fs: tweak fsuidgid_has_mapping() (Christian Brauner) \n- fs: move mapping helpers (Christian Brauner) \n- fs: add is_idmapped_mnt() helper (Christian Brauner) \n- powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (Naveen N. Rao) \n- xfs: Fix the free logic of state in xfs_attr_node_hasname (Yang Xu) \n- xfs: use kmem_cache_free() for kmem_cache objects (Rustam Kovhaev) \n- bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (Coly Li) \n- tick/nohz: unexport __init-annotated tick_nohz_full_setup() (Masahiro Yamada) \n- LTS version: v5.15.51 (Jack Vogel) \n- powerpc/pseries: wire up rng during setup_arch() (Jason A. Donenfeld) \n- kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt) (Masahiro Yamada) \n- dma-direct: use the correct size for dma_set_encrypted() (Dexuan Cui) \n- perf build-id: Fix caching files with a wrong build ID (Adrian Hunter) \n- random: update comment from copy_to_user() -> copy_to_iter() (Jason A. Donenfeld) \n- ARM: dts: bcm2711-rpi-400: Fix GPIO line names (Stefan Wahren) \n- modpost: fix section mismatch check for exported init/exit sections (Masahiro Yamada) \n- ARM: cns3xxx: Fix refcount leak in cns3xxx_init (Miaoqian Lin) \n- memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings (Miaoqian Lin) \n- ARM: Fix refcount leak in axxia_boot_secondary (Miaoqian Lin) \n- soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (Miaoqian Lin) \n- ARM: exynos: Fix refcount leak in exynos_map_pmu (Miaoqian Lin) \n- arm64: dts: ti: k3-am64-main: Remove support for HS400 speed mode (Aswath Govindraju) \n- ARM: dts: imx6qdl: correct PU regulator ramp delay (Lucas Stach) \n- ARM: dts: imx7: Move hsic_phy power domain to HSIC PHY node (Alexander Stein) \n- drm/msm/dp: Always clear mask bits to disable interrupts at dp_ctrl_reset_irq_ctrl() (Kuogee Hsieh) \n- powerpc/powernv: wire up rng during setup_arch (Jason A. Donenfeld) \n- powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (Andrew Donnellan) \n- powerpc: Enable execve syscall exit tracepoint (Naveen N. Rao) \n- powerpc/microwatt: wire up rng during setup_arch() (Jason A. Donenfeld) \n- parisc: Enable ARCH_HAS_STRICT_MODULE_RWX (Helge Deller) \n- parisc/stifb: Fix fb_is_primary_device() only available with CONFIG_FB_STI (Helge Deller) \n- xtensa: Fix refcount leak bug in time.c (Liang He) \n- xtensa: xtfpga: Fix refcount leak bug in setup (Liang He) \n- iio: adc: ti-ads131e08: add missing fwnode_handle_put() in ads131e08_alloc_channels() (Jialin Zhang) \n- iio: adc: adi-axi-adc: Fix refcount leak in adi_axi_adc_attach_client (Miaoqian Lin) \n- iio: adc: rzg2l_adc: add missing fwnode_handle_put() in rzg2l_adc_parse_properties() (Jialin Zhang) \n- iio: adc: axp288: Override TS pin bias current for some models (Hans de Goede) \n- iio: adc: stm32: Fix IRQs on STM32F4 by removing custom spurious IRQs message (Yannick Brosseau) \n- iio: adc: stm32: Fix ADCs iteration in irq handler (Yannick Brosseau) \n- iio: afe: rescale: Fix boolean logic bug (Linus Walleij) \n- iio: imu: inv_icm42600: Fix broken icm42600 (chip id 0 value) (Jean-Baptiste Maneyrol) \n- iio: adc: stm32: fix maximum clock rate for stm32mp15x (Olivier Moysan) \n- iio: trigger: sysfs: fix use-after-free on remove (Vincent Whitchurch) \n- iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (Zheyu Ma) \n- iio: accel: mma8452: ignore the return value of reset operation (Haibo Chen) \n- iio:accel:mxc4005: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:accel:bma180: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:accel:kxcjk-1013: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:chemical:ccs811: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:humidity:hts221: rearrange iio trigger get and register (Dmitry Rokosov) \n- f2fs: attach inline_data after setting compression (Jaegeuk Kim) \n- btrfs: fix deadlock with fsync+fiemap+transaction commit (Josef Bacik) \n- btrfs: dont set lock_owner when locking extent buffer for reading (Zygo Blaxell) \n- dt-bindings: usb: ehci: Increase the number of PHYs (Geert Uytterhoeven) \n- dt-bindings: usb: ohci: Increase the number of PHYs (Geert Uytterhoeven) \n- usb: chipidea: udc: check request status before setting device address (Xu Yang) \n- USB: gadget: Fix double-free bug in raw_gadget driver (Alan Stern) \n- usb: gadget: Fix non-unique driver names in raw-gadget driver (Alan Stern) \n- xhci-pci: Allow host runtime PM as default for Intel Meteor Lake xHCI (Utkarsh Patel) \n- xhci-pci: Allow host runtime PM as default for Intel Raptor Lake xHCI (Tanveer Alam) \n- xhci: turn off port power in shutdown (Mathias Nyman) \n- usb: typec: wcove: Drop wrong dependency to INTEL_SOC_PMIC (Andy Shevchenko) \n- iio: adc: vf610: fix conversion mode sysfs node name (Baruch Siach) \n- iio: magnetometer: yas530: Fix memchr_inv() misuse (Linus Walleij) \n- iio: mma8452: fix probe fail when device tree compatible is used. (Haibo Chen) \n- s390/cpumf: Handle events cycles and instructions identical (Thomas Richter) \n- gpio: winbond: Fix error code in winbond_gpio_get() (Dan Carpenter) \n- nvme: move the Samsung X5 quirk entry to the core quirks (Christoph Hellwig) \n- nvme-pci: add NO APST quirk for Kioxia device (Enzo Matsumiya) \n- sock: redo the psock vs ULP protection check (Jakub Kicinski) \n- Revert net/tls: fix tls_sk_proto_close executed repeatedly (Jakub Kicinski) \n- virtio_net: fix xdp_rxq_info bug after suspend/resume (Stephan Gerhold) \n- igb: Make DMA faster when CPU is active on the PCIe link (Kai-Heng Feng) \n- regmap-irq: Fix offset/index mismatch in read_sub_irq_data() (Aidan MacDonald) \n- regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (Aidan MacDonald) \n- ice: ethtool: advertise 1000M speeds properly (Anatolii Gerasymenko) \n- afs: Fix dynamic root getattr (David Howells) \n- MIPS: Remove repetitive increase irq_err_count (huhai) \n- x86/xen: Remove undefined behavior in setup_features() (Julien Grall) \n- xen-blkfront: Handle NULL gendisk (Jason Andryuk) \n- selftests: netfilter: correct PKTGEN_SCRIPT_PATHS in nft_concat_range.sh (Jie2x Zhou) \n- udmabuf: add back sanity check (Gerd Hoffmann) \n- net/tls: fix tls_sk_proto_close executed repeatedly (Ziyang Xuan) \n- erspan: do not assume transport header is always set (Eric Dumazet) \n- perf arm-spe: Dont set data source if its not a memory operation (Leo Yan) \n- drm/msm/dp: force link training for display resolution change (Kuogee Hsieh) \n- drm/msm/dp: do not initialize phy until plugin interrupt received (Kuogee Hsieh) \n- drm/msm/dp: dp_link_parse_sink_count() return immediately if aux read failed (Kuogee Hsieh) \n- drm/msm/dp: Drop now unused hpd_high member (Bjorn Andersson) \n- drm/msm/dp: check core_initialized before disable interrupts at dp_display_unbind() (Kuogee Hsieh) \n- drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (Miaoqian Lin) \n- net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (Peilin Ye) \n- ethtool: Fix get module eeprom fallback (Ivan Vecera) \n- bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (Jay Vosburgh) \n- igb: fix a use-after-free issue in igb_clean_tx_ring (Lorenzo Bianconi) \n- tipc: fix use-after-free Read in tipc_named_reinit (Hoang Le) \n- net: fix data-race in dev_isalive() (Eric Dumazet) \n- net: Write lock dev_base_lock without disabling bottom halves. (Sebastian Andrzej Siewior) \n- KVM: arm64: Prevent kmemleak from accessing pKVM memory (Quentin Perret) \n- phy: aquantia: Fix AN when higher speeds than 1G are not advertised (Claudiu Manoil) \n- scsi: storvsc: Correct reporting of Hyper-V I/O size limits (Saurabh Sengar) \n- bpf, x86: Fix tail call count offset calculation on bpf2bpf call (Jakub Sitnicki) \n- drm/sun4i: Fix crash during suspend after component bind failure (Samuel Holland) \n- bpf: Fix request_sock leak in sk lookup helpers (Jon Maxwell) \n- drm/msm: use for_each_sgtable_sg to iterate over scatterlist (Jonathan Marek) \n- xsk: Fix generic transmit when completion queue reservation fails (Ciara Loftus) \n- scsi: iscsi: Exclude zero from the endpoint ID range (Sergey Gorenko) \n- drm/msm: Switch ordering of runpm put vs devfreq_idle (Rob Clark) \n- scsi: scsi_debug: Fix zone transition to full condition (Damien Le Moal) \n- netfilter: use get_random_u32 instead of prandom (Florian Westphal) \n- drm/msm: Fix double pm_runtime_disable() call (Maximilian Luz) \n- drm/msm: Ensure mmap offset is initialized (Rob Clark) \n- USB: serial: option: add Quectel RM500K module support (Macpaul Lin) \n- USB: serial: option: add Quectel EM05-G modem (Yonglin Tan) \n- USB: serial: option: add Telit LE910Cx 0x1250 composition (Carlo Lobrano) \n- USB: serial: pl2303: add support for more HXN (G) types (Johan Hovold) \n- drm/i915: Implement w/a 22010492432 for adl-s (Ville Syrjala) \n- tracing/kprobes: Check whether get_kretprobe() returns NULL in kretprobe_dispatcher() (Masami Hiramatsu (Google)) \n- dm mirror log: clear log bits up to BITS_PER_LONG boundary (Mikulas Patocka) \n- dm era: commit metadata in postsuspend after worker stops (Nikos Tsironis) \n- ata: libata: add qc->flags in ata_qc_complete_template tracepoint (Edward Wu) \n- mtd: rawnand: gpmi: Fix setting busy timeout setting (Sascha Hauer) \n- MAINTAINERS: Add new IOMMU development mailing list (Joerg Roedel) \n- xen/gntdev: Avoid blocking in unmap_grant_pages() (Demi Marie Obenour) \n- mmc: mediatek: wait dma stop bit reset to 0 (Mengqi Zhang) \n- mmc: sdhci-pci-o2micro: Fix card detect by dealing with debouncing (Chevron Li) \n- scsi: ibmvfc: Allocate/free queue resource only during probe/remove (Tyrel Datwyler) \n- scsi: ibmvfc: Store vhost pointer during subcrq allocation (Tyrel Datwyler) \n- btrfs: add error messages to all unrecognized mount options (David Sterba) \n- btrfs: prevent remounting to v1 space cache for subpage mount (Qu Wenruo) \n- btrfs: fix hang during unmount when block group reclaim task is running (Filipe Manana) \n- 9p: fix fid refcount leak in v9fs_vfs_get_link (Dominique Martinet) \n- 9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl (Dominique Martinet) \n- 9p: Fix refcounting during full path walks for fid lookups (Tyler Hicks) \n- net: openvswitch: fix parsing of nw_proto for IPv6 fragments (Rosemarie ORiorden) \n- ALSA: hda/realtek: Add quirk for Clevo NS50PU (Tim Crawford) \n- ALSA: hda/realtek: Add quirk for Clevo PD70PNT (Tim Crawford) \n- ALSA: hda/realtek: Apply fixup for Lenovo Yoga Duet 7 properly (Takashi Iwai) \n- ALSA: hda/realtek - ALC897 headset MIC no sound (Kailang Yang) \n- ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (Soham Sen) \n- ALSA: hda/conexant: Fix missing beep setup (Takashi Iwai) \n- ALSA: hda/via: Fix missing beep setup (Takashi Iwai) \n- random: quiet urandom warning ratelimit suppression message (Jason A. Donenfeld) \n- random: schedule mix_interrupt_randomness() less often (Jason A. Donenfeld) \n- LTS version: v5.15.50 (Jack Vogel) \n- arm64: mm: Dont invalidate FROM_DEVICE buffers at start of DMA transfer (Will Deacon) \n- serial: core: Initialize rs485 RTS polarity already on probe (Lukas Wunner) \n- selftests/bpf: Add selftest for calling global functions from freplace (Toke Hoiland-Jorgensen) \n- bpf: Fix calling global functions from BPF_PROG_TYPE_EXT programs (Toke Hoiland-Jorgensen) \n- usb: gadget: u_ether: fix regression in setting fixed MAC address (Marian Postevca) \n- zonefs: fix zonefs_iomap_begin() for reads (Damien Le Moal) \n- drm/amd/display: Dont reinitialize DMCUB on s0ix resume (Nicholas Kazlauskas) \n- s390/mm: use non-quiescing sske for KVM switch to keyed guest (Christian Borntraeger) \n- LTS version: v5.15.49 (Jack Vogel) \n- clk: imx8mp: fix usb_root_clk parent (Peng Fan) \n(Masahiro Yamada) \n- virtio-pci: Remove wrong address verification in vp_del_vqs() (Murilo Opsfelder Araujo) \n- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (Andy Chi) \n- KVM: arm64: Dont read a HW interrupt pending state in user context (Marc Zyngier) \n- ext4: add reserved GDT blocks check (Zhang Yi) \n- ext4: make variable count signed (Ding Xiang) \n- ext4: fix bug_on ext4_mb_use_inode_pa (Baokun Li) \n- ext4: fix super block checksum incorrect after mount (Ye Bin) \n- cfi: Fix __cfi_slowpath_diag RCU usage with cpuidle (Sami Tolvanen) \n- drm/amd/display: Cap OLED brightness per max frame-average luminance (Roman Li) \n- dm mirror log: round up region bitmap size to BITS_PER_LONG (Mikulas Patocka) \n- bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (Shinichiro Kawasaki) \n- serial: 8250: Store to lsr_save_flags after lsr read (Ilpo Jarvinen) \n- tty: n_gsm: Debug output allocation must use GFP_ATOMIC (Tony Lindgren) \n- usb: gadget: f_fs: change ep->ep safe in ffs_epfile_io() (Linyu Yuan) \n- usb: gadget: f_fs: change ep->status safe in ffs_epfile_io() (Linyu Yuan) \n- usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (Miaoqian Lin) \n- usb: cdnsp: Fixed setting last_trb incorrectly (Jing Leng) \n- usb: dwc2: Fix memory leak in dwc2_hcd_init (Miaoqian Lin) \n- USB: serial: io_ti: add Agilent E5805A support (Robert Eckelmann) \n- USB: serial: option: add support for Cinterion MV31 with new baseline (Slark Xiao) \n- crypto: memneq - move into lib/ (Jason A. Donenfeld) \n- comedi: vmk80xx: fix expression for tx buffer size (Ian Abbott) \n- mei: me: add raptor lake point S DID (Alexander Usyskin) \n- mei: hbm: drop capability response on early shutdown (Alexander Usyskin) \n- i2c: designware: Use standard optional ref clock implementation (Serge Semin) \n- sched: Fix balance_push() vs __sched_setscheduler() (Peter Zijlstra) \n- irqchip/realtek-rtl: Fix refcount leak in map_interrupts (Miaoqian Lin) \n- irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions (Miaoqian Lin) \n- irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions (Miaoqian Lin) \n- irqchip/gic/realview: Fix refcount leak in realview_gic_of_init (Miaoqian Lin) \n- i2c: npcm7xx: Add check for platform_driver_register (Jiasheng Jiang) \n- faddr2line: Fix overlapping text section failures, the sequel (Josh Poimboeuf) \n- block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (Bart Van Assche) \n- init: Initialize noop_backing_dev_info early (Jan Kara) \n- certs/blacklist_hashes.c: fix const confusion in certs blacklist (Masahiro Yamada) \n- arm64: ftrace: consistently handle PLTs. (Mark Rutland) \n- arm64: ftrace: fix branch range checks (Mark Rutland) \n- net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (Duoming Zhou) \n- net: bgmac: Fix an erroneous kfree() in bgmac_remove() (Christophe JAILLET) \n- mlxsw: spectrum_cnt: Reorder counter pools (Petr Machata) \n- nvme: add device name to warning in uuid_show() (Thomas WeiBschuh) \n- rtc: ftrtc010: Use platform_get_irq() to get the interrupt (Lad Prabhakar) \n- rtc: ftrtc010: Use platform_get_irq() to get the interrupt (Lad Prabhakar) \n- rtc: mt6397: check return value after calling platform_get_resource() (Yang Yingliang) \n- ARM: dts: aspeed: ast2600-evb: Enable RX delay for MAC0/MAC1 (Howard Chiu) \n- clocksource/drivers/riscv: Events are stopped during CPU suspend (Samuel Holland) \n- soc: rockchip: Fix refcount leak in rockchip_grf_init (Miaoqian Lin) \n- extcon: ptn5150: Add queue work sync before driver release (Li Jun) \n- ksmbd: fix reference count leak in smb_check_perm_dacl() (Xin Xiong) \n- coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier (Guilherme G. Piccoli) \n- soundwire: intel: prevent pm_runtime resume prior to system suspend (Pierre-Louis Bossart) \n- export: fix string handling of namespace in EXPORT_SYMBOL_NS (Greg Kroah-Hartman) \n- serial: sifive: Report actual baud base rather than fixed 115200 (Maciej W. Rozycki) \n- power: supply: axp288_fuel_gauge: Drop BIOS version check from T3 MRD DMI quirk (Hans de Goede) \n- phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (Johan Hovold) \n- misc/pvpanic: Convert regular spinlock into trylock on panic path (Guilherme G. Piccoli) \n- pvpanic: Fix typos in the comments (Andy Shevchenko) \n- rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails (Krzysztof Kozlowski) \n- iio: adc: sc27xx: Fine tune the scale calibration values (Cixi Geng) \n- iio: adc: sc27xx: fix read big scale voltage not right (Cixi Geng) \n- iio: proximity: vl53l0x: Fix return value check of wait_for_completion_timeout (Miaoqian Lin) \n- iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (Miaoqian Lin) \n- rpmsg: virtio: Fix the unregistration of the device rpmsg_ctrl (Arnaud Pouliquen) \n- rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() (Hangyu Hua) \n- rpmsg: virtio: Fix possible double free in rpmsg_probe() (Hangyu Hua) \n- usb: typec: mux: Check dev_set_name() return value (Bjorn Andersson) \n- firmware: stratix10-svc: fix a missing check on list iterator (Xiaomeng Tong) \n- misc: fastrpc: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) \n- usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (Wesley Cheng) \n- rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- pwm: raspberrypi-poe: Fix endianness in firmware struct (Uwe Kleine-Konig) \n- pwm: lp3943: Fix duty calculation in case period was clamped (Uwe Kleine-Konig) \n- staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (Christophe JAILLET) \n- usb: musb: Fix missing of_node_put() in omap2430_probe (Miaoqian Lin) \n- USB: storage: karma: fix rio_karma_init return (Lin Ma) \n- usb: usbip: add missing device lock on tweak configuration cmd (Niels Dossche) \n- usb: usbip: fix a refcount leak in stub_probe() (Hangyu Hua) \n- remoteproc: imx_rproc: Ignore create mem entry for resource table (Peng Fan) \n- tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (Sherry Sun) \n- serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe (Miaoqian Lin) \n- tty: n_tty: Restore EOF push handling behavior (Daniel Gibson) \n- tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (Miaoqian Lin) \n- tty: goldfish: Use tty_port_destroy() to destroy port (Wang Weiyang) \n- lkdtm/bugs: Dont expect thread termination without CONFIG_UBSAN_TRAP (Christophe Leroy) \n- lkdtm/bugs: Check for the NULL pointer after calling kmalloc (Jiasheng Jiang) \n- iio: adc: ad7124: Remove shift from scan_type (Alexandru Tachici) \n- staging: greybus: codecs: fix type confusion of list iterator variable (Jakob Koschel) \n- pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (Randy Dunlap) \n- LTS version: v5.15.46 (Jack Vogel) \n- block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (Jan Kara) \n- pinctrl/rockchip: support setting input-enable param (Caleb Connolly) \n- md: bcache: check the return value of kzalloc() in detached_dev_do_request() (Jia-Ju Bai) \n- md: fix double free of