DATABASE RESOURCES PRICING ABOUT US

{"id": "DEBIANCVE:CVE-2015-4004", "vendorId": null, "type": "debiancve", "bulletinFamily": "info", "title": "CVE-2015-4004", "description": "The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.", "published": "2015-06-07T23:59:00", "modified": "2015-06-07T23:59:00", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 8.5}, "severity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 7.8, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {}, "href": "https://security-tracker.debian.org/tracker/CVE-2015-4004", "reporter": "Debian Security Bug Tracker", "references": [], "cvelist": ["CVE-2015-4004"], "immutableFields": [], "lastseen": "2022-06-23T06:00:12", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cloudfoundry", "idList": ["CFOUNDRY:6D0A7CF1EF35A1C96485B4FC10A51978"]}, {"type": "cve", "idList": ["CVE-2015-4004"]}, {"type": "f5", "idList": ["F5:K16881", "SOL16881"]}, {"type": "nessus", "idList": ["EULEROS_SA-2019-1476.NASL", "EULEROS_SA-2019-2531.NASL", "EULEROS_SA-2021-2588.NASL", "OPENSUSE-2016-124.NASL", "UBUNTU_USN-2989-1.NASL", "UBUNTU_USN-2998-1.NASL", "UBUNTU_USN-3000-1.NASL", "UBUNTU_USN-3001-1.NASL", "UBUNTU_USN-3002-1.NASL", "UBUNTU_USN-3003-1.NASL", "UBUNTU_USN-3004-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310842779", "OPENVAS:1361412562310842787", "OPENVAS:1361412562310842788", "OPENVAS:1361412562310842791", "OPENVAS:1361412562310842793", "OPENVAS:1361412562310842796", "OPENVAS:1361412562310842797", "OPENVAS:1361412562310851176", "OPENVAS:1361412562311220191476", "OPENVAS:1361412562311220192531"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:0301-1"]}, {"type": "ubuntu", "idList": ["USN-2989-1", "USN-2998-1", "USN-3000-1", "USN-3001-1", "USN-3002-1", "USN-3003-1", "USN-3004-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-4004"]}], "rev": 4}, "score": {"value": 5.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "cloudfoundry", "idList": ["CFOUNDRY:6D0A7CF1EF35A1C96485B4FC10A51978"]}, {"type": "cve", "idList": ["CVE-2015-4004"]}, {"type": "f5", "idList": ["SOL16881"]}, {"type": "nessus", "idList": ["EULEROS_SA-2019-1476.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310842791"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2016:0301-1"]}, {"type": "ubuntu", "idList": ["USN-3001-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2015-4004"]}]}, "exploitation": null, "vulnersScore": 5.4}, "_state": {"dependencies": 0, "score": 0}, "_internal": {}, "affectedPackage": [{"OS": "Debian", "OSVersion": "12", "arch": "all", "packageFilename": "linux_5.18.5-1_all.deb", "packageVersion": "5.18.5-1", "operator": "lt", "status": "resolved", "packageName": "linux"}, {"OS": "Debian", "OSVersion": "11", "arch": "all", "packageFilename": "linux_5.10.106-1_all.deb", "packageVersion": "5.10.106-1", "operator": "lt", "status": "resolved", "packageName": "linux"}, {"OS": "Debian", "OSVersion": "10", "arch": "all", "packageFilename": "linux_4.19.235-1_all.deb", "packageVersion": "4.19.235-1", "operator": "lt", "status": "resolved", "packageName": "linux"}, {"OS": "Debian", "OSVersion": "999", "arch": "all", "packageFilename": "linux_5.18.5-1_all.deb", "packageVersion": "5.18.5-1", "operator": "lt", "status": "resolved", "packageName": "linux"}, {"OS": "Debian", "OSVersion": "9", "arch": "all", "packageFilename": "linux_4.9.228-1_all.deb", "packageVersion": "4.9.228-1", "operator": "lt", "status": "resolved", "packageName": "linux"}]}

{"cve": [{"lastseen": "2022-03-23T12:34:10", "description": "The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.", "cvss3": {}, "published": "2015-06-07T23:59:00", "type": "cve", "title": "CVE-2015-4004", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4004"], "modified": "2016-11-28T19:27:00", "cpe": ["cpe:/o:linux:linux_kernel:4.0.5", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:15.10", "cpe:/o:canonical:ubuntu_linux:12.04"], "id": "CVE-2015-4004", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4004", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "cpe:2.3:o:linux:linux_kernel:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*"]}], "ubuntucve": [{"lastseen": "2022-06-28T14:45:21", "description": "The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted\nlength field during packet parsing, which allows remote attackers to obtain\nsensitive information from kernel memory or cause a denial of service\n(out-of-bounds read and system crash) via a crafted packet.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[jdstrand](<https://launchpad.net/~jdstrand>) | android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support \n[apw](<https://launchpad.net/~apw>) | it seems that upstream gave up and ripped this driver out en-toto: commit a73e99cb67e7438e5ab0c524ae63a8a27616c839 Author: Jason A. Donenfeld &lt;Jason@zx2c4.com&gt; Date: Mon Aug 10 17:49:51 2015 +0200 staging: ozwpan: Remove from tree\n", "cvss3": {}, "published": "2015-06-07T00:00:00", "type": "ubuntucve", "title": "CVE-2015-4004", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 8.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4004"], "modified": "2015-06-07T00:00:00", "id": "UB:CVE-2015-4004", "href": "https://ubuntu.com/security/CVE-2015-4004", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}], "f5": [{"lastseen": "2017-10-12T02:11:14", "description": "Description\n\n * [CVE-2015-4001](<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4001>) \n \nInteger signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet. \n\n * [CVE-2015-4002](<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4002>) \n \ndrivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions. \n\n * [CVE-2015-4003](<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4003>) \n \nThe oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet. \n\n * [CVE-2015-4004](<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4004>) \n \nThe OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet. \n\n\nImpact\n\nThere is no impact; No F5 products are affected by these vulnerabilities.\n\nStatus\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | None \n| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n \n| Not vulnerable | None \nBIG-IP AAM | None | 11.4.0 - 11.6.0 \n| Not vulnerable | None \nBIG-IP AFM | None | 11.3.0 - 11.6.0 \n| Not vulnerable | None \nBIG-IP Analytics | None | 11.0.0 - 11.6.0 \n| Not vulnerable | None \nBIG-IP APM | None | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \nBIG-IP ASM | None | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \nBIG-IP Edge Gateway \n| None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \nBIG-IP GTM | None | 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \nBIG-IP Link Controller | None \n| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \nBIG-IP PEM | None \n| 11.3.0 - 11.6.0 \n| Not vulnerable | None \nBIG-IP PSM | None | 11.0.0 - 11.4.1 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \nBIG-IP WebAccelerator | None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \nBIG-IP WOM | None | 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4 \n| Not vulnerable | None \nARX | None | 6.0.0 - 6.4.0 \n| Not vulnerable | None \nEnterprise Manager | None | 3.0.0 - 3.1.1 \n| Not vulnerable | None \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 \n| Not vulnerable | None \nBIG-IQ Cloud | None \n| 4.0.0 - 4.5.0 \n| Not vulnerable | None \nBIG-IQ Device | None \n| 4.2.0 - 4.5.0 \n| Not vulnerable | None \nBIG-IQ Security | None \n| 4.0.0 - 4.5.0 \n| Not vulnerable | None \nBIG-IQ ADC | None \n| 4.5.0 \n| Not vulnerable | None \nLineRate | None \n| 2.5.0 - 2.6.0 \n| Not vulnerable | None \nF5 WebSafe | None \n| 1.0.0 \n| Not vulnerable | None \nTraffix SDC | None \n| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 \n| Not vulnerable | None \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\nRecommended Action\n\nNone\n\nSupplemental Information\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n", "cvss3": {}, "published": "2015-07-03T00:46:00", "type": "f5", "title": "OZWPAN driver vulnerabilities CVE-2015-4001, CVE-2015-4002, CVE-2015-4003, CVE-2015-4004", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4003", "CVE-2015-4002", "CVE-2015-4004", "CVE-2015-4001"], "modified": "2016-01-09T02:22:00", "id": "F5:K16881", "href": "https://support.f5.com/csp/article/K16881", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}, {"lastseen": "2016-03-19T09:02:09", "description": " * [CVE-2015-4001](<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4001>) \n \nInteger signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet. \n\n * [CVE-2015-4002](<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4002>) \n \ndrivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions. \n\n * [CVE-2015-4003](<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4003>) \n \nThe oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet. \n\n * [CVE-2015-4004](<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4004>) \n \nThe OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet. \n\n", "cvss3": {}, "published": "2015-07-02T00:00:00", "type": "f5", "title": "SOL16881 - OZWPAN driver vulnerabilities CVE-2015-4001, CVE-2015-4002, CVE-2015-4003, CVE-2015-4004", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-4003", "CVE-2015-4002", "CVE-2015-4004", "CVE-2015-4001"], "modified": "2015-07-02T00:00:00", "id": "SOL16881", "href": "http://support.f5.com/kb/en-us/solutions/public/16000/800/sol16881.html", "cvss": {"score": 9.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}}], "openvas": [{"lastseen": "2019-05-29T18:35:36", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-02T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-2989-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2069", "CVE-2016-4581", "CVE-2016-4486", "CVE-2015-4004", "CVE-2016-2187", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-3672"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842779", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842779", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-2989-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842779\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-02 05:21:18 +0200 (Thu, 02 Jun 2016)\");\n script_cve_id(\"CVE-2016-2117\", \"CVE-2015-4004\", \"CVE-2016-2069\", \"CVE-2016-2187\",\n \t\t\"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-4485\",\n\t\t\"CVE-2016-4486\", \"CVE-2016-4581\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-2989-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Justin Yackoski discovered that the Atheros\n L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O.\n A remote attacker could use this to obtain potentially sensitive information from\n kernel memory. (CVE-2016-2117)\n\n Jason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB\n over wifi device drivers in the Linux kernel. A remote attacker could use\n this to cause a denial of service (system crash) or obtain potentially\n sensitive information from kernel memory. (CVE-2015-4004)\n\n Andy Lutomirski discovered a race condition in the Linux kernel's\n translation lookaside buffer (TLB) handling of flush events. A local\n attacker could use this to cause a denial of service or possibly leak\n sensitive information. (CVE-2016-2069)\n\n Ralf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\n device driver did not properly validate endpoint descriptors. An attacker\n with physical access could use this to cause a denial of service (system\n crash). (CVE-2016-2187)\n\n Hector Marco and Ismael Ripoll discovered that the Linux kernel would\n improperly disable Address Space Layout Randomization (ASLR) for x86\n processes running in 32 bit mode if stack-consumption resource limits were\n disabled. A local attacker could use this to make it easier to exploit an\n existing vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\n Andrey Konovalov discovered that the CDC Network Control Model USB driver\n in the Linux kernel did not cancel work events queued if a later error\n occurred, resulting in a use-after-free. An attacker with physical access\n could use this to cause a denial of service (system crash). (CVE-2016-3951)\n\n It was discovered that an out-of-bounds write could occur when handling\n incoming packets in the USB/IP implementation in the Linux kernel. A remote\n attacker could use this to cause a denial of service (system crash) or\n possibly execute arbitrary code. (CVE-2016-3955)\n\n Kangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2\n Support implementations in the Linux kernel. A local attacker could use\n this to obtain potentially sensitive information from kernel memory.\n (CVE-2016-4485)\n\n Kangjie Lu discovered an information leak in the routing netlink socket\n interface (rtnetlink) implementation in the Linux kernel. A local attacker\n could use this to obtain potentially sensitive information from kernel\n memory. (CVE-2016-4486)\n\n It was discovered that in some situations the Linux kernel did not handle\n propagated mounts correctly. A local unprivileged attacker could use this\n to cause a denial of service (system crash). (CVE-2016-4581)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2989-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2989-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-87-generic\", ver:\"3.13.0-87.133\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-87-generic-lpae\", ver:\"3.13.0-87.133\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-87-lowlatency\", ver:\"3.13.0-87.133\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-87-powerpc-e500\", ver:\"3.13.0-87.133\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-87-powerpc-e500mc\", ver:\"3.13.0-87.133\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-87-powerpc-smp\", ver:\"3.13.0-87.133\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-87-powerpc64-emb\", ver:\"3.13.0-87.133\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-87-powerpc64-smp\", ver:\"3.13.0-87.133\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:20", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-trusty USN-2998-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-2069", "CVE-2016-4581", "CVE-2016-4486", "CVE-2015-4004", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-3672"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842797", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842797", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-trusty USN-2998-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842797\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-11 05:28:01 +0200 (Sat, 11 Jun 2016)\");\n script_cve_id(\"CVE-2016-2117\", \"CVE-2016-1583\", \"CVE-2015-4004\", \"CVE-2016-2069\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4581\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-trusty USN-2998-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-trusty'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux\nkernel incorrectly enables scatter/gather I/O. A remote attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap()\nhandler of a lower filesystem that did not implement one, causing a\nrecursive page fault to occur. A local unprivileged attacker could use to\ncause a denial of service (system crash) or possibly execute arbitrary code\nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB\nover wifi device drivers in the Linux kernel. A remote attacker could use\nthis to cause a denial of service (system crash) or obtain potentially\nsensitive information from kernel memory. (CVE-2015-4004)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's\ntranslation lookaside buffer (TLB) handling of flush events. A local\nattacker could use this to cause a denial of service or possibly leak\nsensitive information. (CVE-2016-2069)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An attacker\nwith physical access could use this to cause a denial of service (system\ncrash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits were\ndisabled. A local attacker could use this to make it easier to exploit an\nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver\nin the Linux kernel did not cancel work events queued if a later error\noccurred, resulting in a use-after-free. An attacker with physical access\ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling\nincoming packets in the USB/IP implementation in the Linux kernel. A remote\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2016-3955)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2\nSupport implementations in the Linux kernel. A local attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket\ninterface (rtnetlink) implementation in the Linux kerne ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"linux-lts-trusty on Ubuntu 12.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"2998-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2998-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU12\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-88-generic\", ver:\"3.13.0-88.135~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-88-generic-lpae\", ver:\"3.13.0-88.135~precise1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:49", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-vivid USN-3001-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2016-4486", "CVE-2015-4004", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-4565", "CVE-2016-3672"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842796", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842796", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-vivid USN-3001-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842796\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-11 05:27:47 +0200 (Sat, 11 Jun 2016)\");\n script_cve_id(\"CVE-2016-2117\", \"CVE-2016-1583\", \"CVE-2015-4004\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-vivid USN-3001-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-vivid'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux\nkernel incorrectly enables scatter/gather I/O. A remote attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap()\nhandler of a lower filesystem that did not implement one, causing a\nrecursive page fault to occur. A local unprivileged attacker could use to\ncause a denial of service (system crash) or possibly execute arbitrary code\nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB\nover wifi device drivers in the Linux kernel. A remote attacker could use\nthis to cause a denial of service (system crash) or obtain potentially\nsensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An attacker\nwith physical access could use this to cause a denial of service (system\ncrash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits were\ndisabled. A local attacker could use this to make it easier to exploit an\nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver\nin the Linux kernel did not cancel work events queued if a later error\noccurred, resulting in a use-after-free. An attacker with physical access\ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling\nincoming packets in the USB/IP implementation in the Linux kernel. A remote\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress\nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest\nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2\nSupport implementations in the Linux kernel. A local attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket\ninterface (rtnetlink) implementation in the Linux kernel. A local attacker\nco ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"linux-lts-vivid on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3001-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3001-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-61-generic\", ver:\"3.19.0-61.69~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-61-generic-lpae\", ver:\"3.19.0-61.69~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-61-lowlatency\", ver:\"3.19.0-61.69~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-61-powerpc-e500mc\", ver:\"3.19.0-61.69~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-61-powerpc-smp\", ver:\"3.19.0-61.69~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-61-powerpc64-emb\", ver:\"3.19.0-61.69~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.19.0-61-powerpc64-smp\", ver:\"3.19.0-61.69~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:59", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-wily USN-3002-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2016-4486", "CVE-2015-4004", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-4565", "CVE-2016-3672"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842788", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842788", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-wily USN-3002-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842788\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-11 05:25:57 +0200 (Sat, 11 Jun 2016)\");\n script_cve_id(\"CVE-2016-2117\", \"CVE-2016-1583\", \"CVE-2015-4004\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-wily USN-3002-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-wily'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux\nkernel incorrectly enables scatter/gather I/O. A remote attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap()\nhandler of a lower filesystem that did not implement one, causing a\nrecursive page fault to occur. A local unprivileged attacker could use to\ncause a denial of service (system crash) or possibly execute arbitrary code\nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB\nover wifi device drivers in the Linux kernel. A remote attacker could use\nthis to cause a denial of service (system crash) or obtain potentially\nsensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An attacker\nwith physical access could use this to cause a denial of service (system\ncrash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits were\ndisabled. A local attacker could use this to make it easier to exploit an\nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver\nin the Linux kernel did not cancel work events queued if a later error\noccurred, resulting in a use-after-free. An attacker with physical access\ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling\nincoming packets in the USB/IP implementation in the Linux kernel. A remote\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress\nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest\nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2\nSupport implementations in the Linux kernel. A local attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket\ninterface (rtnetlink) implementation in the Linux kernel. A local attacker\ncou ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"linux-lts-wily on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3002-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3002-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-generic\", ver:\"4.2.0-38.45~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-generic-lpae\", ver:\"4.2.0-38.45~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-lowlatency\", ver:\"4.2.0-38.45~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-powerpc-e500mc\", ver:\"4.2.0-38.45~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-powerpc-smp\", ver:\"4.2.0-38.45~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-powerpc64-emb\", ver:\"4.2.0-38.45~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-powerpc64-smp\", ver:\"4.2.0-38.45~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3003-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2016-4486", "CVE-2015-4004", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-4565", "CVE-2016-3672"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842791", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842791", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux USN-3003-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842791\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-11 05:26:24 +0200 (Sat, 11 Jun 2016)\");\n script_cve_id(\"CVE-2016-2117\", \"CVE-2016-1583\", \"CVE-2015-4004\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3003-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux\nkernel incorrectly enables scatter/gather I/O. A remote attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap()\nhandler of a lower filesystem that did not implement one, causing a\nrecursive page fault to occur. A local unprivileged attacker could use to\ncause a denial of service (system crash) or possibly execute arbitrary code\nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB\nover wifi device drivers in the Linux kernel. A remote attacker could use\nthis to cause a denial of service (system crash) or obtain potentially\nsensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An attacker\nwith physical access could use this to cause a denial of service (system\ncrash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits were\ndisabled. A local attacker could use this to make it easier to exploit an\nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver\nin the Linux kernel did not cancel work events queued if a later error\noccurred, resulting in a use-after-free. An attacker with physical access\ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling\nincoming packets in the USB/IP implementation in the Linux kernel. A remote\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress\nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest\nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2\nSupport implementations in the Linux kernel. A local attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket\ninterface (rtnetlink) implementation in the Linux kernel. A local attacker\ncould use this t ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 15.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3003-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3003-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU15\\.10\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-generic\", ver:\"4.2.0-38.45\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-generic-lpae\", ver:\"4.2.0-38.45\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-lowlatency\", ver:\"4.2.0-38.45\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-powerpc-e500mc\", ver:\"4.2.0-38.45\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-powerpc-smp\", ver:\"4.2.0-38.45\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-powerpc64-emb\", ver:\"4.2.0-38.45\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-38-powerpc64-smp\", ver:\"4.2.0-38.45\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:16", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-raspi2 USN-3004-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2016-4486", "CVE-2015-4004", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-4565", "CVE-2016-3672"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842787", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842787", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-raspi2 USN-3004-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842787\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-11 05:25:42 +0200 (Sat, 11 Jun 2016)\");\n script_cve_id(\"CVE-2016-2117\", \"CVE-2016-1583\", \"CVE-2015-4004\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-raspi2 USN-3004-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-raspi2'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux\nkernel incorrectly enables scatter/gather I/O. A remote attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap()\nhandler of a lower filesystem that did not implement one, causing a\nrecursive page fault to occur. A local unprivileged attacker could use to\ncause a denial of service (system crash) or possibly execute arbitrary code\nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB\nover wifi device drivers in the Linux kernel. A remote attacker could use\nthis to cause a denial of service (system crash) or obtain potentially\nsensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An attacker\nwith physical access could use this to cause a denial of service (system\ncrash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits were\ndisabled. A local attacker could use this to make it easier to exploit an\nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver\nin the Linux kernel did not cancel work events queued if a later error\noccurred, resulting in a use-after-free. An attacker with physical access\ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling\nincoming packets in the USB/IP implementation in the Linux kernel. A remote\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress\nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest\nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2\nSupport implementations in the Linux kernel. A local attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket\ninterface (rtnetlink) implementation in the Linux kernel. A local attacker\ncould use ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"linux-raspi2 on Ubuntu 15.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3004-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3004-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU15\\.10\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU15.