io_acct_set bioset (Xiao Ni) \n- md: Dont set mddev private to NULL in raid0 pers->free (Xiao Ni) \n- fs/ntfs3: Fix invalid free in log_replay (Namjae Jeon) \n- exportfs: support idmapped mounts (Christian Brauner) \n- fs: add two trivial lookup helpers (Christian Brauner) \n- interconnect: qcom: icc-rpmh: Add BCMs to commit list in pre_aggregate (Mike Tipton) \n- interconnect: qcom: sc7180: Drop IP0 interconnects (Stephen Boyd) \n- ext4: only allow test_dummy_encryption when supported (Eric Biggers) \n- MIPS: IP30: Remove incorrect cpu_has_fpu override (Maciej W. Rozycki) \n- MIPS: IP27: Remove incorrect cpu_has_fpu override (Maciej W. Rozycki) \n- RDMA/rxe: Generate a completion for unsupported/invalid opcode (Xiao Yang) \n- RDMA/hns: Remove the num_cqc_timer variable (Yixing Liu) \n- staging: r8188eu: delete rtw_wx_read/write32() (Dan Carpenter) \n- Revert random: use static branch for crng_ready() (Jason A. Donenfeld) \n- list: test: Add a test for list_is_head() (David Gow) \n- kseltest/cgroup: Make test_stress.sh work if run interactively (Waiman Long) \n- net: ipa: fix page free in ipa_endpoint_replenish_one() (Alex Elder) \n- net: ipa: fix page free in ipa_endpoint_trans_release() (Alex Elder) \n- phy: qcom-qmp: fix reset-controller leak on probe errors (Johan Hovold) \n- coresight: core: Fix coresight device probe failure issue (Mao Jinlong) \n- blk-iolatency: Fix inflight count imbalances and IO hangs on offline (Tejun Heo) \n- vdpasim: allow to enable a vq repeatedly (Eugenio Perez) \n- dt-bindings: gpio: altera: correct interrupt-cells (Dinh Nguyen) \n- docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (Akira Yokosawa) \n- SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (Steve French) \n- ARM: pxa: maybe fix gpio lookup tables (Arnd Bergmann) \n- ARM: dts: s5pv210: Remove spi-cs-high on panel in Aries (Jonathan Bakker) \n- phy: qcom-qmp: fix struct clk leak on probe errors (Johan Hovold) \n- clk: tegra: Add missing reset deassertion (Diogo Ivo) \n- arm64: tegra: Add missing DFLL reset on Tegra210 (Diogo Ivo) \n- arm64: dts: qcom: ipq8074: fix the sleep clock frequency (Kathiravan T) \n- gma500: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- serial: pch: dont overwrite xmit->buf[0] by x_char (Jiri Slaby) \n- bcache: avoid journal no-space deadlock by reserving 1 journal bucket (Coly Li) \n- bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (Coly Li) \n- bcache: improve multithreaded bch_sectors_dirty_init() (Coly Li) \n- bcache: improve multithreaded bch_btree_check() (Coly Li) \n- stm: ltdc: fix two incorrect NULL checks on list iterator (Xiaomeng Tong) \n- carl9170: tx: fix an incorrect use of list iterator (Xiaomeng Tong) \n- ASoC: rt5514: Fix event generation for DSP Voice Wake Up control (Mark Brown) \n- rtl818x: Prevent using not initialized queues (Alexander Wetzel) \n- xtensa/simdisk: fix proc_read_simdisk() (Yi Yang) \n- mm/memremap: fix missing call to untrack_pfn() in pagemap_range() (Miaohe Lin) \n- hugetlb: fix huge_pmd_unshare address update (Mike Kravetz) \n- nodemask.h: fix compilation error with GCC12 (Christophe de Dinechin) \n- mm/page_alloc: always attempt to allocate at least one page during bulk allocation (Mel Gorman) \n- Revert mm/cma.c: remove redundant cma_mutex lock (Dong Aisheng) \n- iommu/dma: Fix iova map result check bug (Yunfei Wang) \n- iommu/msm: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- ksmbd: fix outstanding credits related bugs (Hyunchul Lee) \n- ftrace: Clean up hash direct_functions on register failures (Song Liu) \n- kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (Naveen N. Rao) \n- um: Fix out-of-bounds read in LDT setup (Vincent Whitchurch) \n- um: chan_user: Fix winch_tramp() return value (Johannes Berg) \n- um: Use asm-generic/dma-mapping.h (Johannes Berg) \n- mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (Felix Fietkau) \n- cfg80211: declare MODULE_FIRMWARE for regulatory.db (Dimitri John Ledkov) \n- thermal: devfreq_cooling: use local ops instead of global ops (Kant Fan) \n- irqchip: irq-xtensa-mx: fix initial IRQ affinity (Max Filippov) \n- irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (Pali Rohar) \n- csky: patch_text: Fixup last cpu should be master (Guo Ren) \n- mmc: core: Allows to override the timeout value for ioctl() path (Bean Huo) \n- RDMA/hfi1: Fix potential integer multiplication overflow errors (Dennis Dalessandro) \n- Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug (Sean Christopherson) \n- ima: remove the IMA_TEMPLATE Kconfig option (GUO Zihua) \n- media: coda: Add more H264 levels for CODA960 (Nicolas Dufresne) \n- media: coda: Fix reported H264 profile (Nicolas Dufresne) \n- mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N (Tokunori Ikegami) \n- mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (Tokunori Ikegami) \n- md: fix an incorrect NULL check in md_reload_sb (Xiaomeng Tong) \n- md: fix an incorrect NULL check in does_sb_need_changing (Xiaomeng Tong) \n- drm/i915/dsi: fix VBT send packet port selection for ICL+ (Jani Nikula) \n- drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (Brian Norris) \n- drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- drm/nouveau/clk: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem (Lucas Stach) \n- drm/nouveau/subdev/bus: Ratelimit logging for fault errors (Lyude Paul) \n- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. (Dave Airlie) \n- landlock: Fix same-layer rule unions (Mickael Salaun) \n- landlock: Create find_rule() from unmask_layers() (Mickael Salaun) \n- landlock: Reduce the maximum number of layers to 16 (Mickael Salaun) \n- landlock: Define access_mask_t to enforce a consistent access mask size (Mickael Salaun) \n- selftests/landlock: Test landlock_create_ruleset(2) argument check ordering (Mickael Salaun) \n- landlock: Change landlock_restrict_self(2) check ordering (Mickael Salaun) \n- landlock: Change landlock_add_rule(2) argument check ordering (Mickael Salaun) \n- selftests/landlock: Add tests for O_PATH (Mickael Salaun) \n- selftests/landlock: Fully test file rename with remove access (Mickael Salaun) \n- selftests/landlock: Extend access right tests to directories (Mickael Salaun) \n- selftests/landlock: Add tests for unknown access rights (Mickael Salaun) \n- selftests/landlock: Extend tests for minimal valid attribute size (Mickael Salaun) \n- selftests/landlock: Make tests build with old libc (Mickael Salaun) \n- landlock: Fix landlock_add_rule(2) documentation (Mickael Salaun) \n- samples/landlock: Format with clang-format (Mickael Salaun) \n- samples/landlock: Add clang-format exceptions (Mickael Salaun) \n- selftests/landlock: Format with clang-format (Mickael Salaun) \n- selftests/landlock: Normalize array assignment (Mickael Salaun) \n- selftests/landlock: Add clang-format exceptions (Mickael Salaun) \n- landlock: Format with clang-format (Mickael Salaun) \n- landlock: Add clang-format exceptions (Mickael Salaun) \n- scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (Manivannan Sadhasivam) \n- scsi: dc395x: Fix a missing check on list iterator (Xiaomeng Tong) \n- dlm: fix missing lkb refcount handling (Alexander Aring) \n- dlm: uninitialized variable on error in dlm_listen_for_all() (Dan Carpenter) \n- dlm: fix plock invalid read (Alexander Aring) \n- s390/stp: clock_delta should be signed (Sven Schnelle) \n- s390/perf: obtain sie_block from the right address (Nico Boehr) \n- mm, compaction: fast_find_migrateblock() should return pfn in the target zone (Rei Yamamoto) \n- staging: r8188eu: prevent ->Ssid overflow in rtw_wx_set_scan() (Denis Efremov) \n- PCI: qcom: Fix unbalanced PHY init on probe errors (Johan Hovold) \n- PCI: qcom: Fix runtime PM imbalance on probe errors (Johan Hovold) \n- PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299 (Bjorn Helgaas) \n- drm/amdgpu: add beige goby PCI ID (Alex Deucher) \n- tracing: Initialize integer variable to prevent garbage return value (Gautam Menghani) \n- tracing: Fix potential double free in create_var_ref() (Keita Suzuki) \n- tty: goldfish: Introduce gf_ioread32()/gf_iowrite32() (Laurent Vivier) \n- ACPI: property: Release subnode properties with data nodes (Sakari Ailus) \n- ext4: avoid cycles in directory h-tree (Jan Kara) \n- ext4: verify dir block before splitting it (Jan Kara) \n- ext4: fix bug_on in __es_tree_search (Baokun Li) \n- ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state (Theodore Tso) \n- ext4: fix bug_on in ext4_writepages (Ye Bin) \n- ext4: fix warning in ext4_handle_inode_extension (Ye Bin) \n- ext4: fix race condition between ext4_write and ext4_convert_inline_data (Baokun Li) \n- ext4: fix use-after-free in ext4_rename_dir_prepare (Ye Bin) \n- ext4: mark group as trimmed only if it was fully scanned (Dmitry Monakhov) \n- bfq: Make sure bfqg for which we are queueing requests is online (Jan Kara) \n- bfq: Get rid of __bio_blkcg() usage (Jan Kara) \n- bfq: Track whether bfq_group is still online (Jan Kara) \n- bfq: Remove pointless bfq_init_rq() calls (Jan Kara) \n- bfq: Drop pointless unlock-lock pair (Jan Kara) \n- bfq: Update cgroup information before merging bio (Jan Kara) \n- bfq: Split shared queues on move between cgroups (Jan Kara) \n- bfq: Avoid merging queues with different parents (Jan Kara) \n- bfq: Avoid false marking of bic as stably merged (Jan Kara) \n- efi: Do not import certificates from UEFI Secure Boot for T2 Macs (Aditya Garg) \n- fs-writeback: writeback_sb_inodes:Recalculate wrote according skipped pages (Zhihao Cheng) \n- iwlwifi: mvm: fix assert 1F04 upon reconfig (Emmanuel Grumbach) \n- wifi: mac80211: fix use-after-free in chanctx code (Johannes Berg) \n- objtool: Fix symbol creation (Peter Zijlstra) \n- objtool: Fix objtool regression on x32 systems (Mikulas Patocka) \n- f2fs: fix to do sanity check for inline inode (Chao Yu) \n- f2fs: fix fallocate to use file_modified to update permissions consistently (Chao Yu) \n- f2fs: dont use casefolded comparison for . and .. (Eric Biggers) \n- f2fs: fix to do sanity check on total_data_blocks (Chao Yu) \n- f2fs: dont need inode lock for system hidden quota (Jaegeuk Kim) \n- f2fs: fix deadloop in foreground GC (Chao Yu) \n- f2fs: fix to clear dirty inode in f2fs_evict_inode() (Chao Yu) \n- f2fs: fix to do sanity check on block address in f2fs_do_zero_range() (Chao Yu) \n- f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() (Chao Yu) \n- NFSv4.1 mark qualified async operations as MOVEABLE tasks (Olga Kornievskaia) \n- NFS: Convert GFP_NOFS to GFP_KERNEL (Trond Myklebust) \n- NFS: Create a new nfs_alloc_fattr_with_label() function (Anna Schumaker) \n- NFS: Always initialise fattr->label in nfs_fattr_alloc() (Trond Myklebust) \n- video: fbdev: vesafb: Fix a use-after-free due early fb_info cleanup (Javier Martinez Canillas) \n- perf jevents: Fix event syntax error caused by ExtSel (Zhengjun Xing) \n- perf c2c: Use stdio interface if slang is not supported (Leo Yan) \n- perf build: Fix btf__load_from_kernel_by_id() feature check (Jiri Olsa) \n- i2c: rcar: fix PM ref counts in probe error paths (Kuninori Morimoto) \n- i2c: npcm: Handle spurious interrupts (Tali Perry) \n- i2c: npcm: Correct register access width (Tyrone Ting) \n- i2c: npcm: Fix timeout calculation (Tali Perry) \n- iommu/amd: Increase timeout waiting for GA log enablement (Joerg Roedel) \n- dmaengine: stm32-mdma: fix chan initialization in stm32_mdma_irq_handler() (Amelie Delaunay) \n- dmaengine: stm32-mdma: remove GISR1 register (Amelie Delaunay) \n- video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (Miaoqian Lin) \n- NFS: Further fixes to the writeback error handling (Trond Myklebust) \n- NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (Trond Myklebust) \n- NFS: Dont report errors from nfs_pageio_complete() more than once (Trond Myklebust) \n- NFS: Do not report flush errors in nfs_write_end() (Trond Myklebust) \n- NFS: Dont report ENOSPC write errors twice (Trond Myklebust) \n- NFS: fsync() should report filesystem errors over EINTR/ERESTARTSYS (Trond Myklebust) \n- NFS: Do not report EINTR/ERESTARTSYS as mapping errors (Trond Myklebust) \n- dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (Christophe JAILLET) \n- i2c: at91: Initialize dma_buf in at91_twi_xfer() (Nathan Chancellor) \n- iommu/mediatek: Fix NULL pointer dereference when printing dev_name (Miles Chen) \n- MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon (Guenter Roeck) \n- iommu/arm-smmu-v3-sva: Fix mm use-after-free (Jean-Philippe Brucker) \n- cpufreq: mediatek: Unregister platform device on exit (Rex-BC Chen) \n- cpufreq: mediatek: Use module_init and add module_exit (Jia-Wei Chang) \n- i2c: at91: use dma safe buffers (Michael Walle) \n- iommu/mediatek: Add mutex for m4u_group and m4u_dom in data (Yong Wu) \n- iommu/mediatek: Remove clk_disable in mtk_iommu_remove (Yong Wu) \n- iommu/mediatek: Add list_del in mtk_iommu_remove (Yong Wu) \n- iommu/mediatek: Fix 2 HW sharing pgtable issue (Yong Wu) \n- iommu/amd: Enable swiotlb in all cases (Mario Limonciello) \n- f2fs: fix dereference of stale list iterator after loop body (Jakob Koschel) \n- f2fs: fix to do sanity check on inline_dots inode (Chao Yu) \n- f2fs: support fault injection for dquot_initialize() (Chao Yu) \n- OPP: call of_node_put() on error path in _bandwidth_supported() (Dan Carpenter) \n- Input: stmfts - do not leave device disabled in stmfts_input_open (Dmitry Torokhov) \n- KVM: LAPIC: Drop pending LAPIC timer injection when canceling the timer (Wanpeng Li) \n- RDMA/hfi1: Prevent use of lock before it is initialized (Douglas Miller) \n- mailbox: forward the hrtimer if not queued and under a lock (Bjorn Ardo) \n- nfsd: destroy percpu stats counters after reply cache shutdown (Julian Schroeder) \n- mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() (Yang Yingliang) \n- powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup (Miaoqian Lin) \n- powerpc/xive: Fix refcount leak in xive_spapr_init (Miaoqian Lin) \n- powerpc/xive: Add some error handling code to xive_spapr_init() (Christophe JAILLET) \n- macintosh: via-pmu and via-cuda need RTC_LIB (Randy Dunlap) \n- powerpc/perf: Fix the threshold compare group constraint for power9 (Kajol Jain) \n- powerpc/perf: Fix the threshold compare group constraint for power10 (Kajol Jain) \n- powerpc/64: Only WARN if __pa()/__va() called with bad addresses (Michael Ellerman) \n- hwrng: omap3-rom - fix using wrong clk_disable() in omap_rom_rng_runtime_resume() (Yang Yingliang) \n- PCI: microchip: Fix potential race in interrupt handling (Daire McNamara) \n- PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (Kuppuswamy Sathyanarayanan) \n- Input: sparcspkr - fix refcount leak in bbc_beep_probe (Miaoqian Lin) \n- hugetlbfs: fix hugetlbfs_statfs() locking (Mina Almasry) \n- ARM: dts: at91: sama7g5: remove interrupt-parent from gic node (Eugen Hristev) \n- crypto: cryptd - Protect per-CPU resource by disabling BH. (Sebastian Andrzej Siewior) ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-21T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21385", "CVE-2022-21546", "CVE-2022-2585", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-34918"], "modified": "2022-09-21T00:00:00", "id": "ELSA-2022-9827", "href": "http://linux.oracle.com/errata/ELSA-2022-9827.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-03-21T22:32:49", "description": "The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2022-9731 advisory.\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-19T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2022-9731)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21385"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-container"], "id": "ORACLELINUX_ELSA-2022-9731.NASL", "href": "https://www.tenable.com/plugins/nessus/164301", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9731.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164301);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2022-21385\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2022-9731)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the\nELSA-2022-9731 advisory.\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the\n machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector\n (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9731.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-21385\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.14.35-2047.516.2.1.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9731');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-4.14.35-2047.516.2.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-4.14.35'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-21T22:32:36", "description": "The remote Oracle Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9726 advisory.\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-19T00:00:00", "type": "nessus", "title": "Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2022-9726)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21385"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "cpe:/o:oracle:linux:9", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-core", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-core", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-debug-modules", "p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-modules", "p-cpe:/a:oracle:linux:kernel-uek-modules-extra"], "id": "ORACLELINUX_ELSA-2022-9726.NASL", "href": "https://www.tenable.com/plugins/nessus/164299", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9726.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164299);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2022-21385\");\n\n script_name(english:\"Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2022-9726)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-9726 advisory.\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the\n machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector\n (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9726.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-21385\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-modules-extra\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(8|9)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8 / 9', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.15.0-1.43.4.2.el8uek', '5.15.0-1.43.4.2.el9uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9726');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.15';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-5.15.0-1.43.4.2.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-5.15.0-1.43.4.2.