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-4.2.0-1031-raspi2\", ver:\"4.2.0-1031.41\", rls:\"UBUNTU15.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:27", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-06-11T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-lts-utopic USN-3000-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-4581", "CVE-2016-3689", "CVE-2016-4486", "CVE-2015-4004", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-3137", "CVE-2016-4485", "CVE-2016-3136", "CVE-2016-3140", "CVE-2016-2117", "CVE-2016-3672"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842793", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842793", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for linux-lts-utopic USN-3000-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842793\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-06-11 05:27:00 +0200 (Sat, 11 Jun 2016)\");\n script_cve_id(\"CVE-2016-2117\", \"CVE-2016-1583\", \"CVE-2015-4004\", \"CVE-2016-2187\", \"CVE-2016-3136\", \"CVE-2016-3137\", \"CVE-2016-3140\", \"CVE-2016-3672\", \"CVE-2016-3689\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4581\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux-lts-utopic USN-3000-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-lts-utopic'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux\nkernel incorrectly enables scatter/gather I/O. A remote attacker could use\nthis to obtain potentially sensitive information from kernel memory.\n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap()\nhandler of a lower filesystem that did not implement one, causing a\nrecursive page fault to occur. A local unprivileged attacker could use to\ncause a denial of service (system crash) or possibly execute arbitrary code\nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB\nover wifi device drivers in the Linux kernel. A remote attacker could use\nthis to cause a denial of service (system crash) or obtain potentially\nsensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An attacker\nwith physical access could use this to cause a denial of service (system\ncrash). (CVE-2016-2187)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the\nMCT USB RS232 Converter device driver in the Linux kernel did not properly\nvalidate USB device descriptors. An attacker with physical access could use\nthis to cause a denial of service (system crash). (CVE-2016-3136)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the\nCypress M8 USB device driver in the Linux kernel did not properly validate\nUSB device descriptors. An attacker with physical access could use this to\ncause a denial of service (system crash). (CVE-2016-3137)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the\nLinux kernel's USB driver for Digi AccelePort serial converters did not\nproperly validate USB device descriptors. An attacker with physical access\ncould use this to cause a denial of service (system crash). (CVE-2016-3140)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits were\ndisabled. A local attacker could use this to make it easier to exploit an\nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nIt was discovered that the Linux kernel's USB driver for IMS Passenger\nControl Unit devices did not properly validate the device's interfaces. An\nattacker with physical access could use this to cause a denial of service\n(system crash). (CVE-2016-3689)\n\nAndrey Konovalov discovered that the CD ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"linux-lts-utopic on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"USN\", value:\"3000-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3000-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-73-generic\", ver:\"3.16.0-73.95~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-73-generic-lpae\", ver:\"3.16.0-73.95~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-73-lowlatency\", ver:\"3.16.0-73.95~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-73-powerpc-e500mc\", ver:\"3.16.0-73.95~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-73-powerpc-smp\", ver:\"3.16.0-73.95~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-73-powerpc64-emb\", ver:\"3.16.0-73.95~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.16.0-73-powerpc64-smp\", ver:\"3.16.0-73.95~14.04.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-05T13:57:31", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1476)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-8822", "CVE-2017-18193", "CVE-2017-18255", "CVE-2018-14609", "CVE-2015-4003", "CVE-2018-12633", "CVE-2015-8964", "CVE-2015-2877", "CVE-2015-8952", "CVE-2013-4516", "CVE-2017-5550", "CVE-2015-4004", "CVE-2017-8824", "CVE-2014-7283", "CVE-2016-3137", "CVE-2015-3636", "CVE-2016-2061", "CVE-2013-2895", "CVE-2018-1092", "CVE-2017-17806"], "modified": "2020-02-05T00:00:00", "id": "OPENVAS:1361412562311220191476", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191476", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1476\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2013-2895\", \"CVE-2013-4516\", \"CVE-2014-7283\", \"CVE-2015-2877\", \"CVE-2015-3636\", \"CVE-2015-4003\", \"CVE-2015-4004\", \"CVE-2015-8952\", \"CVE-2015-8964\", \"CVE-2016-2061\", \"CVE-2016-3137\", \"CVE-2017-17806\", \"CVE-2017-18193\", \"CVE-2017-18255\", \"CVE-2017-5550\", \"CVE-2017-8824\", \"CVE-2018-1092\", \"CVE-2018-12633\", \"CVE-2018-14609\", \"CVE-2018-8822\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:50:31 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1476)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1476\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1476\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1476 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A use-after-free vulnerability was found in DCCP socket code affecting the Linux kernel since 2.6.16. This vulnerability could allow an attacker to their escalate privileges.(CVE-2017-8824)\n\nThe OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.(CVE-2015-4004)\n\nInteger signedness error in the MSM V4L2 video driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (array overflow and memory corruption) via a crafted application that triggers an msm_isp_axi_create_stream call.(CVE-2016-2061)\n\nA denial of service flaw was found in the way the Linux kernel's XFS file system implementation ordered directory hashes under certain conditions. A local attacker could use this flaw to corrupt the file system by creating directories with colliding hash values, potentially resulting in a system crash.(CVE-2014-7283)\n\nIt was found that the Linux kernel's ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On non-x86-64 architecture systems, a local user able to create ping sockets could use this flaw to escalate their privileges on the system.(CVE-2015-3636)\n\nIncorrect buffer length handling was found in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel, which could be exploited by malicious NCPFS servers to crash the kernel or possibly execute an arbitrary code.(CVE-2018-8822)\n\n** DISPUTED ** Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the vendor states 'Basically if you care about this attack vector, disable deduplication.' Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities.(CVE-2015-2877)\n\nThe tty_set_termios_ldisc() function in 'drivers/tty/tty_ldisc.c' in the Linux kernel before 4.5 allows lo ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2020-01-27T18:38:25", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-2531)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19054", "CVE-2015-3332", "CVE-2017-13216", "CVE-2015-4003", "CVE-2019-0136", "CVE-2019-17666", "CVE-2014-4157", "CVE-2018-7755", "CVE-2015-4002", "CVE-2018-20510", "CVE-2014-4508", "CVE-2015-9289", "CVE-2016-4486", "CVE-2017-8831", "CVE-2019-19062", "CVE-2017-18551", "CVE-2016-2186", "CVE-2016-3857", "CVE-2015-4004", "CVE-2019-18806", "CVE-2019-9506", "CVE-2018-14625", "CVE-2017-15537", "CVE-2019-17075", "CVE-2015-4001", "CVE-2014-7843", "CVE-2019-16746", "CVE-2014-9870", "CVE-2019-18808", "CVE-2017-7482", "CVE-2017-16647", "CVE-2018-9363", "CVE-2014-9888", "CVE-2019-19066", "CVE-2015-7833", "CVE-2015-8955", "CVE-2018-7995", "CVE-2019-16231", "CVE-2019-16232", "CVE-2016-6130", "CVE-2019-3846", "CVE-2014-8133", "CVE-2015-8967", "CVE-2019-19060", "CVE-2012-2372", "CVE-2019-10126", "CVE-2014-9892", "CVE-2017-5897", "CVE-2019-16234", "CVE-2019-17133", "CVE-2019-19061"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192531", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192531", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2531\");\n script_version(\"2020-01-23T13:03:47+0000\");\n script_cve_id(\"CVE-2012-2372\", \"CVE-2014-4157\", \"CVE-2014-4508\", \"CVE-2014-7843\", \"CVE-2014-8133\", \"CVE-2014-9870\", \"CVE-2014-9888\", \"CVE-2014-9892\", \"CVE-2015-3332\", \"CVE-2015-4001\", \"CVE-2015-4002\", \"CVE-2015-4003\", \"CVE-2015-4004\", \"CVE-2015-7833\", \"CVE-2015-8955\", \"CVE-2015-8967\", \"CVE-2015-9289\", \"CVE-2016-2186\", \"CVE-2016-3857\", \"CVE-2016-4486\", \"CVE-2016-6130\", \"CVE-2017-13216\", \"CVE-2017-15537\", \"CVE-2017-16647\", \"CVE-2017-18551\", \"CVE-2017-5897\", \"CVE-2017-7482\", \"CVE-2017-8831\", \"CVE-2018-14625\", \"CVE-2018-20510\", \"CVE-2018-7755\", \"CVE-2018-7995\", \"CVE-2018-9363\", \"CVE-2019-0136\", \"CVE-2019-10126\", \"CVE-2019-16231\", \"CVE-2019-16232\", \"CVE-2019-16234\", \"CVE-2019-16746\", \"CVE-2019-17075\", \"CVE-2019-17133\", \"CVE-2019-17666\", \"CVE-2019-18806\", \"CVE-2019-18808\", \"CVE-2019-19054\", \"CVE-2019-19060\", \"CVE-2019-19061\", \"CVE-2019-19062\", \"CVE-2019-19066\", \"CVE-2019-3846\", \"CVE-2019-9506\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:03:47 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:03:47 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-2531)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2531\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2531\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-2531 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2186)\n\nThe snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717.(CVE-2014-9892)\n\nA memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b.(CVE-2019-19054)\n\nA memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41.(CVE-2019-19060)\n\nA memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3.(CVE-2019-19061)\n\nA memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042.(CVE-2019-19062)\n\nA memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.(CVE-2019-18808)\n\nIn ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-66954097.(CVE-2017-13216)\n\nA certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~862.14.1.5.h328.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~862.14.1.5.h328.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~862.14.1.5.h328.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~862.14.1.5.h328.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~862.14.1.5.h328.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~862.14.1.5.h328.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~862.14.1.5.h328.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-14T18:58:39", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-02-02T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2016:0301-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9715", "CVE-2015-8551", "CVE-2015-2830", "CVE-2015-4003", "CVE-2015-4692", "CVE-2015-2925", "CVE-2014-9529", "CVE-2015-8215", "CVE-2015-1420", "CVE-2014-9090", "CVE-2015-5364", "CVE-2015-4002", "CVE-2015-2922", "CVE-2015-7550", "CVE-2015-3339", "CVE-2014-2568", "CVE-2014-9728", "CVE-2014-8989", "CVE-2015-1421", "CVE-2014-9730", "CVE-2015-4004", "CVE-2015-5366", "CVE-2015-7872", "CVE-2015-5307", "CVE-2015-8550", "CVE-2015-4001", "CVE-2015-8543", "CVE-2016-0728", "CVE-2015-7990", "CVE-2015-0777", "CVE-2014-9729", "CVE-2015-3636", "CVE-2015-7833", "CVE-2015-8767", "CVE-2015-3212", "CVE-2015-7799", "CVE-2014-9683", "CVE-2015-2150", "CVE-2015-5283", "CVE-2015-8575", "CVE-2015-8552", "CVE-2015-4167", "CVE-2015-8569", "CVE-2014-8133", "CVE-2015-2041", "CVE-2014-9419", "CVE-2015-0272", "CVE-2014-9731", "CVE-2015-5707", "CVE-2015-5157", "CVE-2015-7885", "CVE-2015-4036", "CVE-2015-2042", "CVE-2015-6937", "CVE-2015-8104", "CVE-2015-4700", "CVE-2015-2666"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851176", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851176", "sourceData": "# Copyright (C) 2016 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851176\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2016-02-02 06:16:13 +0100 (Tue, 02 Feb 2016)\");\n script_cve_id(\"CVE-2014-2568\", \"CVE-2014-8133\", \"CVE-2014-8989\", \"CVE-2014-9090\",\n \"CVE-2014-9419\", \"CVE-2014-9529\", \"CVE-2014-9683\", \"CVE-2014-9715\",\n \"CVE-2014-9728\", \"CVE-2014-9729\", \"CVE-2014-9730\", \"CVE-2014-9731\",\n \"CVE-2015-0272\", \"CVE-2015-0777\", \"CVE-2015-1420\", \"CVE-2015-1421\",\n \"CVE-2015-2041\", \"CVE-2015-2042\", \"CVE-2015-2150\", \"CVE-2015-2666\",\n \"CVE-2015-2830\", \"CVE-2015-2922\", \"CVE-2015-2925\", \"CVE-2015-3212\",\n \"CVE-2015-3339\", \"CVE-2015-3636\", \"CVE-2015-4001\", \"CVE-2015-4002\",\n \"CVE-2015-4003\", \"CVE-2015-4004\", \"CVE-2015-4036\", \"CVE-2015-4167\",\n \"CVE-2015-4692\", \"CVE-2015-4700\", \"CVE-2015-5157\", \"CVE-2015-5283\",\n \"CVE-2015-5307\", \"CVE-2015-5364\", \"CVE-2015-5366\", \"CVE-2015-5707\",\n \"CVE-2015-6937\", \"CVE-2015-7550\", \"CVE-2015-7799\", \"CVE-2015-7833\",\n \"CVE-2015-7872\", \"CVE-2015-7885\", \"CVE-2015-7990\", \"CVE-2015-8104\",\n \"CVE-2015-8215\", \"CVE-2015-8543\", \"CVE-2015-8550\", \"CVE-2015-8551\",\n \"CVE-2015-8552\", \"CVE-2015-8569\", \"CVE-2015-8575\", \"CVE-2015-8767\",\n \"CVE-2016-0728\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2016:0301-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE 13.1 kernel was updated to receive various security and\n bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2016-0728: A reference leak in keyring handling with\n join_session_keyring() could lead to local attackers gain root\n privileges. (bsc#962075).\n\n - CVE-2015-7550: A local user could have triggered a race between read and\n revoke in keyctl (bnc#958951).\n\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in\n drivers/net/ppp/pptp.c in the Linux kernel did not verify an address\n length, which allowed local users to obtain sensitive information from\n kernel memory and bypass the KASLR protection mechanism via a crafted\n application (bnc#959190).\n\n - CVE-2015-8543: The networking implementation in the Linux kernel did not\n validate protocol identifiers for certain protocol families, which\n allowed local users to cause a denial of service (NULL function pointer\n dereference and system crash) or possibly gain privileges by leveraging\n CLONE_NEWUSER support to execute a crafted SOCK_RAW application\n (bnc#958886).\n\n - CVE-2014-8989: The Linux kernel did not properly restrict dropping\n of supplemental group memberships in certain namespace scenarios, which\n allowed local users to bypass intended file permissions by leveraging a\n POSIX ACL containing an entry for the group category that is more\n restrictive than the entry for the other category, aka a 'negative\n groups' issue, related to kernel/groups.c, kernel/uid16.c, and\n kernel/user_namespace.c (bnc#906545).\n\n - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the\n x86_64 platform mishandles IRET faults in processing NMIs that\n occurred during userspace execution, which might allow local users to\n gain privileges by triggering an NMI (bnc#937969).\n\n - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the\n Linux kernel through 4.2.3 did not ensure that certain slot numbers are\n valid, which allowed local users to cause a denial of service (NULL\n pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl\n call (bnc#949936).\n\n - CVE-2015-8104: The KVM subsystem in the Linux kernel through 4.2.6, and\n Xen 4.3.x through 4.6.x, allowed guest OS users to cause a denial\n of service (host OS panic or hang) by triggering many #DB (aka Debug)\n exceptions, related to svm.c (bnc#954404).\n\n - CVE-2015-5307: The KVM subsystem in the Linux kernel through 4.2.6, and\n Xen 4.3.x through 4.6.x, allowed guest OS users to cause a denial\n of service (host OS panic or hang) by triggering many #AC (aka Alignment\n Check) exceptions, related to svm.c and vmx. ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"kernel on openSUSE 13.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2016:0301-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.1\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop\", rpm:\"kernel-desktop~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-base\", rpm:\"kernel-desktop-base~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-base-debuginfo\", rpm:\"kernel-desktop-base-debuginfo~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-debuginfo\", rpm:\"kernel-desktop-debuginfo~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-debugsource\", rpm:\"kernel-desktop-debugsource~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-devel\", rpm:\"kernel-desktop-devel~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-desktop-devel-debuginfo\", rpm:\"kernel-desktop-devel-debuginfo~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2\", rpm:\"kernel-ec2~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base\", rpm:\"kernel-ec2-base~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-base-debuginfo\", rpm:\"kernel-ec2-base-debuginfo~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debuginfo\", rpm:\"kernel-ec2-debuginfo~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-debugsource\", rpm:\"kernel-ec2-debugsource~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-devel\", rpm:\"kernel-ec2-devel~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-ec2-devel-debuginfo\", rpm:\"kernel-ec2-devel-debuginfo~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace\", rpm:\"kernel-trace~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-base\", rpm:\"kernel-trace-base~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-base-debuginfo\", rpm:\"kernel-trace-base-debuginfo~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-debuginfo\", rpm:\"kernel-trace-debuginfo~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-debugsource\", rpm:\"kernel-trace-debugsource~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-devel\", rpm:\"kernel-trace-devel~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-trace-devel-debuginfo\", rpm:\"kernel-trace-devel-debuginfo~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel-debuginfo\", rpm:\"kernel-vanilla-devel-debuginfo~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen\", rpm:\"kernel-xen~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base\", rpm:\"kernel-xen-base~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-base-debuginfo\", rpm:\"kernel-xen-base-debuginfo~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debuginfo\", rpm:\"kernel-xen-debuginfo~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-debugsource\", rpm:\"kernel-xen-debugsource~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel\", rpm:\"kernel-xen-devel~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-xen-devel-debuginfo\", rpm:\"kernel-xen-devel-debuginfo~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop\", rpm:\"cloop~2.639~11.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-debuginfo\", rpm:\"cloop-debuginfo~2.639~11.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-debugsource\", rpm:\"cloop-debugsource~2.639~11.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-default\", rpm:\"cloop-kmp-default~2.639_k3.11.10_32~11.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-default-debuginfo\", rpm:\"cloop-kmp-default-debuginfo~2.639_k3.11.10_32~11.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-desktop\", rpm:\"cloop-kmp-desktop~2.639_k3.11.10_32~11.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-desktop-debuginfo\", rpm:\"cloop-kmp-desktop-debuginfo~2.639_k3.11.10_32~11.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-xen\", rpm:\"cloop-kmp-xen~2.639_k3.11.10_32~11.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-xen-debuginfo\", rpm:\"cloop-kmp-xen-debuginfo~2.639_k3.11.10_32~11.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash\", rpm:\"crash~7.0.2~2.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-debuginfo\", rpm:\"crash-debuginfo~7.0.2~2.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-debugsource\", rpm:\"crash-debugsource~7.0.2~2.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-devel\", rpm:\"crash-devel~7.0.2~2.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-doc\", rpm:\"crash-doc~7.0.2~2.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-eppic\", rpm:\"crash-eppic~7.0.2~2.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-eppic-debuginfo\", rpm:\"crash-eppic-debuginfo~7.0.2~2.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-gcore\", rpm:\"crash-gcore~7.0.2~2.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-gcore-debuginfo\", rpm:\"crash-gcore-debuginfo~7.0.2~2.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-default\", rpm:\"crash-kmp-default~7.0.2_k3.11.10_32~2.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-default-debuginfo\", rpm:\"crash-kmp-default-debuginfo~7.0.2_k3.11.10_32~2.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-desktop\", rpm:\"crash-kmp-desktop~7.0.2_k3.11.10_32~2.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-desktop-debuginfo\", rpm:\"crash-kmp-desktop-debuginfo~7.0.2_k3.11.10_32~2.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-xen\", rpm:\"crash-kmp-xen~7.0.2_k3.11.10_32~2.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-xen-debuginfo\", rpm:\"crash-kmp-xen-debuginfo~7.0.2_k3.11.10_32~2.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-debugsource\", rpm:\"hdjmod-debugsource~1.28~16.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-default\", rpm:\"hdjmod-kmp-default~1.28_k3.11.10_32~16.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-default-debuginfo\", rpm:\"hdjmod-kmp-default-debuginfo~1.28_k3.11.10_32~16.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-desktop\", rpm:\"hdjmod-kmp-desktop~1.28_k3.11.10_32~16.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-desktop-debuginfo\", rpm:\"hdjmod-kmp-desktop-debuginfo~1.28_k3.11.10_32~16.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-xen\", rpm:\"hdjmod-kmp-xen~1.28_k3.11.10_32~16.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-xen-debuginfo\", rpm:\"hdjmod-kmp-xen-debuginfo~1.28_k3.11.10_32~16.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset\", rpm:\"ipset~6.21.1~2.26.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-debuginfo\", rpm:\"ipset-debuginfo~6.21.1~2.26.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-debugsource\", rpm:\"ipset-debugsource~6.21.1~2.26.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-devel\", rpm:\"ipset-devel~6.21.1~2.26.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-default\", rpm:\"ipset-kmp-default~6.21.1_k3.11.10_32~2.26.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-default-debuginfo\", rpm:\"ipset-kmp-default-debuginfo~6.21.1_k3.11.10_32~2.26.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-desktop\", rpm:\"ipset-kmp-desktop~6.21.1_k3.11.10_32~2.26.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-desktop-debuginfo\", rpm:\"ipset-kmp-desktop-debuginfo~6.21.1_k3.11.10_32~2.26.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-xen\", rpm:\"ipset-kmp-xen~6.21.1_k3.11.10_32~2.26.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-xen-debuginfo\", rpm:\"ipset-kmp-xen-debuginfo~6.21.1_k3.11.10_32~2.26.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget\", rpm:\"iscsitarget~1.4.20.3~13.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-debuginfo\", rpm:\"iscsitarget-debuginfo~1.4.20.3~13.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-debugsource\", rpm:\"iscsitarget-debugsource~1.4.20.3~13.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-default\", rpm:\"iscsitarget-kmp-default~1.4.20.3_k3.11.10_32~13.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-default-debuginfo\", rpm:\"iscsitarget-kmp-default-debuginfo~1.4.20.3_k3.11.10_32~13.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-desktop\", rpm:\"iscsitarget-kmp-desktop~1.4.20.3_k3.11.10_32~13.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-desktop-debuginfo\", rpm:\"iscsitarget-kmp-desktop-debuginfo~1.4.20.3_k3.11.10_32~13.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-xen\", rpm:\"iscsitarget-kmp-xen~1.4.20.3_k3.11.10_32~13.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-xen-debuginfo\", rpm:\"iscsitarget-kmp-xen-debuginfo~1.4.20.3_k3.11.10_32~13.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel-debuginfo\", rpm:\"kernel-default-devel-debuginfo~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libipset3\", rpm:\"libipset3~6.21.1~2.26.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"libipset3-debuginfo\", rpm:\"libipset3-debuginfo~6.21.1~2.26.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper\", rpm:\"ndiswrapper~1.58~22.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-debuginfo\", rpm:\"ndiswrapper-debuginfo~1.58~22.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-debugsource\", rpm:\"ndiswrapper-debugsource~1.58~22.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-default\", rpm:\"ndiswrapper-kmp-default~1.58_k3.11.10_32~22.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-default-debuginfo\", rpm:\"ndiswrapper-kmp-default-debuginfo~1.58_k3.11.10_32~22.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-desktop\", rpm:\"ndiswrapper-kmp-desktop~1.58_k3.11.10_32~22.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-desktop-debuginfo\", rpm:\"ndiswrapper-kmp-desktop-debuginfo~1.58_k3.11.10_32~22.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock\", rpm:\"pcfclock~0.44~258.22.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-debuginfo\", rpm:\"pcfclock-debuginfo~0.44~258.22.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-debugsource\", rpm:\"pcfclock-debugsource~0.44~258.22.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-default\", rpm:\"pcfclock-kmp-default~0.44_k3.11.10_32~258.22.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-default-debuginfo\", rpm:\"pcfclock-kmp-default-debuginfo~0.44_k3.11.10_32~258.22.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-desktop\", rpm:\"pcfclock-kmp-desktop~0.44_k3.11.10_32~258.22.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-desktop-debuginfo\", rpm:\"pcfclock-kmp-desktop-debuginfo~0.44_k3.11.10_32~258.22.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-virtualbox\", rpm:\"python-virtualbox~4.2.36~2.55.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-virtualbox-debuginfo\", rpm:\"python-virtualbox-debuginfo~4.2.36~2.55.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-debugsource\", rpm:\"vhba-kmp-debugsource~20130607~2.23.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-default\", rpm:\"vhba-kmp-default~20130607_k3.11.10_32~2.23.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-default-debuginfo\", rpm:\"vhba-kmp-default-debuginfo~20130607_k3.11.10_32~2.23.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-desktop\", rpm:\"vhba-kmp-desktop~20130607_k3.11.10_32~2.23.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-desktop-debuginfo\", rpm:\"vhba-kmp-desktop-debuginfo~20130607_k3.11.10_32~2.23.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-xen\", rpm:\"vhba-kmp-xen~20130607_k3.11.10_32~2.23.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-xen-debuginfo\", rpm:\"vhba-kmp-xen-debuginfo~20130607_k3.11.10_32~2.23.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox\", rpm:\"virtualbox~4.2.36~2.55.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-debuginfo\", rpm:\"virtualbox-debuginfo~4.2.36~2.55.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-debugsource\", rpm:\"virtualbox-debugsource~4.2.36~2.55.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-devel\", rpm:\"virtualbox-devel~4.2.36~2.55.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-default\", rpm:\"virtualbox-guest-kmp-default~4.2.36_k3.11.10_32~2.55.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-default-debuginfo\", rpm:\"virtualbox-guest-kmp-default-debuginfo~4.2.36_k3.11.10_32~2.55.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-desktop\", rpm:\"virtualbox-guest-kmp-desktop~4.2.36_k3.11.10_32~2.55.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-desktop-debuginfo\", rpm:\"virtualbox-guest-kmp-desktop-debuginfo~4.2.36_k3.11.10_32~2.55.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-tools\", rpm:\"virtualbox-guest-tools~4.2.36~2.55.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-tools-debuginfo\", rpm:\"virtualbox-guest-tools-debuginfo~4.2.36~2.55.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-x11\", rpm:\"virtualbox-guest-x11~4.2.36~2.55.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-x11-debuginfo\", rpm:\"virtualbox-guest-x11-debuginfo~4.2.36~2.55.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-default\", rpm:\"virtualbox-host-kmp-default~4.2.36_k3.11.10_32~2.55.