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-5.15.0-1.43.4.2.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-5.15.0-1.43.4.2.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-1.43.4.2.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-1.43.4.2.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-1.43.4.2.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-1.43.4.2.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-1.43.4.2.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-1.43.4.2.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-1.43.4.2.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-1.43.4.2.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-1.43.4.2.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-1.43.4.2.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-1.43.4.2.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-1.43.4.2.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-1.43.4.2.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-1.43.4.2.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-doc-5.15.0-1.43.4.2.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-1.43.4.2.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-1.43.4.2.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-1.43.4.2.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-1.43.4.2.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'},\n {'reference':'bpftool-5.15.0-1.43.4.2.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-5.15.0-1.43.4.2.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-5.15.0-1.43.4.2.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-5.15.0-1.43.4.2.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-1.43.4.2.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-1.43.4.2.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-1.43.4.2.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-1.43.4.2.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-1.43.4.2.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-1.43.4.2.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-1.43.4.2.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-1.43.4.2.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-1.43.4.2.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-1.43.4.2.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-1.43.4.2.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-1.43.4.2.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-1.43.4.2.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-1.43.4.2.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-doc-5.15.0-1.43.4.2.el9uek', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-1.43.4.2.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-1.43.4.2.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-1.43.4.2.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-1.43.4.2.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel-uek / kernel-uek-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-21T22:32:36", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9727 advisory.\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-19T00:00:00", "type": "nessus", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2022-9727)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21385"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2022-9727.NASL", "href": "https://www.tenable.com/plugins/nessus/164300", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9727.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164300);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2022-21385\");\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2022-9727)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-9727 advisory.\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the\n machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector\n (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9727.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-21385\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.4.17-2136.310.7.1.el7uek', '5.4.17-2136.310.7.1.el8uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9727');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-5.4.17-2136.310.7.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2136.310.7.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.310.7.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.310.7.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.310.7.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.310.7.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.310.7.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.310.7.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2136.310.7.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2136.310.7.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2136.310.7.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-libs-5.4.17-2136.310.7.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-5.4.17'},\n {'reference':'perf-5.4.17-2136.310.7.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-5.4.17-2136.310.7.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-5.4.17-2136.310.7.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2136.310.7.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.310.7.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.310.7.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.310.7.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.310.7.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.310.7.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.310.7.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2136.310.7.1.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-21T22:33:14", "description": "The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9728 advisory.\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-19T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2022-9728)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21385"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2022-9728.NASL", "href": "https://www.tenable.com/plugins/nessus/164296", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9728.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164296);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2022-21385\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2022-9728)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-9728 advisory.\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the\n machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector\n (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9728.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-21385\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.14.35-2047.516.2.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9728');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.14.35-2047.516.2.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-4.14.35-2047.516.2.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2047.516.2.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2047.516.2.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2047.516.2.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2047.516.2.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2047.516.2.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2047.516.2.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-doc-4.14.35-2047.516.2.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.14.35'},\n {'reference':'kernel-uek-headers-4.14.35-2047.516.2.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2047.516.2.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2047.516.2.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-libs-4.14.35-2047.516.2.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-4.14.35'},\n {'reference':'kernel-uek-tools-libs-devel-4.14.35-2047.516.2.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-devel-4.14.35'},\n {'reference':'perf-4.14.35-2047.516.2.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.35-2047.516.2.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-21T22:33:13", "description": "The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9729 advisory.\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-19T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9729)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21385"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek-container", "p-cpe:/a:oracle:linux:kernel-uek-container-debug"], "id": "ORACLELINUX_ELSA-2022-9729.NASL", "href": "https://www.tenable.com/plugins/nessus/164297", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9729.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164297);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2022-21385\");\n\n script_name(english:\"Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9729)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-9729 advisory.\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the\n machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector\n (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9729.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container and / or kernel-uek-container-debug packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-21385\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container-debug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.15.0-1.43.4.2.el8'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9729');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.15';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-5.15.0-1.43.4.2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.15.0'},\n {'reference':'kernel-uek-container-debug-5.15.0-1.43.4.2.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.15.0'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container / kernel-uek-container-debug');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-21T22:32:22", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9730 advisory.\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-19T00:00:00", "type": "nessus", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9730)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21385"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek-container", "p-cpe:/a:oracle:linux:kernel-uek-container-debug"], "id": "ORACLELINUX_ELSA-2022-9730.NASL", "href": "https://www.tenable.com/plugins/nessus/164298", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9730.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164298);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2022-21385\");\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9730)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-9730 advisory.\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the\n machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector\n (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9730.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container and / or kernel-uek-container-debug packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-21385\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container-debug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.4.17-2136.310.7.1.el7', '5.4.17-2136.310.7.1.el8'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9730');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-5.4.17-2136.310.7.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2136.310.7.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.4.17'},\n {'reference':'kernel-uek-container-5.4.17-2136.310.7.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2136.310.7.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.4.17'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container / kernel-uek-container-debug');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-21T22:33:42", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9787 advisory.\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-16T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2022-9787)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21385", "CVE-2022-21546", "CVE-2022-2588"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2022-9787.NASL", "href": "https://www.tenable.com/plugins/nessus/165209", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9787.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165209);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2022-2588\", \"CVE-2022-21385\", \"CVE-2022-21546\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2022-9787)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-9787 advisory.\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the\n machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector\n (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9787.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-21385\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.14.35-2047.517.3.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9787');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.14.35-2047.517.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-4.14.35-2047.517.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2047.517.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2047.517.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2047.517.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2047.517.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2047.517.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2047.517.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-doc-4.14.35-2047.517.3.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.14.35'},\n {'reference':'kernel-uek-headers-4.14.35-2047.517.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2047.517.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2047.517.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-libs-4.14.35-2047.517.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-4.14.35'},\n {'reference':'kernel-uek-tools-libs-devel-4.14.35-2047.517.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-devel-4.14.35'},\n {'reference':'perf-4.14.35-2047.517.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'perf-4.14.35'},\n {'reference':'python-perf-4.14.35-2047.517.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'python-perf-4.14.35'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-21T22:33:30", "description": "The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-9788 advisory.\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-16T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2022-9788)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21385", "CVE-2022-21546", "CVE-2022-2588"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-container"], "id": "ORACLELINUX_ELSA-2022-9788.NASL", "href": "https://www.tenable.com/plugins/nessus/165208", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9788.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165208);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2022-2588\", \"CVE-2022-21385\", \"CVE-2022-21546\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2022-9788)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2022-9788 advisory.\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the\n machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector\n (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9788.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-21385\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.14.35-2047.517.3.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9788');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-4.14.35-2047.517.3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-4.14.35'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-03-21T22:34:58", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9829 advisory.\n\n - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak. (CVE-2022-1280)\n\n - A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-09-22T00:00:00", "type": "nessus", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9829)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3669", "CVE-2022-1280", "CVE-2022-21385", "CVE-2022-21546", "CVE-2022-2586"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek-container", "p-cpe:/a:oracle:linux:kernel-uek-container-debug"], "id": "ORACLELINUX_ELSA-2022-9829.NASL", "href": "https://www.tenable.com/plugins/nessus/165297", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9829.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165297);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\n \"CVE-2021-3669\",\n \"CVE-2022-1280\",\n \"CVE-2022-2586\",\n \"CVE-2022-21385\",\n \"CVE-2022-21546\"\n );\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9829)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2022-9829 advisory.\n\n - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux\n kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of\n service (DoS) or a kernel information leak. (CVE-2022-1280)\n\n - A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large\n shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the\n machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector\n (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9829.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container and / or kernel-uek-container-debug packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1280\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container-debug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.4.17-2136.311.6.el7', '5.4.17-2136.311.6.el8'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9829');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-5.4.17-2136.311.6.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2136.311.6.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.4.17'},\n {'reference':'kernel-uek-container-5.4.17-2136.311.6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2136.311.6.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.4.17'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container / kernel-uek-container-debug');\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-03-21T22:34:39", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9828 advisory.\n\n - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak. (CVE-2022-1280)\n\n - A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-09-22T00:00:00", "type": "nessus", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2022-9828)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3669", "CVE-2022-1280", "CVE-2022-21385", "CVE-2022-21546", "CVE-2022-2586"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2022-9828.NASL", "href": "https://www.tenable.com/plugins/nessus/165317", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9828.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165317);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\n \"CVE-2021-3669\",\n \"CVE-2022-1280\",\n \"CVE-2022-2586\",\n \"CVE-2022-21385\",\n \"CVE-2022-21546\"\n );\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2022-9828)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2022-9828 advisory.\n\n - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux\n kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of\n service (DoS) or a kernel information leak. (CVE-2022-1280)\n\n - A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large\n shared memory segment counts which could lead to resource exhaustion and DoS. (CVE-2021-3669)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the\n machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector\n (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9828.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1280\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.4.17-2136.311.6.el7uek', '5.4.17-2136.311.6.el8uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9828');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-5.4.17-2136.311.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2136.311.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.311.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.311.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.311.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.311.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.311.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.311.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2136.311.6.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2136.311.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2136.311.6.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-libs-5.4.17-2136.311.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-5.4.17'},\n {'reference':'perf-5.4.17-2136.311.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'perf-5.4.17'},\n {'reference':'python-perf-5.4.17-2136.311.6.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'python-perf-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2136.311.6.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2136.311.6.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.311.6.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.311.6.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.311.6.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.311.6.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.311.6.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.311.6.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2136.311.6.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-03-02T20:16:41", "description": "The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9827 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. (CVE-2022-1462) (CVE-2022-2586)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\n - A use-after-free flaw was found in the Linux kernel's POSIX CPU timers functionality in the way a user creates and then deletes the timer in the non-leader thread of the program. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2585) (CVE-2022-2585)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-22T00:00:00", "type": "nessus", "title": "Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2022-9827)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1462", "CVE-2022-21385", "CVE-2022-21546", "CVE-2022-2585", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-32250", "CVE-2022-34918"], "modified": "2023-01-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "cpe:/o:oracle:linux:9", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-core", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-core", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-debug-modules", "p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-modules", "p-cpe:/a:oracle:linux:kernel-uek-modules-extra"], "id": "ORACLELINUX_ELSA-2022-9827.NASL", "href": "https://www.tenable.com/plugins/nessus/165315", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9827.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165315);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\n \"CVE-2022-2585\",\n \"CVE-2022-2586\",\n \"CVE-2022-2588\",\n \"CVE-2022-21385\",\n \"CVE-2022-21546\",\n \"CVE-2022-34918\"\n );\n\n script_name(english:\"Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2022-9827)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2022-9827 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the\n machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector\n (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a\n user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage\n of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read\n unauthorized random data from memory. (CVE-2022-1462) (CVE-2022-2586)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init\n (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different\n vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an\n unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data\n in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\n - A use-after-free flaw was found in the Linux kernel's POSIX CPU timers functionality in the way a user\n creates and then deletes the timer in the non-leader thread of the program. This flaw allows a local user\n to crash or potentially escalate their privileges on the system. (CVE-2022-2585) (CVE-2022-2585)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9827.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-34918\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter nft_set_elem_init Heap Overflow Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-modules-extra\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(8|9)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8 / 9', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.15.0-2.52.3.el8uek', '5.15.0-2.52.3.el9uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9827');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.15';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-5.15.0-2.52.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'bpftool-5.15.0'},\n {'reference':'bpftool-5.15.0-2.52.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'bpftool-5.15.0'},\n {'reference':'kernel-uek-5.15.0-2.52.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-5.15.0-2.52.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-2.52.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-2.52.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-2.52.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-2.52.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-2.52.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-2.52.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-2.52.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-2.52.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-2.52.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-2.52.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-2.52.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-2.52.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-2.52.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-2.52.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-doc-5.15.0-2.52.3.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-2.52.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-2.52.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-2.52.3.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-2.52.3.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'},\n {'reference':'bpftool-5.15.0-2.52.3.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'bpftool-5.15.0'},\n {'reference':'bpftool-5.15.0-2.52.3.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'bpftool-5.15.0'},\n {'reference':'kernel-uek-5.15.0-2.52.3.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-5.15.0-2.52.3.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-2.52.3.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-2.52.3.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-2.52.3.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-2.52.3.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-2.52.3.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-2.52.3.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-2.52.3.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-2.52.3.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-2.52.3.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-2.52.3.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-2.52.3.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-2.52.3.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-2.52.3.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-2.52.3.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-doc-5.15.0-2.52.3.el9uek', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-2.52.3.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-2.52.3.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-2.52.3.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-2.52.3.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel-uek / kernel-uek-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-02T10:59:40", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9830 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. (CVE-2022-1462) (CVE-2022-2586)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\n - A use-after-free flaw was found in the Linux kernel's POSIX CPU timers functionality in the way a user creates and then deletes the timer in the non-leader thread of the program. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2585) (CVE-2022-2585)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-22T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9830)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1462", "CVE-2022-21385", "CVE-2022-21546", "CVE-2022-2585", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-32250", "CVE-2022-34918"], "modified": "2023-01-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek-container", "p-cpe:/a:oracle:linux:kernel-uek-container-debug"], "id": "ORACLELINUX_ELSA-2022-9830.NASL", "href": "https://www.tenable.com/plugins/nessus/165296", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9830.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165296);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\n \"CVE-2022-2585\",\n \"CVE-2022-2586\",\n \"CVE-2022-2588\",\n \"CVE-2022-21385\",\n \"CVE-2022-21546\",\n \"CVE-2022-34918\"\n );\n\n script_name(english:\"Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9830)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-9830 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the\n machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector\n (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a\n user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage\n of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read\n unauthorized random data from memory. (CVE-2022-1462) (CVE-2022-2586)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init\n (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different\n vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an\n unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data\n in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\n - A use-after-free flaw was found in the Linux kernel's POSIX CPU timers functionality in the way a user\n creates and then deletes the timer in the non-leader thread of the program. This flaw allows a local user\n to crash or potentially escalate their privileges on the system. (CVE-2022-2585) (CVE-2022-2585)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9830.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container and / or kernel-uek-container-debug packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-34918\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter nft_set_elem_init Heap Overflow Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container-debug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.15.0-2.52.3.el8'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9830');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.15';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-5.15.0-2.52.3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.15.0'},\n {'reference':'kernel-uek-container-debug-5.15.0-2.52.3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.15.0'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container / kernel-uek-container-debug');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T06:31:58", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3263-1 advisory.\n\n - An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario. (CVE-2019-3900)\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel (CVE-2022-20368)\n\n - In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-223375145References: Upstream kernel (CVE-2022-20369)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalate privileges and execute arbitrary code in the context of the kernel. The attacker must first obtain the ability to execute high-privileged code on the target system to exploit this vulnerability. (CVE-2022-2991)\n\n - A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. (CVE-2022-3028)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-15T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2022:3263-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-3900", "CVE-2020-36516", "CVE-2022-20368", "CVE-2022-20369", "CVE-2022-21385", "CVE-2022-2588", "CVE-2022-26373", "CVE-2022-2991", "CVE-2022-3028", "CVE-2022-36879", "CVE-2022-39188"], "modified": "2023-03-10T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:12:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-source:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-syms:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-base:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-macros:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-3263-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165193", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3263-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165193);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2019-3900\",\n \"CVE-2020-36516\",\n \"CVE-2022-2588\",\n \"CVE-2022-2991\",\n \"CVE-2022-3028\",\n \"CVE-2022-20368\",\n \"CVE-2022-20369\",\n \"CVE-2022-21385\",\n \"CVE-2022-26373\",\n \"CVE-2022-36879\",\n \"CVE-2022-39188\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3263-1\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:3263-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:3263-1 advisory.\n\n - An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including\n v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster\n than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the\n vhost_net kernel thread, resulting in a DoS scenario. (CVE-2019-3900)\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel\n (CVE-2022-20368)\n\n - In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input\n validation. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-223375145References: Upstream kernel (CVE-2022-20369)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the\n machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector\n (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from\n the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length\n heap-based buffer. This vulnerability allows a local attacker to escalate privileges and execute arbitrary\n code in the context of the kernel. The attacker must first obtain the ability to execute high-privileged\n code on the target system to exploit this vulnerability. (CVE-2022-2991)\n\n - A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem)\n when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to\n potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read\n and copying it into a socket. (CVE-2022-3028)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in\n net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race\n condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale\n TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1133374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201948\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202346\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202347\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203098\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203107\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-September/012222.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b887bf85\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20369\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26373\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-36879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-39188\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36516\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-20368\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-default-4.4.180-94.174.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'kernel-default-base-4.4.180-94.174.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'kernel-default-devel-4.4.180-94.174.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'kernel-devel-4.4.180-94.174.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'kernel-macros-4.4.180-94.174.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'kernel-source-4.4.180-94.174.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'kernel-syms-4.4.180-94.174.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-default / kernel-default-base / kernel-default-devel / etc');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2023-03-10T19:23:38", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3422-1 advisory.