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-default-debuginfo\", rpm:\"virtualbox-host-kmp-default-debuginfo~4.2.36_k3.11.10_32~2.55.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-desktop\", rpm:\"virtualbox-host-kmp-desktop~4.2.36_k3.11.10_32~2.55.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-desktop-debuginfo\", rpm:\"virtualbox-host-kmp-desktop-debuginfo~4.2.36_k3.11.10_32~2.55.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-qt\", rpm:\"virtualbox-qt~4.2.36~2.55.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-qt-debuginfo\", rpm:\"virtualbox-qt-debuginfo~4.2.36~2.55.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-websrv\", rpm:\"virtualbox-websrv~4.2.36~2.55.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-websrv-debuginfo\", rpm:\"virtualbox-websrv-debuginfo~4.2.36~2.55.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-debugsource\", rpm:\"xen-debugsource~4.3.4_10~56.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-devel\", rpm:\"xen-devel~4.3.4_10~56.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-default\", rpm:\"xen-kmp-default~4.3.4_10_k3.11.10_32~56.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-default-debuginfo\", rpm:\"xen-kmp-default-debuginfo~4.3.4_10_k3.11.10_32~56.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-desktop\", rpm:\"xen-kmp-desktop~4.3.4_10_k3.11.10_32~56.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-desktop-debuginfo\", rpm:\"xen-kmp-desktop-debuginfo~4.3.4_10_k3.11.10_32~56.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs\", rpm:\"xen-libs~4.3.4_10~56.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo\", rpm:\"xen-libs-debuginfo~4.3.4_10~56.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU\", rpm:\"xen-tools-domU~4.3.4_10~56.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-domU-debuginfo\", rpm:\"xen-tools-domU-debuginfo~4.3.4_10~56.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons\", rpm:\"xtables-addons~2.3~2.22.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-debuginfo\", rpm:\"xtables-addons-debuginfo~2.3~2.22.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-debugsource\", rpm:\"xtables-addons-debugsource~2.3~2.22.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-default\", rpm:\"xtables-addons-kmp-default~2.3_k3.11.10_32~2.22.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-default-debuginfo\", rpm:\"xtables-addons-kmp-default-debuginfo~2.3_k3.11.10_32~2.22.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-desktop\", rpm:\"xtables-addons-kmp-desktop~2.3_k3.11.10_32~2.22.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-desktop-debuginfo\", rpm:\"xtables-addons-kmp-desktop-debuginfo~2.3_k3.11.10_32~2.22.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-xen\", rpm:\"xtables-addons-kmp-xen~2.3_k3.11.10_32~2.22.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-xen-debuginfo\", rpm:\"xtables-addons-kmp-xen-debuginfo~2.3_k3.11.10_32~2.22.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~3.11.10~32.3\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-source\", rpm:\"virtualbox-host-source~4.2.36~2.55.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen\", rpm:\"xen~4.3.4_10~56.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-doc-html\", rpm:\"xen-doc-html~4.3.4_10~56.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-32bit\", rpm:\"xen-libs-32bit~4.3.4_10~56.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-libs-debuginfo-32bit\", rpm:\"xen-libs-debuginfo-32bit~4.3.4_10~56.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools\", rpm:\"xen-tools~4.3.4_10~56.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-tools-debuginfo\", rpm:\"xen-tools-debuginfo~4.3.4_10~56.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-xend-tools\", rpm:\"xen-xend-tools~4.3.4_10~56.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-xend-tools-debuginfo\", rpm:\"xen-xend-tools-debuginfo~4.3.4_10~56.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae\", rpm:\"kernel-pae~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base\", rpm:\"kernel-pae-base~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-base-debuginfo\", rpm:\"kernel-pae-base-debuginfo~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debuginfo\", rpm:\"kernel-pae-debuginfo~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-debugsource\", rpm:\"kernel-pae-debugsource~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-devel\", rpm:\"kernel-pae-devel~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-pae-devel-debuginfo\", rpm:\"kernel-pae-devel-debuginfo~3.11.10~32.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-pae\", rpm:\"cloop-kmp-pae~2.639_k3.11.10_32~11.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloop-kmp-pae-debuginfo\", rpm:\"cloop-kmp-pae-debuginfo~2.639_k3.11.10_32~11.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-pae\", rpm:\"crash-kmp-pae~7.0.2_k3.11.10_32~2.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"crash-kmp-pae-debuginfo\", rpm:\"crash-kmp-pae-debuginfo~7.0.2_k3.11.10_32~2.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-pae\", rpm:\"hdjmod-kmp-pae~1.28_k3.11.10_32~16.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"hdjmod-kmp-pae-debuginfo\", rpm:\"hdjmod-kmp-pae-debuginfo~1.28_k3.11.10_32~16.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-pae\", rpm:\"ipset-kmp-pae~6.21.1_k3.11.10_32~2.26.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ipset-kmp-pae-debuginfo\", rpm:\"ipset-kmp-pae-debuginfo~6.21.1_k3.11.10_32~2.26.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-pae\", rpm:\"iscsitarget-kmp-pae~1.4.20.3_k3.11.10_32~13.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"iscsitarget-kmp-pae-debuginfo\", rpm:\"iscsitarget-kmp-pae-debuginfo~1.4.20.3_k3.11.10_32~13.22.2\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-pae\", rpm:\"ndiswrapper-kmp-pae~1.58_k3.11.10_32~22.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"ndiswrapper-kmp-pae-debuginfo\", rpm:\"ndiswrapper-kmp-pae-debuginfo~1.58_k3.11.10_32~22.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-pae\", rpm:\"pcfclock-kmp-pae~0.44_k3.11.10_32~258.22.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pcfclock-kmp-pae-debuginfo\", rpm:\"pcfclock-kmp-pae-debuginfo~0.44_k3.11.10_32~258.22.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-pae\", rpm:\"vhba-kmp-pae~20130607_k3.11.10_32~2.23.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"vhba-kmp-pae-debuginfo\", rpm:\"vhba-kmp-pae-debuginfo~20130607_k3.11.10_32~2.23.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-pae\", rpm:\"virtualbox-guest-kmp-pae~4.2.36_k3.11.10_32~2.55.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-guest-kmp-pae-debuginfo\", rpm:\"virtualbox-guest-kmp-pae-debuginfo~4.2.36_k3.11.10_32~2.55.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-pae\", rpm:\"virtualbox-host-kmp-pae~4.2.36_k3.11.10_32~2.55.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"virtualbox-host-kmp-pae-debuginfo\", rpm:\"virtualbox-host-kmp-pae-debuginfo~4.2.36_k3.11.10_32~2.55.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-pae\", rpm:\"xen-kmp-pae~4.3.4_10_k3.11.10_32~56.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xen-kmp-pae-debuginfo\", rpm:\"xen-kmp-pae-debuginfo~4.3.4_10_k3.11.10_32~56.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-pae\", rpm:\"xtables-addons-kmp-pae~2.3_k3.11.10_32~2.22.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"xtables-addons-kmp-pae-debuginfo\", rpm:\"xtables-addons-kmp-pae-debuginfo~2.3_k3.11.10_32~2.22.1\", rls:\"openSUSE13.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2022-01-04T12:27:04", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux \nkernel incorrectly enables scatter/gather I/O. A remote attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-2117)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB \nover wifi device drivers in the Linux kernel. A remote attacker could use \nthis to cause a denial of service (system crash) or obtain potentially \nsensitive information from kernel memory. (CVE-2015-4004)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's \ntranslation lookaside buffer (TLB) handling of flush events. A local \nattacker could use this to cause a denial of service or possibly leak \nsensitive information. (CVE-2016-2069)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB \ndevice driver did not properly validate endpoint descriptors. An attacker \nwith physical access could use this to cause a denial of service (system \ncrash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would \nimproperly disable Address Space Layout Randomization (ASLR) for x86 \nprocesses running in 32 bit mode if stack-consumption resource limits were \ndisabled. A local attacker could use this to make it easier to exploit an \nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver \nin the Linux kernel did not cancel work events queued if a later error \noccurred, resulting in a use-after-free. An attacker with physical access \ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling \nincoming packets in the USB/IP implementation in the Linux kernel. A remote \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2016-3955)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 \nSupport implementations in the Linux kernel. A local attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket \ninterface (rtnetlink) implementation in the Linux kernel. A local attacker \ncould use this to obtain potentially sensitive information from kernel \nmemory. (CVE-2016-4486)\n\nIt was discovered that in some situations the Linux kernel did not handle \npropagated mounts correctly. A local unprivileged attacker could use this \nto cause a denial of service (system crash). (CVE-2016-4581)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-06-01T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3672", "CVE-2016-4485", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-2069", "CVE-2015-4004", "CVE-2016-4486", "CVE-2016-4581", "CVE-2016-2187", "CVE-2016-2117"], "modified": "2016-06-01T00:00:00", "id": "USN-2989-1", "href": "https://ubuntu.com/security/notices/USN-2989-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T12:26:57", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux \nkernel incorrectly enables scatter/gather I/O. A remote attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() \nhandler of a lower filesystem that did not implement one, causing a \nrecursive page fault to occur. A local unprivileged attacker could use to \ncause a denial of service (system crash) or possibly execute arbitrary code \nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB \nover wifi device drivers in the Linux kernel. A remote attacker could use \nthis to cause a denial of service (system crash) or obtain potentially \nsensitive information from kernel memory. (CVE-2015-4004)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's \ntranslation lookaside buffer (TLB) handling of flush events. A local \nattacker could use this to cause a denial of service or possibly leak \nsensitive information. (CVE-2016-2069)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB \ndevice driver did not properly validate endpoint descriptors. An attacker \nwith physical access could use this to cause a denial of service (system \ncrash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would \nimproperly disable Address Space Layout Randomization (ASLR) for x86 \nprocesses running in 32 bit mode if stack-consumption resource limits were \ndisabled. A local attacker could use this to make it easier to exploit an \nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver \nin the Linux kernel did not cancel work events queued if a later error \noccurred, resulting in a use-after-free. An attacker with physical access \ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling \nincoming packets in the USB/IP implementation in the Linux kernel. A remote \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2016-3955)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 \nSupport implementations in the Linux kernel. A local attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket \ninterface (rtnetlink) implementation in the Linux kernel. A local attacker \ncould use this to obtain potentially sensitive information from kernel \nmemory. (CVE-2016-4486)\n\nIt was discovered that in some situations the Linux kernel did not handle \npropagated mounts correctly. A local unprivileged attacker could use this \nto cause a denial of service (system crash). (CVE-2016-4581)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-06-10T00:00:00", "type": "ubuntu", "title": "Linux kernel (Trusty HWE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3672", "CVE-2016-4485", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-2069", "CVE-2016-2117", "CVE-2015-4004", "CVE-2016-4486", "CVE-2016-4581", "CVE-2016-2187", "CVE-2016-1583"], "modified": "2016-06-10T00:00:00", "id": "USN-2998-1", "href": "https://ubuntu.com/security/notices/USN-2998-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T12:26:30", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux \nkernel incorrectly enables scatter/gather I/O. A remote attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() \nhandler of a lower filesystem that did not implement one, causing a \nrecursive page fault to occur. A local unprivileged attacker could use to \ncause a denial of service (system crash) or possibly execute arbitrary code \nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB \nover wifi device drivers in the Linux kernel. A remote attacker could use \nthis to cause a denial of service (system crash) or obtain potentially \nsensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB \ndevice driver did not properly validate endpoint descriptors. An attacker \nwith physical access could use this to cause a denial of service (system \ncrash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would \nimproperly disable Address Space Layout Randomization (ASLR) for x86 \nprocesses running in 32 bit mode if stack-consumption resource limits were \ndisabled. A local attacker could use this to make it easier to exploit an \nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver \nin the Linux kernel did not cancel work events queued if a later error \noccurred, resulting in a use-after-free. An attacker with physical access \ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling \nincoming packets in the USB/IP implementation in the Linux kernel. A remote \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress \nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest \nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 \nSupport implementations in the Linux kernel. A local attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket \ninterface (rtnetlink) implementation in the Linux kernel. A local attacker \ncould use this to obtain potentially sensitive information from kernel \nmemory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel \ncould be coerced into overwriting kernel memory. A local unprivileged \nattacker could use this to possibly gain administrative privileges on \nsystems where InifiniBand related kernel modules are loaded. \n(CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle \npropagated mounts correctly. A local unprivileged attacker could use this \nto cause a denial of service (system crash). (CVE-2016-4581)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-06-10T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3672", "CVE-2016-4485", "CVE-2016-3961", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-2117", "CVE-2016-4565", "CVE-2015-4004", "CVE-2016-4486", "CVE-2016-4581", "CVE-2016-2187", "CVE-2016-1583"], "modified": "2016-06-10T00:00:00", "id": "USN-3003-1", "href": "https://ubuntu.com/security/notices/USN-3003-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T12:26:37", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux \nkernel incorrectly enables scatter/gather I/O. A remote attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() \nhandler of a lower filesystem that did not implement one, causing a \nrecursive page fault to occur. A local unprivileged attacker could use to \ncause a denial of service (system crash) or possibly execute arbitrary code \nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB \nover wifi device drivers in the Linux kernel. A remote attacker could use \nthis to cause a denial of service (system crash) or obtain potentially \nsensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB \ndevice driver did not properly validate endpoint descriptors. An attacker \nwith physical access could use this to cause a denial of service (system \ncrash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would \nimproperly disable Address Space Layout Randomization (ASLR) for x86 \nprocesses running in 32 bit mode if stack-consumption resource limits were \ndisabled. A local attacker could use this to make it easier to exploit an \nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver \nin the Linux kernel did not cancel work events queued if a later error \noccurred, resulting in a use-after-free. An attacker with physical access \ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling \nincoming packets in the USB/IP implementation in the Linux kernel. A remote \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress \nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest \nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 \nSupport implementations in the Linux kernel. A local attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket \ninterface (rtnetlink) implementation in the Linux kernel. A local attacker \ncould use this to obtain potentially sensitive information from kernel \nmemory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel \ncould be coerced into overwriting kernel memory. A local unprivileged \nattacker could use this to possibly gain administrative privileges on \nsystems where InifiniBand related kernel modules are loaded. \n(CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle \npropagated mounts correctly. A local unprivileged attacker could use this \nto cause a denial of service (system crash). (CVE-2016-4581)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-06-10T00:00:00", "type": "ubuntu", "title": "Linux kernel (Vivid HWE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3672", "CVE-2016-4485", "CVE-2016-3961", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-2117", "CVE-2016-4565", "CVE-2015-4004", "CVE-2016-4486", "CVE-2016-4581", "CVE-2016-2187", "CVE-2016-1583"], "modified": "2016-06-10T00:00:00", "id": "USN-3001-1", "href": "https://ubuntu.com/security/notices/USN-3001-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T12:26:32", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux \nkernel incorrectly enables scatter/gather I/O. A remote attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() \nhandler of a lower filesystem that did not implement one, causing a \nrecursive page fault to occur. A local unprivileged attacker could use to \ncause a denial of service (system crash) or possibly execute arbitrary code \nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB \nover wifi device drivers in the Linux kernel. A remote attacker could use \nthis to cause a denial of service (system crash) or obtain potentially \nsensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB \ndevice driver did not properly validate endpoint descriptors. An attacker \nwith physical access could use this to cause a denial of service (system \ncrash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would \nimproperly disable Address Space Layout Randomization (ASLR) for x86 \nprocesses running in 32 bit mode if stack-consumption resource limits were \ndisabled. A local attacker could use this to make it easier to exploit an \nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver \nin the Linux kernel did not cancel work events queued if a later error \noccurred, resulting in a use-after-free. An attacker with physical access \ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling \nincoming packets in the USB/IP implementation in the Linux kernel. A remote \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress \nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest \nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 \nSupport implementations in the Linux kernel. A local attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket \ninterface (rtnetlink) implementation in the Linux kernel. A local attacker \ncould use this to obtain potentially sensitive information from kernel \nmemory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel \ncould be coerced into overwriting kernel memory. A local unprivileged \nattacker could use this to possibly gain administrative privileges on \nsystems where InifiniBand related kernel modules are loaded. \n(CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle \npropagated mounts correctly. A local unprivileged attacker could use this \nto cause a denial of service (system crash). (CVE-2016-4581)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-06-10T00:00:00", "type": "ubuntu", "title": "Linux kernel (Raspberry Pi 2) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3672", "CVE-2016-4485", "CVE-2016-3961", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-2117", "CVE-2016-4565", "CVE-2015-4004", "CVE-2016-4486", "CVE-2016-4581", "CVE-2016-2187", "CVE-2016-1583"], "modified": "2016-06-10T00:00:00", "id": "USN-3004-1", "href": "https://ubuntu.com/security/notices/USN-3004-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T12:26:35", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux \nkernel incorrectly enables scatter/gather I/O. A remote attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() \nhandler of a lower filesystem that did not implement one, causing a \nrecursive page fault to occur. A local unprivileged attacker could use to \ncause a denial of service (system crash) or possibly execute arbitrary code \nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB \nover wifi device drivers in the Linux kernel. A remote attacker could use \nthis to cause a denial of service (system crash) or obtain potentially \nsensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB \ndevice driver did not properly validate endpoint descriptors. An attacker \nwith physical access could use this to cause a denial of service (system \ncrash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would \nimproperly disable Address Space Layout Randomization (ASLR) for x86 \nprocesses running in 32 bit mode if stack-consumption resource limits were \ndisabled. A local attacker could use this to make it easier to exploit an \nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver \nin the Linux kernel did not cancel work events queued if a later error \noccurred, resulting in a use-after-free. An attacker with physical access \ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling \nincoming packets in the USB/IP implementation in the Linux kernel. A remote \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress \nhugetlbfs support in X86 paravirtualized guests. An attacker in the guest \nOS could cause a denial of service (guest system crash). (CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 \nSupport implementations in the Linux kernel. A local attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket \ninterface (rtnetlink) implementation in the Linux kernel. A local attacker \ncould use this to obtain potentially sensitive information from kernel \nmemory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel \ncould be coerced into overwriting kernel memory. A local unprivileged \nattacker could use this to possibly gain administrative privileges on \nsystems where InifiniBand related kernel modules are loaded. \n(CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle \npropagated mounts correctly. A local unprivileged attacker could use this \nto cause a denial of service (system crash). (CVE-2016-4581)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-06-10T00:00:00", "type": "ubuntu", "title": "Linux kernel (Wily HWE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3672", "CVE-2016-4485", "CVE-2016-3961", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-2117", "CVE-2016-4565", "CVE-2015-4004", "CVE-2016-4486", "CVE-2016-4581", "CVE-2016-2187", "CVE-2016-1583"], "modified": "2016-06-10T00:00:00", "id": "USN-3002-1", "href": "https://ubuntu.com/security/notices/USN-3002-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T12:26:43", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux \nkernel incorrectly enables scatter/gather I/O. A remote attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() \nhandler of a lower filesystem that did not implement one, causing a \nrecursive page fault to occur. A local unprivileged attacker could use to \ncause a denial of service (system crash) or possibly execute arbitrary code \nwith administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB \nover wifi device drivers in the Linux kernel. A remote attacker could use \nthis to cause a denial of service (system crash) or obtain potentially \nsensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB \ndevice driver did not properly validate endpoint descriptors. An attacker \nwith physical access could use this to cause a denial of service (system \ncrash). (CVE-2016-2187)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the \nMCT USB RS232 Converter device driver in the Linux kernel did not properly \nvalidate USB device descriptors. An attacker with physical access could use \nthis to cause a denial of service (system crash). (CVE-2016-3136)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the \nCypress M8 USB device driver in the Linux kernel did not properly validate \nUSB device descriptors. An attacker with physical access could use this to \ncause a denial of service (system crash). (CVE-2016-3137)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the \nLinux kernel's USB driver for Digi AccelePort serial converters did not \nproperly validate USB device descriptors. An attacker with physical access \ncould use this to cause a denial of service (system crash). (CVE-2016-3140)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would \nimproperly disable Address Space Layout Randomization (ASLR) for x86 \nprocesses running in 32 bit mode if stack-consumption resource limits were \ndisabled. A local attacker could use this to make it easier to exploit an \nexisting vulnerability in a setuid/setgid program. (CVE-2016-3672)\n\nIt was discovered that the Linux kernel's USB driver for IMS Passenger \nControl Unit devices did not properly validate the device's interfaces. An \nattacker with physical access could use this to cause a denial of service \n(system crash). (CVE-2016-3689)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver \nin the Linux kernel did not cancel work events queued if a later error \noccurred, resulting in a use-after-free. An attacker with physical access \ncould use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling \nincoming packets in the USB/IP implementation in the Linux kernel. A remote \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2016-3955)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 \nSupport implementations in the Linux kernel. A local attacker could use \nthis to obtain potentially sensitive information from kernel memory. \n(CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket \ninterface (rtnetlink) implementation in the Linux kernel. A local attacker \ncould use this to obtain potentially sensitive information from kernel \nmemory. (CVE-2016-4486)\n\nIt was discovered that in some situations the Linux kernel did not handle \npropagated mounts correctly. A local unprivileged attacker could use this \nto cause a denial of service (system crash). (CVE-2016-4581)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-06-10T00:00:00", "type": "ubuntu", "title": "Linux kernel (Utopic HWE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3137", "CVE-2016-3672", "CVE-2016-4485", "CVE-2016-3136", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-2117", "CVE-2015-4004", "CVE-2016-3140", "CVE-2016-4486", "CVE-2016-4581", "CVE-2016-2187", "CVE-2016-3689", "CVE-2016-1583"], "modified": "2016-06-10T00:00:00", "id": "USN-3000-1", "href": "https://ubuntu.com/security/notices/USN-3000-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-08-19T12:41:47", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2015-4004)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's translation lookaside buffer (TLB) handling of flush events. A local attacker could use this to cause a denial of service or possibly leak sensitive information. (CVE-2016-2069)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486)\n\nIt was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-06-01T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux vulnerabilities (USN-2989-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4004", "CVE-2016-2069", "CVE-2016-2117", "CVE-2016-2187", "CVE-2016-3672", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4581"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2989-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91425", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2989-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91425);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2019/09/18 