\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel (CVE-2022-20368)\n\n - In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-223375145References: Upstream kernel (CVE-2022-20369)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured. (CVE-2022-2663)\n\n - A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after- free and create a situation where it may be possible to escalate privileges on the system. (CVE-2022-2977)\n\n - A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. (CVE-2022-3028)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-29T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2022:3422-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-4203", "CVE-2022-20368", "CVE-2022-20369", "CVE-2022-21385", "CVE-2022-2588", "CVE-2022-26373", "CVE-2022-2663", "CVE-2022-2977", "CVE-2022-3028", "CVE-2022-36879", "CVE-2022-39188"], "modified": "2023-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:kernel-devel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt-base", "p-cpe:/a:novell:suse_linux:kernel-rt-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel", "p-cpe:/a:novell:suse_linux:kernel-source-rt", "p-cpe:/a:novell:suse_linux:kernel-syms-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-3422-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165562", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3422-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165562);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2021-4203\",\n \"CVE-2022-2588\",\n \"CVE-2022-2663\",\n \"CVE-2022-2977\",\n \"CVE-2022-3028\",\n \"CVE-2022-20368\",\n \"CVE-2022-20369\",\n \"CVE-2022-21385\",\n \"CVE-2022-26373\",\n \"CVE-2022-36879\",\n \"CVE-2022-39188\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3422-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:3422-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:3422-1 advisory.\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and\n SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a\n user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel\n (CVE-2022-20368)\n\n - In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input\n validation. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-223375145References: Upstream kernel (CVE-2022-20369)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the\n machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector\n (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and\n incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted\n IRC with nf_conntrack_irc configured. (CVE-2022-2663)\n\n - A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where\n virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-\n free and create a situation where it may be possible to escalate privileges on the system. (CVE-2022-2977)\n\n - A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem)\n when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to\n potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read\n and copying it into a socket. (CVE-2022-3028)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in\n net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race\n condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale\n TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1054914\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1120716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201264\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201948\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202346\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202347\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202396\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202528\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202830\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203098\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203126\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-September/012397.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?91355af3\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20369\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26373\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2977\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-36879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-39188\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4203\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-2977\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-rt-4.12.14-10.100.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'dlm-kmp-rt-4.12.14-10.100.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'gfs2-kmp-rt-4.12.14-10.100.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'kernel-devel-rt-4.12.14-10.100.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'kernel-rt-4.12.14-10.100.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'kernel-rt-base-4.12.14-10.100.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'kernel-rt-devel-4.12.14-10.100.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'kernel-rt_debug-4.12.14-10.100.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'kernel-rt_debug-devel-4.12.14-10.100.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'kernel-source-rt-4.12.14-10.100.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'kernel-syms-rt-4.12.14-10.100.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']},\n {'reference':'ocfs2-kmp-rt-4.12.14-10.100.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SUSE-Linux-Enterprise-RT-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-rt / dlm-kmp-rt / gfs2-kmp-rt / kernel-devel-rt / etc');\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:P/I:N/A:P"}}, {"lastseen": "2023-03-14T22:30:06", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3294-1 advisory.\n\n - An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario. (CVE-2019-3900)\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel (CVE-2022-20368)\n\n - In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-223375145References: Upstream kernel (CVE-2022-20369)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalate privileges and execute arbitrary code in the context of the kernel. The attacker must first obtain the ability to execute high-privileged code on the target system to exploit this vulnerability. (CVE-2022-2991)\n\n - A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. (CVE-2022-3028)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-17T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2022:3294-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-3900", "CVE-2020-36516", "CVE-2022-20368", "CVE-2022-20369", "CVE-2022-21385", "CVE-2022-2588", "CVE-2022-26373", "CVE-2022-2991", "CVE-2022-3028", "CVE-2022-36879", "CVE-2022-39188"], "modified": "2023-03-10T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:12:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-source:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-syms:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-base:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-macros:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-3294-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165232", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3294-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165232);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2019-3900\",\n \"CVE-2020-36516\",\n \"CVE-2022-2588\",\n \"CVE-2022-2991\",\n \"CVE-2022-3028\",\n \"CVE-2022-20368\",\n \"CVE-2022-20369\",\n \"CVE-2022-21385\",\n \"CVE-2022-26373\",\n \"CVE-2022-36879\",\n \"CVE-2022-39188\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3294-1\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:3294-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:3294-1 advisory.\n\n - An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including\n v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster\n than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the\n vhost_net kernel thread, resulting in a DoS scenario. (CVE-2019-3900)\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel\n (CVE-2022-20368)\n\n - In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input\n validation. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-223375145References: Upstream kernel (CVE-2022-20369)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the\n machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector\n (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from\n the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length\n heap-based buffer. This vulnerability allows a local attacker to escalate privileges and execute arbitrary\n code in the context of the kernel. The attacker must first obtain the ability to execute high-privileged\n code on the target system to exploit this vulnerability. (CVE-2022-2991)\n\n - A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem)\n when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to\n potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read\n and copying it into a socket. (CVE-2022-3028)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in\n net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race\n condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale\n TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1133374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201948\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202346\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202347\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203098\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203107\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-September/012274.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1cc40e1a\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-3900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20369\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26373\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-36879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-39188\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36516\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-20368\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/04/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-default-4.4.121-92.188.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'kernel-default-base-4.4.121-92.188.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'kernel-default-devel-4.4.121-92.188.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'kernel-devel-4.4.121-92.188.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'kernel-macros-4.4.121-92.188.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'kernel-source-4.4.121-92.188.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'kernel-syms-4.4.121-92.188.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-default / kernel-default-base / kernel-default-devel / etc');\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2023-03-15T06:33:06", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3282-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel (CVE-2022-20368)\n\n - In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-223375145References: Upstream kernel (CVE-2022-20369)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)\n\n - A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after- free and create a situation where it may be possible to escalate privileges on the system. (CVE-2022-2977)\n\n - A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. (CVE-2022-3028)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-17T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2022:3282-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2021-4203", "CVE-2022-20368", "CVE-2022-20369", "CVE-2022-21385", "CVE-2022-2588", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-29581", "CVE-2022-2977", "CVE-2022-3028", "CVE-2022-36879"], "modified": "2023-03-10T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:12:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-azure:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-azure-base:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-azure-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-syms-azure:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-devel-azure:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-source-azure:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-3282-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165228", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3282-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165228);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2021-4203\",\n \"CVE-2022-2588\",\n \"CVE-2022-2639\",\n \"CVE-2022-2977\",\n \"CVE-2022-3028\",\n \"CVE-2022-20368\",\n \"CVE-2022-20369\",\n \"CVE-2022-21385\",\n \"CVE-2022-26373\",\n \"CVE-2022-29581\",\n \"CVE-2022-36879\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3282-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:3282-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:3282-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and\n SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a\n user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel\n (CVE-2022-20368)\n\n - In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input\n validation. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-223375145References: Upstream kernel (CVE-2022-20369)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the\n machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector\n (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of\n actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size()\n function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This\n flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to\n cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14\n and later versions. (CVE-2022-29581)\n\n - A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where\n virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-\n free and create a situation where it may be possible to escalate privileges on the system. (CVE-2022-2977)\n\n - A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem)\n when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to\n potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read\n and copying it into a socket. (CVE-2022-3028)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in\n net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1054914\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1120716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201264\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201948\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202346\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202347\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202396\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202528\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202830\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203098\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203126\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-September/012250.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5e679c09\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20369\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26373\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2977\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-36879\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-2977\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-azure-4.12.14-16.109.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-azure-base-4.12.14-16.109.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-azure-devel-4.12.14-16.109.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-devel-azure-4.12.14-16.109.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-source-azure-4.12.14-16.109.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-syms-azure-4.12.14-16.109.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-azure / kernel-azure-base / kernel-azure-devel / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T02:39:19", "description": "The remote SUSE Linux SLED12 / SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3265-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel (CVE-2022-20368)\n\n - In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-223375145References: Upstream kernel (CVE-2022-20369)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)\n\n - A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after- free and create a situation where it may be possible to escalate privileges on the system. (CVE-2022-2977)\n\n - A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. (CVE-2022-3028)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-15T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2022:3265-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2021-4203", "CVE-2022-20368", "CVE-2022-20369", "CVE-2022-21385", "CVE-2022-2588", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-29581", "CVE-2022-2977", "CVE-2022-3028", "CVE-2022-36879"], "modified": "2023-03-10T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:12:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-source:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-syms:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-base:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-extra:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-man:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-obs-build:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-kgraft:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:cluster-md-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:dlm-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:gfs2-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-kgraft-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-macros:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:ocfs2-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-122_133-default:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-3265-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165196", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3265-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165196);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2021-4203\",\n \"CVE-2022-2588\",\n \"CVE-2022-2639\",\n \"CVE-2022-2977\",\n \"CVE-2022-3028\",\n \"CVE-2022-20368\",\n \"CVE-2022-20369\",\n \"CVE-2022-21385\",\n \"CVE-2022-26373\",\n \"CVE-2022-29581\",\n \"CVE-2022-36879\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3265-1\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2022:3265-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED12 / SLES12 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:3265-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and\n SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a\n user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel\n (CVE-2022-20368)\n\n - In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input\n validation. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-223375145References: Upstream kernel (CVE-2022-20369)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the\n machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector\n (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of\n actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size()\n function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This\n flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to\n cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14\n and later versions. (CVE-2022-29581)\n\n - A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where\n virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-\n free and create a situation where it may be possible to escalate privileges on the system. (CVE-2022-2977)\n\n - A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem)\n when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to\n potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read\n and copying it into a socket. (CVE-2022-3028)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in\n net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1054914\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1078216\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1093777\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1094120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1107937\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1120716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1141488\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179310\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1181862\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1189904\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190397\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201264\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201948\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202017\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202346\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202347\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202396\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202528\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202830\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203098\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203126\");\n # https://lists.suse.com/pipermail/sle-updates/2022-September/025152.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3c402de3\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20369\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26373\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2977\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-36879\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-2977\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_133-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED12 / SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED12 SP5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-default-4.12.14-122.133.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-default-base-4.12.14-122.133.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-default-devel-4.12.14-122.133.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-default-extra-4.12.14-122.133.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLED12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-we-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-default-extra-4.12.14-122.133.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-we-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-default-man-4.12.14-122.133.1', 'sp':'5', 'cpu':'s390x', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-devel-4.12.14-122.133.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-macros-4.12.14-122.133.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-obs-build-4.12.14-122.133.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-source-4.12.14-122.133.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'kernel-syms-4.12.14-122.133.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5', 'sles-release-12.5']},\n {'reference':'cluster-md-kmp-default-4.12.14-122.133.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},\n {'reference':'dlm-kmp-default-4.12.14-122.133.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},\n {'reference':'gfs2-kmp-default-4.12.14-122.133.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},\n {'reference':'ocfs2-kmp-default-4.12.14-122.133.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.5']},\n {'reference':'kernel-default-kgraft-4.12.14-122.133.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']},\n {'reference':'kernel-default-kgraft-devel-4.12.14-122.133.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']},\n {'reference':'kgraft-patch-4_12_14-122_133-default-1-8.3.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T04:32:45", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3291-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel (CVE-2022-20368)\n\n - In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-223375145References: Upstream kernel (CVE-2022-20369)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured. (CVE-2022-2663)\n\n - A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after- free and create a situation where it may be possible to escalate privileges on the system. (CVE-2022-2977)\n\n - A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. (CVE-2022-3028)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-17T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2022:3291-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2021-4203", "CVE-2022-20368", "CVE-2022-20369", "CVE-2022-21385", "CVE-2022-2588", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-2663", "CVE-2022-2977", "CVE-2022-3028", "CVE-2022-36879", "CVE-2022-39188"], "modified": "2023-03-10T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-source:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-syms:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-base:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-man:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-obs-build:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:reiserfs-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-vanilla-base:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-livepatch:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:cluster-md-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:dlm-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:gfs2-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-macros:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:ocfs2-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-4_12_14-150000_150_101-default:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-3291-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165234", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3291-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165234);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2021-4203\",\n \"CVE-2022-2588\",\n \"CVE-2022-2639\",\n \"CVE-2022-2663\",\n \"CVE-2022-2977\",\n \"CVE-2022-3028\",\n \"CVE-2022-20368\",\n \"CVE-2022-20369\",\n \"CVE-2022-21385\",\n \"CVE-2022-26373\",\n \"CVE-2022-36879\",\n \"CVE-2022-39188\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3291-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2022:3291-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:3291-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and\n SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a\n user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel\n (CVE-2022-20368)\n\n - In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input\n validation. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-223375145References: Upstream kernel (CVE-2022-20369)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the\n machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector\n (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of\n actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size()\n function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This\n flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and\n incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted\n IRC with nf_conntrack_irc configured. (CVE-2022-2663)\n\n - A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where\n virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-\n free and create a situation where it may be possible to escalate privileges on the system. (CVE-2022-2977)\n\n - A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem)\n when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to\n potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read\n and copying it into a socket. (CVE-2022-3028)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in\n net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race\n condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale\n TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1169514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188944\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201948\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202346\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202347\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202396\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203098\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203107\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-September/012271.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?541192dc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20369\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26373\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2977\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-36879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-39188\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4203\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-2977\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150000_150_101-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-default-4.12.14-150000.150.101.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-base-4.12.14-150000.150.101.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-devel-4.12.14-150000.150.101.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-devel-4.12.14-150000.150.101.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-macros-4.12.14-150000.150.101.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-obs-build-4.12.14-150000.150.101.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-source-4.12.14-150000.150.101.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-syms-4.12.14-150000.150.101.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-vanilla-base-4.12.14-150000.150.101.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15', 'SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'reiserfs-kmp-default-4.12.14-150000.150.101.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'kernel-default-4.12.14-150000.150.101.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-4.12.14-150000.150.101.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-4.12.14-150000.150.101.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-base-4.12.14-150000.150.101.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-base-4.12.14-150000.150.101.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-base-4.12.14-150000.150.101.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-devel-4.12.14-150000.150.101.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-devel-4.12.14-150000.150.101.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-default-devel-4.12.14-150000.150.101.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-devel-4.12.14-150000.150.101.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},\n {'reference':'kernel-macros-4.12.14-150000.150.101.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},\n {'reference':'kernel-obs-build-4.12.14-150000.150.101.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-obs-build-4.12.14-150000.150.101.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-obs-build-4.12.14-150000.150.101.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-source-4.12.14-150000.150.101.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},\n {'reference':'kernel-syms-4.12.14-150000.150.101.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-syms-4.12.14-150000.150.101.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-syms-4.12.14-150000.150.101.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-vanilla-base-4.12.14-150000.150.101.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-vanilla-base-4.12.14-150000.150.101.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'kernel-vanilla-base-4.12.14-150000.150.101.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'cluster-md-kmp-default-4.12.14-150000.150.101.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15']},\n {'reference':'dlm-kmp-default-4.12.14-150000.150.101.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15']},\n {'reference':'gfs2-kmp-default-4.12.14-150000.150.101.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15']},\n {'reference':'ocfs2-kmp-default-4.12.14-150000.150.101.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15']},\n {'reference':'kernel-default-livepatch-4.12.14-150000.150.101.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15']},\n {'reference':'kernel-livepatch-4_12_14-150000_150_101-default-1-150000.1.3.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15']},\n {'reference':'kernel-default-4.12.14-150000.150.101.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'kernel-default-base-4.12.14-150000.150.101.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'kernel-default-devel-4.12.14-150000.150.101.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'kernel-default-man-4.12.14-150000.150.101.1', 'sp':'0', 'cpu':'s390x', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'kernel-obs-build-4.12.14-150000.150.101.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'kernel-syms-4.12.14-150000.150.101.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'kernel-vanilla-base-4.12.14-150000.150.101.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'reiserfs-kmp-default-4.12.14-150000.150.101.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2023-03-15T14:26:38", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3274-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. (CVE-2020-36558)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel (CVE-2022-20368)\n\n - In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-223375145References: Upstream kernel (CVE-2022-20369)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after- free and create a situation where it may be possible to escalate privileges on the system. (CVE-2022-2977)\n\n - A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. (CVE-2022-3028)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-15T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2022:3274-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.9, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2020-36557", "CVE-2020-36558", "CVE-2021-4203", "CVE-2022-20166", "CVE-2022-20368", "CVE-2022-20369", "CVE-2022-21385", "CVE-2022-2588", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-2977", "CVE-2022-3028", "CVE-2022-36879", "CVE-2022-36946"], "modified": "2023-03-10T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:12:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-source:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-syms:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-base:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-man:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-kgraft:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:cluster-md-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:dlm-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:gfs2-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-kgraft-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-macros:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:ocfs2-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-95_108-default:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-3274-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165189", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3274-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165189);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2020-36557\",\n \"CVE-2020-36558\",\n \"CVE-2021-4203\",\n \"CVE-2022-2588\",\n \"CVE-2022-2639\",\n \"CVE-2022-2977\",\n \"CVE-2022-3028\",\n \"CVE-2022-20166\",\n \"CVE-2022-20368\",\n \"CVE-2022-20369\",\n \"CVE-2022-21385\",\n \"CVE-2022-26373\",\n \"CVE-2022-36879\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3274-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:3274-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:3274-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - A race condition in the Linux kernel before 5.6.2 between the VT_DISALLOCATE ioctl and closing/opening of\n ttys could lead to a use-after-free. (CVE-2020-36557)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer\n dereference and general protection fault. (CVE-2020-36558)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and\n SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a\n user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - In various methods of kernel base drivers, there is a possible out of bounds write due to a heap buffer\n overflow. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-182388481References: Upstream kernel (CVE-2022-20166)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel\n (CVE-2022-20368)\n\n - In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input\n validation. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-223375145References: Upstream kernel (CVE-2022-20369)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the\n machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector\n (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of\n actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size()\n function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This\n flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where\n virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-\n free and create a situation where it may be possible to escalate privileges on the system. (CVE-2022-2977)\n\n - A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem)\n when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to\n potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read\n and copying it into a socket. (CVE-2022-3028)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in\n net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1172145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188944\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200910\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201948\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202346\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202347\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202396\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203098\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-September/012234.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c588e473\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20369\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26373\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2977\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-36879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-36946\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4203\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-2977\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_108-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-default-4.12.14-95.108.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-default-base-4.12.14-95.108.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-default-devel-4.12.14-95.108.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-devel-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-macros-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-source-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'kernel-syms-4.12.14-95.108.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'cluster-md-kmp-default-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.4']},\n {'reference':'dlm-kmp-default-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.4']},\n {'reference':'gfs2-kmp-default-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.4']},\n {'reference':'ocfs2-kmp-default-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-12.4']},\n {'reference':'kernel-default-kgraft-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']},\n {'reference':'kernel-default-kgraft-devel-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']},\n {'reference':'kgraft-patch-4_12_14-95_108-default-1-6.3.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']},\n {'reference':'kernel-default-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-default-base-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-default-devel-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-default-man-4.12.14-95.108.1', 'sp':'4', 'cpu':'s390x', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-devel-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-macros-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-source-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'kernel-syms-4.12.14-95.108.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 4.9, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2023-03-10T19:23:37", "description": "The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3408-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of service problem. (CVE-2022-1012)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel (CVE-2022-20368)\n\n - In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-223375145References: Upstream kernel (CVE-2022-20369)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured. (CVE-2022-2663)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)\n\n - A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after- free and create a situation where it may be possible to escalate privileges on the system. (CVE-2022-2977)\n\n - A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. (CVE-2022-3028)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2022-09-27T00:00:00", "type": "nessus", "title": "SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:3408-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2021-4203", "CVE-2022-1012", "CVE-2022-20368", "CVE-2022-20369", "CVE-2022-21385", "CVE-2022-2588", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-2663", "CVE-2022-29581", "CVE-2022-2977", "CVE-2022-3028", "CVE-2022-36879", "CVE-2022-39188"], "modified": "2023-03-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150100_197_123-default", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-3408-1.NASL", "href": "https://www.tenable.com/plugins/nessus/165501", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:3408-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165501);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2021-4203\",\n \"CVE-2022-1012\",\n \"CVE-2022-2588\",\n \"CVE-2022-2639\",\n \"CVE-2022-2663\",\n \"CVE-2022-2977\",\n \"CVE-2022-3028\",\n \"CVE-2022-20368\",\n \"CVE-2022-20369\",\n \"CVE-2022-21385\",\n \"CVE-2022-26373\",\n \"CVE-2022-29581\",\n \"CVE-2022-36879\",\n \"CVE-2022-39188\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:3408-1\");\n\n script_name(english:\"SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:3408-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:3408-1 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and\n SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a\n user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - A memory leak problem was found in the TCP source port generation algorithm in net/ipv4/tcp.c due to the\n small table perturb size. This flaw may allow an attacker to information leak and may cause a denial of\n service problem. (CVE-2022-1012)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel\n (CVE-2022-20368)\n\n - In v4l2_m2m_querybuf of v4l2-mem2mem.c, there is a possible out of bounds write due to improper input\n validation. This could lead to local escalation of privilege with System execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-223375145References: Upstream kernel (CVE-2022-20369)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the\n machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector\n (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of\n actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size()\n function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This\n flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and\n incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted\n IRC with nf_conntrack_irc configured. (CVE-2022-2663)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to\n cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14\n and later versions. (CVE-2022-29581)\n\n - A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where\n virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-\n free and create a situation where it may be possible to escalate privileges on the system. (CVE-2022-2977)\n\n - A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem)\n when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to\n potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read\n and copying it into a socket. (CVE-2022-3028)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in\n net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race\n condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale\n TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1177440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180153\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188944\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191881\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194535\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199482\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199665\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201420\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201705\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201948\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202335\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202346\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202347\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202396\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202897\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203098\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203107\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-September/012386.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3cfce971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4203\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20369\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-26373\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2977\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-3028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-36879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-39188\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1012\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150100_197_123-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SUSE15\\.3|SUSE15\\.4)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-default-4.12.14-150100.197.123.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-default-base-4.12.14-150100.197.123.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-default-devel-4.12.14-150100.197.123.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-devel-4.12.14-150100.197.123.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-macros-4.12.14-150100.197.123.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-obs-build-4.12.14-150100.197.123.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-source-4.12.14-150100.197.123.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-syms-4.12.14-150100.197.123.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1', 'SLE_HPC-ESPOS-release-1']},\n {'reference':'reiserfs-kmp-default-4.12.14-150100.197.123.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_BCL-release-15.1', 'SLES_SAP-release-15.1']},\n {'reference':'kernel-default-4.12.14-150100.197.123.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-default-base-4.12.14-150100.197.123.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-default-devel-4.12.14-150100.197.123.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-obs-build-4.12.14-150100.197.123.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-syms-4.12.14-150100.197.123.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'kernel-default-4.12.14-150100.197.123.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-default-4.12.14-150100.197.123.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-default-base-4.12.14-150100.197.123.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-default-base-4.12.14-150100.197.123.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-default-devel-4.12.14-150100.197.123.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-default-devel-4.12.14-150100.197.123.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-devel-4.12.14-150100.197.123.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'kernel-macros-4.12.14-150100.197.123.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'kernel-obs-build-4.12.14-150100.197.123.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-obs-build-4.12.14-150100.197.123.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-source-4.12.14-150100.197.123.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'kernel-syms-4.12.14-150100.197.123.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-syms-4.12.14-150100.197.123.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'kernel-debug-base-4.12.14-150100.197.123.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-default-man-4.12.14-150100.197.123.1', 'cpu':'s390x', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-kvmsmall-base-4.12.14-150100.197.123.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-vanilla-4.12.14-150100.197.123.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-vanilla-base-4.12.14-150100.197.123.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-vanilla-devel-4.12.14-150100.197.123.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-vanilla-livepatch-devel-4.12.14-150100.197.123.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-zfcpdump-man-4.12.14-150100.197.123.1', 'cpu':'s390x', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-debug-base-4.12.14-150100.197.123.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-default-man-4.12.14-150100.197.123.1', 'cpu':'s390x', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-kvmsmall-base-4.12.14-150100.197.123.1', 'cpu':'x86_64', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-vanilla-4.12.14-150100.197.123.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-vanilla-base-4.12.14-150100.197.123.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-vanilla-devel-4.12.14-150100.197.123.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-vanilla-livepatch-devel-4.12.14-150100.197.123.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'kernel-zfcpdump-man-4.12.14-150100.197.123.1', 'cpu':'s390x', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},\n {'reference':'cluster-md-kmp-default-4.12.14-150100.197.123.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.1']},\n {'reference':'dlm-kmp-default-4.12.14-150100.197.123.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.1']},\n {'reference':'gfs2-kmp-default-4.12.14-150100.197.123.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.1']},\n {'reference':'ocfs2-kmp-default-4.12.14-150100.197.123.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-ha-release-15.1']},\n {'reference':'kernel-default-livepatch-4.12.14-150100.197.123.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.1']},\n {'reference':'kernel-default-livepatch-devel-4.12.14-150100.197.123.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.1']},\n {'reference':'kernel-livepatch-4_12_14-150100_197_123-default-1-150100.3.3.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.1']},\n {'reference':'kernel-default-4.12.14-150100.197.123.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'kernel-default-base-4.12.14-150100.197.123.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'kernel-default-devel-4.12.14-150100.197.123.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'kernel-default-man-4.12.14-150100.197.123.1', 'sp':'1', 'cpu':'s390x', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'kernel-obs-build-4.12.14-150100.197.123.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'kernel-syms-4.12.14-150100.197.123.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'reiserfs-kmp-default-4.12.14-150100.197.123.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-05T14:48:25", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free(). (CVE-2020-27784)\n\n - A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace. (CVE-2022-0850)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. (CVE-2022-1462)\n\n - In rndis_set_response of rndis.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious USB device is attached with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:\n Android kernelAndroid ID: A-239842288References: Upstream kernel (CVE-2022-20423)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\n - An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured. (CVE-2022-2663)\n\n - A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects. (CVE-2022-2938)\n\n - A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after- free and create a situation where it may be possible to escalate privileges on the system. (CVE-2022-2977)\n\n - A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalate privileges and execute arbitrary code in the context of the kernel. The attacker must first obtain the ability to execute high-privileged code on the target system to exploit this vulnerability. (CVE-2022-2991)\n\n - Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by zero error. (CVE-2022-3061)\n\n - A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. (CVE-2022-3239)\n\n - A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition (CVE-2022-3303)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\n - An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations. (CVE-2022-39189)\n\n - An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free. (CVE-2022-40307)\n\n - roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. (CVE-2022-41850)\n\n - mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.