12:31:45\");\n\n script_cve_id(\"CVE-2015-4004\", \"CVE-2016-2069\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4581\");\n script_xref(name:\"USN\", value:\"2989-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux vulnerabilities (USN-2989-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO\nUSB over wifi device drivers in the Linux kernel. A remote attacker\ncould use this to cause a denial of service (system crash) or obtain\npotentially sensitive information from kernel memory. (CVE-2015-4004)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's\ntranslation lookaside buffer (TLB) handling of flush events. A local\nattacker could use this to cause a denial of service or possibly leak\nsensitive information. (CVE-2016-2069)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits\nwere disabled. A local attacker could use this to make it easier to\nexploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB\ndriver in the Linux kernel did not cancel work events queued if a\nlater error occurred, resulting in a use-after-free. An attacker with\nphysical access could use this to cause a denial of service (system\ncrash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when\nhandling incoming packets in the USB/IP implementation in the Linux\nkernel. A remote attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2989-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.13-generic,\nlinux-image-3.13-generic-lpae and / or linux-image-3.13-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-4004\", \"CVE-2016-2069\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2989-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-87-generic\", pkgver:\"3.13.0-87.133\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-87-generic-lpae\", pkgver:\"3.13.0-87.133\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-87-lowlatency\", pkgver:\"3.13.0-87.133\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-11T16:11:56", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2015-4004)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's translation lookaside buffer (TLB) handling of flush events. A local attacker could use this to cause a denial of service or possibly leak sensitive information. (CVE-2016-2069)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486)\n\nIt was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-06-10T00:00:00", "type": "nessus", "title": "Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2998-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4004", "CVE-2016-1583", "CVE-2016-2069", "CVE-2016-2117", "CVE-2016-2187", "CVE-2016-3672", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4581"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2998-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91560", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2998-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91560);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2019/09/18 12:31:45\");\n\n script_cve_id(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2069\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4581\");\n script_xref(name:\"USN\", value:\"2998-1\");\n\n script_name(english:\"Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2998-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the\nmmap() handler of a lower filesystem that did not implement one,\ncausing a recursive page fault to occur. A local unprivileged attacker\ncould use to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO\nUSB over wifi device drivers in the Linux kernel. A remote attacker\ncould use this to cause a denial of service (system crash) or obtain\npotentially sensitive information from kernel memory. (CVE-2015-4004)\n\nAndy Lutomirski discovered a race condition in the Linux kernel's\ntranslation lookaside buffer (TLB) handling of flush events. A local\nattacker could use this to cause a denial of service or possibly leak\nsensitive information. (CVE-2016-2069)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits\nwere disabled. A local attacker could use this to make it easier to\nexploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB\ndriver in the Linux kernel did not cancel work events queued if a\nlater error occurred, resulting in a use-after-free. An attacker with\nphysical access could use this to cause a denial of service (system\ncrash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when\nhandling incoming packets in the USB/IP implementation in the Linux\nkernel. A remote attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2998-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.13-generic and / or\nlinux-image-3.13-generic-lpae packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(12\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 12.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2069\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-2998-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-88-generic\", pkgver:\"3.13.0-88.135~precise1\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"linux-image-3.13.0-88-generic-lpae\", pkgver:\"3.13.0-88.135~precise1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-11T16:11:57", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. An attacker in the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel could be coerced into overwriting kernel memory. A local unprivileged attacker could use this to possibly gain administrative privileges on systems where InifiniBand related kernel modules are loaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-06-10T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-vivid vulnerabilities (USN-3001-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4004", "CVE-2016-1583", "CVE-2016-2117", "CVE-2016-2187", "CVE-2016-3672", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-3961", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4565", "CVE-2016-4581"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3001-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91563", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3001-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91563);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2019/09/18 12:31:45\");\n\n script_cve_id(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_xref(name:\"USN\", value:\"3001-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-vivid vulnerabilities (USN-3001-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the\nmmap() handler of a lower filesystem that did not implement one,\ncausing a recursive page fault to occur. A local unprivileged attacker\ncould use to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO\nUSB over wifi device drivers in the Linux kernel. A remote attacker\ncould use this to cause a denial of service (system crash) or obtain\npotentially sensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits\nwere disabled. A local attacker could use this to make it easier to\nexploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB\ndriver in the Linux kernel did not cancel work events queued if a\nlater error occurred, resulting in a use-after-free. An attacker with\nphysical access could use this to cause a denial of service (system\ncrash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when\nhandling incoming packets in the USB/IP implementation in the Linux\nkernel. A remote attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly\nsuppress hugetlbfs support in X86 paravirtualized guests. An attacker\nin the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux\nkernel could be coerced into overwriting kernel memory. A local\nunprivileged attacker could use this to possibly gain administrative\nprivileges on systems where InifiniBand related kernel modules are\nloaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3001-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.19-generic,\nlinux-image-3.19-generic-lpae and / or linux-image-3.19-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.19-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3001-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.19.0-61-generic\", pkgver:\"3.19.0-61.69~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.19.0-61-generic-lpae\", pkgver:\"3.19.0-61.69~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.19.0-61-lowlatency\", pkgver:\"3.19.0-61.69~14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.19-generic / linux-image-3.19-generic-lpae / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-11T16:11:09", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. An attacker in the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel could be coerced into overwriting kernel memory. A local unprivileged attacker could use this to possibly gain administrative privileges on systems where InifiniBand related kernel modules are loaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-06-10T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-wily vulnerabilities (USN-3002-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4004", "CVE-2016-1583", "CVE-2016-2117", "CVE-2016-2187", "CVE-2016-3672", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-3961", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4565", "CVE-2016-4581"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3002-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91564", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3002-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91564);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2019/09/18 12:31:45\");\n\n script_cve_id(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_xref(name:\"USN\", value:\"3002-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-wily vulnerabilities (USN-3002-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the\nmmap() handler of a lower filesystem that did not implement one,\ncausing a recursive page fault to occur. A local unprivileged attacker\ncould use to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO\nUSB over wifi device drivers in the Linux kernel. A remote attacker\ncould use this to cause a denial of service (system crash) or obtain\npotentially sensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits\nwere disabled. A local attacker could use this to make it easier to\nexploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB\ndriver in the Linux kernel did not cancel work events queued if a\nlater error occurred, resulting in a use-after-free. An attacker with\nphysical access could use this to cause a denial of service (system\ncrash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when\nhandling incoming packets in the USB/IP implementation in the Linux\nkernel. A remote attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly\nsuppress hugetlbfs support in X86 paravirtualized guests. An attacker\nin the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux\nkernel could be coerced into overwriting kernel memory. A local\nunprivileged attacker could use this to possibly gain administrative\nprivileges on systems where InifiniBand related kernel modules are\nloaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3002-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-4.2-generic,\nlinux-image-4.2-generic-lpae and / or linux-image-4.2-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3002-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.2.0-38-generic\", pkgver:\"4.2.0-38.45~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.2.0-38-generic-lpae\", pkgver:\"4.2.0-38.45~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-4.2.0-38-lowlatency\", pkgver:\"4.2.0-38.45~14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.2-generic / linux-image-4.2-generic-lpae / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-11T16:11:56", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. An attacker in the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel could be coerced into overwriting kernel memory. A local unprivileged attacker could use this to possibly gain administrative privileges on systems where InifiniBand related kernel modules are loaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-06-10T00:00:00", "type": "nessus", "title": "Ubuntu 15.10 : linux-raspi2 vulnerabilities (USN-3004-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4004", "CVE-2016-1583", "CVE-2016-2117", "CVE-2016-2187", "CVE-2016-3672", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-3961", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4565", "CVE-2016-4581"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-raspi2", "cpe:/o:canonical:ubuntu_linux:15.10"], "id": "UBUNTU_USN-3004-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91566", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3004-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91566);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2019/09/18 12:31:45\");\n\n script_cve_id(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_xref(name:\"USN\", value:\"3004-1\");\n\n script_name(english:\"Ubuntu 15.10 : linux-raspi2 vulnerabilities (USN-3004-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the\nmmap() handler of a lower filesystem that did not implement one,\ncausing a recursive page fault to occur. A local unprivileged attacker\ncould use to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO\nUSB over wifi device drivers in the Linux kernel. A remote attacker\ncould use this to cause a denial of service (system crash) or obtain\npotentially sensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits\nwere disabled. A local attacker could use this to make it easier to\nexploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB\ndriver in the Linux kernel did not cancel work events queued if a\nlater error occurred, resulting in a use-after-free. An attacker with\nphysical access could use this to cause a denial of service (system\ncrash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when\nhandling incoming packets in the USB/IP implementation in the Linux\nkernel. A remote attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly\nsuppress hugetlbfs support in X86 paravirtualized guests. An attacker\nin the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux\nkernel could be coerced into overwriting kernel memory. A local\nunprivileged attacker could use this to possibly gain administrative\nprivileges on systems where InifiniBand related kernel modules are\nloaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3004-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected linux-image-4.2-raspi2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(15\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 15.