\n (CVE-2022-42703)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-21T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : kernel (EulerOS-SA-2022-2848)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27784", "CVE-2022-0850", "CVE-2022-1462", "CVE-2022-20423", "CVE-2022-21385", "CVE-2022-2663", "CVE-2022-2938", "CVE-2022-2977", "CVE-2022-2991", "CVE-2022-3061", "CVE-2022-3239", "CVE-2022-3303", "CVE-2022-39188", "CVE-2022-39189", "CVE-2022-40307", "CVE-2022-41850", "CVE-2022-42703"], "modified": "2022-12-21T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-abi-stablelists", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-2848.NASL", "href": "https://www.tenable.com/plugins/nessus/168961", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168961);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/21\");\n\n script_cve_id(\n \"CVE-2020-27784\",\n \"CVE-2022-0850\",\n \"CVE-2022-1462\",\n \"CVE-2022-2663\",\n \"CVE-2022-2938\",\n \"CVE-2022-2977\",\n \"CVE-2022-2991\",\n \"CVE-2022-3061\",\n \"CVE-2022-3239\",\n \"CVE-2022-3303\",\n \"CVE-2022-20423\",\n \"CVE-2022-21385\",\n \"CVE-2022-39188\",\n \"CVE-2022-39189\",\n \"CVE-2022-40307\",\n \"CVE-2022-41850\",\n \"CVE-2022-42703\"\n );\n\n script_name(english:\"EulerOS 2.0 SP10 : kernel (EulerOS-SA-2022-2848)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl()\n printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had\n been freed by gprinter_free(). (CVE-2020-27784)\n\n - A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to\n userspace. (CVE-2022-0850)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a\n user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage\n of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read\n unauthorized random data from memory. (CVE-2022-1462)\n\n - In rndis_set_response of rndis.c, there is a possible out of bounds write due to an integer overflow. This\n could lead to local escalation of privilege if a malicious USB device is attached with no additional\n execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:\n Android kernelAndroid ID: A-239842288References: Upstream kernel (CVE-2022-20423)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the\n machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector\n (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\n - An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and\n incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted\n IRC with nf_conntrack_irc configured. (CVE-2022-2663)\n\n - A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is\n disabled by default, it could allow an attacker to crash the system or have other memory-corruption side\n effects. (CVE-2022-2938)\n\n - A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where\n virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-\n free and create a situation where it may be possible to escalate privileges on the system. (CVE-2022-2977)\n\n - A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from\n the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length\n heap-based buffer. This vulnerability allows a local attacker to escalate privileges and execute arbitrary\n code in the context of the kernel. The attacker must first obtain the ability to execute high-privileged\n code on the target system to exploit this vulnerability. (CVE-2022-2991)\n\n - Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver\n through ioctl() interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by\n zero error. (CVE-2022-3061)\n\n - A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers\n em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system\n or potentially escalate their privileges on the system. (CVE-2022-3239)\n\n - A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead\n to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or\n member of the audio group) could use this flaw to crash the system, resulting in a denial of service\n condition (CVE-2022-3303)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race\n condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale\n TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\n - An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users\n can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED\n situations. (CVE-2022-39189)\n\n - An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a\n race condition with a resultant use-after-free. (CVE-2022-40307)\n\n - roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition\n and resultant use-after-free in certain situations where a report is received while copying a\n report->value is in progress. (CVE-2022-41850)\n\n - mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.\n (CVE-2022-42703)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2848\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f2300c8b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1462\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-39189\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar _release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(_release) || _release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (_release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"kernel-4.18.0-147.5.2.14.h1050.eulerosv2r10\",\n \"kernel-abi-stablelists-4.18.0-147.5.2.14.h1050.eulerosv2r10\",\n \"kernel-tools-4.18.0-147.5.2.14.h1050.eulerosv2r10\",\n \"kernel-tools-libs-4.18.0-147.5.2.14.h1050.eulerosv2r10\",\n \"python3-perf-4.18.0-147.5.2.14.h1050.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-02-03T17:36:47", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free(). (CVE-2020-27784)\n\n - A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace. (CVE-2022-0850)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. (CVE-2022-1462)\n\n - In rndis_set_response of rndis.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious USB device is attached with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:\n Android kernelAndroid ID: A-239842288References: Upstream kernel (CVE-2022-20423)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\n - An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured. (CVE-2022-2663)\n\n - A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects. (CVE-2022-2938)\n\n - A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after- free and create a situation where it may be possible to escalate privileges on the system. (CVE-2022-2977)\n\n - A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalate privileges and execute arbitrary code in the context of the kernel. The attacker must first obtain the ability to execute high-privileged code on the target system to exploit this vulnerability. (CVE-2022-2991)\n\n - Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by zero error. (CVE-2022-3061)\n\n - A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. (CVE-2022-3239)\n\n - A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition (CVE-2022-3303)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\n - An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations. (CVE-2022-39189)\n\n - An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free. (CVE-2022-40307)\n\n - roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress. (CVE-2022-41850)\n\n - mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.\n (CVE-2022-42703)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2023-01-10T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.10.0 : kernel (EulerOS-SA-2023-1168)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-27784", "CVE-2022-0850", "CVE-2022-1462", "CVE-2022-20423", "CVE-2022-21385", "CVE-2022-2663", "CVE-2022-2938", "CVE-2022-2977", "CVE-2022-2991", "CVE-2022-3061", "CVE-2022-3239", "CVE-2022-3303", "CVE-2022-39188", "CVE-2022-39189", "CVE-2022-40307", "CVE-2022-41850", "CVE-2022-42703"], "modified": "2023-01-10T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-abi-stablelists", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:uvp:2.10.0"], "id": "EULEROS_SA-2023-1168.NASL", "href": "https://www.tenable.com/plugins/nessus/169729", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169729);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/10\");\n\n script_cve_id(\n \"CVE-2020-27784\",\n \"CVE-2022-0850\",\n \"CVE-2022-1462\",\n \"CVE-2022-2663\",\n \"CVE-2022-2938\",\n \"CVE-2022-2977\",\n \"CVE-2022-2991\",\n \"CVE-2022-3061\",\n \"CVE-2022-3239\",\n \"CVE-2022-3303\",\n \"CVE-2022-20423\",\n \"CVE-2022-21385\",\n \"CVE-2022-39188\",\n \"CVE-2022-39189\",\n \"CVE-2022-40307\",\n \"CVE-2022-41850\",\n \"CVE-2022-42703\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.10.0 : kernel (EulerOS-SA-2023-1168)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl()\n printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had\n been freed by gprinter_free(). (CVE-2020-27784)\n\n - A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to\n userspace. (CVE-2022-0850)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a\n user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage\n of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read\n unauthorized random data from memory. (CVE-2022-1462)\n\n - In rndis_set_response of rndis.c, there is a possible out of bounds write due to an integer overflow. This\n could lead to local escalation of privilege if a malicious USB device is attached with no additional\n execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:\n Android kernelAndroid ID: A-239842288References: Upstream kernel (CVE-2022-20423)\n\n - A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the\n machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector\n (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (CVE-2022-21385)\n\n - An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and\n incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted\n IRC with nf_conntrack_irc configured. (CVE-2022-2663)\n\n - A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is\n disabled by default, it could allow an attacker to crash the system or have other memory-corruption side\n effects. (CVE-2022-2938)\n\n - A flaw was found in the Linux kernel implementation of proxied virtualized TPM devices. On a system where\n virtualized TPM devices are configured (this is not the default) a local attacker can create a use-after-\n free and create a situation where it may be possible to escalate privileges on the system. (CVE-2022-2977)\n\n - A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from\n the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length\n heap-based buffer. This vulnerability allows a local attacker to escalate privileges and execute arbitrary\n code in the context of the kernel. The attacker must first obtain the ability to execute high-privileged\n code on the target system to exploit this vulnerability. (CVE-2022-2991)\n\n - Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver\n through ioctl() interface. The driver doesn't check the value of 'pixclock', so it may cause a divide by\n zero error. (CVE-2022-3061)\n\n - A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers\n em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system\n or potentially escalate their privileges on the system. (CVE-2022-3239)\n\n - A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead\n to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or\n member of the audio group) could use this flaw to crash the system, resulting in a denial of service\n condition (CVE-2022-3303)\n\n - An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race\n condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale\n TLB entries. This only occurs in situations with VM_PFNMAP VMAs. (CVE-2022-39188)\n\n - An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users\n can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED\n situations. (CVE-2022-39189)\n\n - An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a\n race condition with a resultant use-after-free. (CVE-2022-40307)\n\n - roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition\n and resultant use-after-free in certain situations where a report is received while copying a\n report->value is in progress. (CVE-2022-41850)\n\n - mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.\n (CVE-2022-42703)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-1168\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c1bd5668\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1462\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-39189\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.10.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar _release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(_release) || _release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.10.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.10.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu && \"x86\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"x86\" >!< cpu) audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"kernel-4.18.0-147.5.2.14.h1050.eulerosv2r10\",\n \"kernel-abi-stablelists-4.18.0-147.5.2.14.h1050.eulerosv2r10\",\n \"kernel-tools-4.18.0-147.5.2.14.h1050.eulerosv2r10\",\n \"kernel-tools-libs-4.18.0-147.5.2.14.h1050.eulerosv2r10\",\n \"python3-perf-4.18.0-147.5.2.14.h1050.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:P"}}], "suse": [{"lastseen": "2022-11-10T08:09:23", "description": "An update that solves 15 vulnerabilities and has 12 fixes\n is now available.\n\nDescription:\n\n\n The SUSE Linux Enterprise 15 SP1 LTSS kernel was updated to receive\n various security and bugfixes.\n\n\n The following security bugs were fixed:\n\n - CVE-2020-36516: Fixed an issue in the mixed IPID assignment method where\n an attacker was able to inject data into or terminate a victim's TCP\n session (bnc#1196616).\n - CVE-2021-4203: Fixed use-after-free read flaw that was found in\n sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and\n SO_PEERGROUPS race with listen() (bnc#1194535).\n - CVE-2022-1012: Fixed a memory leak problem that was found in the TCP\n source port generation algorithm in net/ipv4/tcp.c (bnc#1199482).\n - CVE-2022-20368: Fixed slab-out-of-bounds access in packet_recvmsg()\n (bsc#1202346).\n - CVE-2022-20369: Fixed out of bounds write in v4l2_m2m_querybuf of\n v4l2-mem2mem.c (bnc#1202347).\n - CVE-2022-21385: Fixed a flaw in net_rds_alloc_sgs() that allowed\n unprivileged local users to crash the machine (bnc#1202897).\n - CVE-2022-2588: Fixed use-after-free in cls_route (bsc#1202096).\n - CVE-2022-26373: Fixed non-transparent sharing of return predictor\n targets between contexts in some Intel Processors (bnc#1201726).\n - CVE-2022-2639: Fixed an integer coercion error that was found in the\n openvswitch kernel module (bnc#1202154).\n - CVE-2022-2663: Fixed an issue that was found in nf_conntrack_irc where\n the message handling could be confused and incorrectly matches the\n message (bnc#1202097).\n - CVE-2022-29581: Fixed improper update of reference count vulnerability\n in net/sched that allowed a local attacker to cause privilege escalation\n to root (bnc#1199665).\n - CVE-2022-2977: Fixed reference counting for struct tpm_chip\n (bsc#1202672).\n - CVE-2022-3028: Fixed race condition that was found in the IP framework\n for transforming packets (XFRM subsystem) (bnc#1202898).\n - CVE-2022-36879: Fixed an issue in xfrm_expand_policies in\n net/xfrm/xfrm_policy.c where a refcount could be dropped twice\n (bnc#1201948).\n - CVE-2022-39188: Fixed race condition in include/asm-generic/tlb.h where\n a device driver can free a page while it still has stale TLB entries\n (bnc#1203107).\n\n The following non-security bugs were fixed:\n\n - rpm: Fix parsing of rpm/macros.kernel-source on SLE12 (bsc#1201019).\n - cifs: fix error paths in cifs_tree_connect() (bsc#1177440).\n - cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share\n (bsc#1188944).\n - cifs: report error instead of invalid when revalidating a dentry fails\n (bsc#1177440).\n - cifs: skip trailing separators of prefix paths (bsc#1188944).\n - kernel-obs-build: include qemu_fw_cfg (boo#1201705)\n - lightnvm: Remove lightnvm implemenation (bsc#1191881 bsc#1201420\n ZDI-CAN-17325).\n - md/bitmap: do not set sb values if can't pass sanity check (bsc#1197158).\n - mm/rmap.c: do not reuse anon_vma if we just want a copy (git-fixes,\n bsc#1203098).\n - mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse\n (git-fixes, bsc#1203098).\n - net_sched: cls_route: disallow handle of 0 (bsc#1202393).\n - net_sched: cls_route: disallow handle of 0 (bsc#1202393).\n - objtool: Add --backtrace support (bsc#1202396).\n - objtool: Add support for intra-function calls (bsc#1202396).\n - objtool: Allow no-op CFI ops in alternatives (bsc#1202396).\n - objtool: Convert insn type to enum (bsc#1202396).\n - objtool: Do not use ignore flag for fake jumps (bsc#1202396).\n - objtool: Fix !CFI insn_state propagation (bsc#1202396).\n - objtool: Fix ORC vs alternatives (bsc#1202396).\n - objtool: Fix sibling call detection (bsc#1202396).\n - objtool: Make handle_insn_ops() unconditional (bsc#1202396).\n - objtool: Remove INSN_STACK (bsc#1202396).\n - objtool: Remove check preventing branches within alternative\n (bsc#1202396).\n - objtool: Rename elf_open() to prevent conflict with libelf from\n elftoolchain (bsc#1202396).\n - objtool: Rename struct cfi_state (bsc#1202396).\n - objtool: Rework allocating stack_ops on decode (bsc#1202396).\n - objtool: Rewrite alt->skip_orig (bsc#1202396).\n - objtool: Set insn->func for alternatives (bsc#1202396).\n - objtool: Support conditional retpolines (bsc#1202396).\n - objtool: Support multiple stack_op per instruction (bsc#1202396).\n - objtool: Track original function across branches (bsc#1202396).\n - objtool: Uniquely identify alternative instruction groups (bsc#1202396).\n - objtool: Use Elf_Scn typedef instead of assuming struct name\n (bsc#1202396).\n - tcp: add some entropy in __inet_hash_connect() (bsc#1180153 bsc#1202335).\n - tcp: change source port randomizarion at connect() time (bsc#1180153\n bsc#1202335).\n\n\nSpecial Instructions and Notes:\n\n Please reboot the system after installing this update.\n\nPatch Instructions:\n\n To install this SUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.4:\n\n zypper in -t patch openSUSE-SLE-15.4-2022-3408=1\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2022-3408=1\n\n - SUSE Linux Enterprise Server for SAP 15-SP1:\n\n zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3408=1\n\n - SUSE Linux Enterprise Server 15-SP1-LTSS:\n\n zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3408=1\n\n - SUSE Linux Enterprise Server 15-SP1-BCL:\n\n zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3408=1\n\n - SUSE Linux Enterprise Module for Live Patching 15-SP1:\n\n zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-3408=1\n\n Please note that this is the initial kernel livepatch without fixes\n itself, this livepatch package is later updated by seperate standalone\n livepatch updates.\n\n - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS:\n\n zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3408=1\n\n - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS:\n\n zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3408=1\n\n - SUSE Linux Enterprise High Availability 15-SP1:\n\n zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-3408=1\n\n - SUSE Enterprise Storage 6:\n\n zypper in -t patch SUSE-Storage-6-2022-3408=1\n\n - SUSE CaaS Platform 4.0:\n\n To install this update, use the SUSE CaaS Platform 'skuba' tool. It\n will inform you if it detects new updates and let you then trigger\n updating of the complete cluster in a controlled way.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 8.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2022-09-27T00:00:00", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2021-4203", "CVE-2022-1012", "CVE-2022-20368", "CVE-2022-20369", "CVE-2022-21385", "CVE-2022-2588", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-2663", "CVE-2022-29581", "CVE-2022-2977", "CVE-2022-3028", "CVE-2022-36879", "CVE-2022-39188"], "modified": "2022-09-27T00:00:00", "id": "SUSE-SU-2022:3408-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/3DXWZUKFQ3QUANZE2T6LHY4ZSFX3LXZ5/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}

CVE-2022-21385

Description

Affected Software

Related