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3004-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"15.10\", pkgname:\"linux-image-4.2.0-1031-raspi2\", pkgver:\"4.2.0-1031.41\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.2-raspi2\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-11T16:11:56", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. An attacker in the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel could be coerced into overwriting kernel memory. A local unprivileged attacker could use this to possibly gain administrative privileges on systems where InifiniBand related kernel modules are loaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-06-10T00:00:00", "type": "nessus", "title": "Ubuntu 15.10 : linux vulnerabilities (USN-3003-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4004", "CVE-2016-1583", "CVE-2016-2117", "CVE-2016-2187", "CVE-2016-3672", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-3961", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4565", "CVE-2016-4581"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-lowlatency", "cpe:/o:canonical:ubuntu_linux:15.10"], "id": "UBUNTU_USN-3003-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91565", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3003-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91565);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2019/09/18 12:31:45\");\n\n script_cve_id(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n script_xref(name:\"USN\", value:\"3003-1\");\n\n script_name(english:\"Ubuntu 15.10 : linux vulnerabilities (USN-3003-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the\nmmap() handler of a lower filesystem that did not implement one,\ncausing a recursive page fault to occur. A local unprivileged attacker\ncould use to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO\nUSB over wifi device drivers in the Linux kernel. A remote attacker\ncould use this to cause a denial of service (system crash) or obtain\npotentially sensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits\nwere disabled. A local attacker could use this to make it easier to\nexploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB\ndriver in the Linux kernel did not cancel work events queued if a\nlater error occurred, resulting in a use-after-free. An attacker with\nphysical access could use this to cause a denial of service (system\ncrash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when\nhandling incoming packets in the USB/IP implementation in the Linux\nkernel. A remote attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly\nsuppress hugetlbfs support in X86 paravirtualized guests. An attacker\nin the guest OS could cause a denial of service (guest system crash).\n(CVE-2016-3961)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nJann Horn discovered that the InfiniBand interfaces within the Linux\nkernel could be coerced into overwriting kernel memory. A local\nunprivileged attacker could use this to possibly gain administrative\nprivileges on systems where InifiniBand related kernel modules are\nloaded. (CVE-2016-4565)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3003-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-4.2-generic,\nlinux-image-4.2-generic-lpae and / or linux-image-4.2-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.2-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:15.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(15\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 15.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3672\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-3961\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4565\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3003-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"15.10\", pkgname:\"linux-image-4.2.0-38-generic\", pkgver:\"4.2.0-38.45\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"linux-image-4.2.0-38-generic-lpae\", pkgver:\"4.2.0-38.45\")) flag++;\nif (ubuntu_check(osver:\"15.10\", pkgname:\"linux-image-4.2.0-38-lowlatency\", pkgver:\"4.2.0-38.45\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.2-generic / linux-image-4.2-generic-lpae / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-11T16:12:41", "description": "Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-2187)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the MCT USB RS232 Converter device driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3136)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the Cypress M8 USB device driver in the Linux kernel did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash).\n(CVE-2016-3137)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered that the Linux kernel's USB driver for Digi AccelePort serial converters did not properly validate USB device descriptors. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3140)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nIt was discovered that the Linux kernel's USB driver for IMS Passenger Control Unit devices did not properly validate the device's interfaces. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3689)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. (CVE-2016-4486)\n\nIt was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-06-10T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-3000-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4004", "CVE-2016-1583", "CVE-2016-2117", "CVE-2016-2187", "CVE-2016-3136", "CVE-2016-3137", "CVE-2016-3140", "CVE-2016-3672", "CVE-2016-3689", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-4486", "CVE-2016-4581"], "modified": "2019-09-18T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3000-1.NASL", "href": "https://www.tenable.com/plugins/nessus/91562", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3000-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(91562);\n script_version(\"2.11\");\n script_cvs_date(\"Date: 2019/09/18 12:31:45\");\n\n script_cve_id(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3136\", \"CVE-2016-3137\", \"CVE-2016-3140\", \"CVE-2016-3672\", \"CVE-2016-3689\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4581\");\n script_xref(name:\"USN\", value:\"3000-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-3000-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Justin Yackoski discovered that the Atheros L2 Ethernet Driver in the\nLinux kernel incorrectly enables scatter/gather I/O. A remote attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-2117)\n\nJann Horn discovered that eCryptfs improperly attempted to use the\nmmap() handler of a lower filesystem that did not implement one,\ncausing a recursive page fault to occur. A local unprivileged attacker\ncould use to cause a denial of service (system crash) or possibly\nexecute arbitrary code with administrative privileges. (CVE-2016-1583)\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO\nUSB over wifi device drivers in the Linux kernel. A remote attacker\ncould use this to cause a denial of service (system crash) or obtain\npotentially sensitive information from kernel memory. (CVE-2015-4004)\n\nRalf Spenneberg discovered that the Linux kernel's GTCO digitizer USB\ndevice driver did not properly validate endpoint descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-2187)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered\nthat the MCT USB RS232 Converter device driver in the Linux kernel did\nnot properly validate USB device descriptors. An attacker with\nphysical access could use this to cause a denial of service (system\ncrash). (CVE-2016-3136)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered\nthat the Cypress M8 USB device driver in the Linux kernel did not\nproperly validate USB device descriptors. An attacker with physical\naccess could use this to cause a denial of service (system crash).\n(CVE-2016-3137)\n\nSergej Schumilo, Hendrik Schwartke, and Ralf Spenneberg discovered\nthat the Linux kernel's USB driver for Digi AccelePort serial\nconverters did not properly validate USB device descriptors. An\nattacker with physical access could use this to cause a denial of\nservice (system crash). (CVE-2016-3140)\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would\nimproperly disable Address Space Layout Randomization (ASLR) for x86\nprocesses running in 32 bit mode if stack-consumption resource limits\nwere disabled. A local attacker could use this to make it easier to\nexploit an existing vulnerability in a setuid/setgid program.\n(CVE-2016-3672)\n\nIt was discovered that the Linux kernel's USB driver for IMS Passenger\nControl Unit devices did not properly validate the device's\ninterfaces. An attacker with physical access could use this to cause a\ndenial of service (system crash). (CVE-2016-3689)\n\nAndrey Konovalov discovered that the CDC Network Control Model USB\ndriver in the Linux kernel did not cancel work events queued if a\nlater error occurred, resulting in a use-after-free. An attacker with\nphysical access could use this to cause a denial of service (system\ncrash). (CVE-2016-3951)\n\nIt was discovered that an out-of-bounds write could occur when\nhandling incoming packets in the USB/IP implementation in the Linux\nkernel. A remote attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2016-3955)\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC\ntype 2 Support implementations in the Linux kernel. A local attacker\ncould use this to obtain potentially sensitive information from kernel\nmemory. (CVE-2016-4485)\n\nKangjie Lu discovered an information leak in the routing netlink\nsocket interface (rtnetlink) implementation in the Linux kernel. A\nlocal attacker could use this to obtain potentially sensitive\ninformation from kernel memory. (CVE-2016-4486)\n\nIt was discovered that in some situations the Linux kernel did not\nhandle propagated mounts correctly. A local unprivileged attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2016-4581).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3000-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected linux-image-3.16-generic,\nlinux-image-3.16-generic-lpae and / or linux-image-3.16-lowlatency\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.16-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2016-2019 Canonical, Inc. / NASL script (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2015-4004\", \"CVE-2016-1583\", \"CVE-2016-2117\", \"CVE-2016-2187\", \"CVE-2016-3136\", \"CVE-2016-3137\", \"CVE-2016-3140\", \"CVE-2016-3672\", \"CVE-2016-3689\", \"CVE-2016-3951\", \"CVE-2016-3955\", \"CVE-2016-4485\", \"CVE-2016-4486\", \"CVE-2016-4581\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3000-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-73-generic\", pkgver:\"3.16.0-73.95~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-73-generic-lpae\", pkgver:\"3.16.0-73.95~14.04.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.16.0-73-lowlatency\", pkgver:\"3.16.0-73.95~14.04.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.16-generic / linux-image-3.16-generic-lpae / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-28T13:14:26", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - A use-after-free vulnerability was found in DCCP socket code affecting the Linux kernel since 2.6.16. This vulnerability could allow an attacker to their escalate privileges.(CVE-2017-8824i1/4%0\n\n - The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.(CVE-2015-4004i1/4%0\n\n - Integer signedness error in the MSM V4L2 video driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (array overflow and memory corruption) via a crafted application that triggers an msm_isp_axi_create_stream call.(CVE-2016-2061i1/4%0\n\n - A denial of service flaw was found in the way the Linux kernel's XFS file system implementation ordered directory hashes under certain conditions. A local attacker could use this flaw to corrupt the file system by creating directories with colliding hash values, potentially resulting in a system crash.(CVE-2014-7283i1/4%0\n\n - It was found that the Linux kernel's ping socket implementation did not properly handle socket unhashing during spurious disconnects, which could lead to a use-after-free flaw. On x86-64 architecture systems, a local user able to create ping sockets could use this flaw to crash the system. On non-x86-64 architecture systems, a local user able to create ping sockets could use this flaw to escalate their privileges on the system.(CVE-2015-3636i1/4%0\n\n - Incorrect buffer length handling was found in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel, which could be exploited by malicious NCPFS servers to crash the kernel or possibly execute an arbitrary code.(CVE-2018-8822i1/4%0\n\n - ** DISPUTED ** Kernel Samepage Merging (KSM) in the Linux kernel 2.6.32 through 4.x does not prevent use of a write-timing side channel, which allows guest OS users to defeat the ASLR protection mechanism on other guest OS instances via a Cross-VM ASL INtrospection (CAIN) attack. NOTE: the vendor states 'Basically if you care about this attack vector, disable deduplication.' Share-until-written approaches for memory conservation among mutually untrusting tenants are inherently detectable for information disclosure, and can be classified as potentially misunderstood behaviors rather than vulnerabilities.(CVE-2015-2877i1/4%0\n\n - The tty_set_termios_ldisc() function in 'drivers/tty/tty_ldisc.c' in the Linux kernel before 4.5 allows local users to obtain sensitive information from kernel memory by reading a tty data structure.(CVE-2015-8964i1/4%0\n\n - An issue was discovered in the Linux kernel through 4.17.2. vbg_misc_device_ioctl() in drivers/virt/vboxguest/vboxguest_linux.c reads the same user data twice with copy_from_user. The header part of the user data is double-fetched, and a malicious user thread can tamper with the critical variables (hdr.size_in and hdr.size_out) in the header between the two fetches because of a race condition, leading to severe kernel errors, such as buffer over-accesses.\n This bug can cause a local denial of service and information leakage.(CVE-2018-12633i1/4%0\n\n - ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2018-1092i1/4%0\n\n - fs/f2fs/extent_cache.c in the Linux kernel, before 4.13, mishandles extent trees. This allows local users to cause a denial of service via an application with multiple threads.(CVE-2017-18193i1/4%0\n\n - A design flaw was found in the file extended attribute handling of the Linux kernel's handling of cached attributes. Too many entries in the cache cause a soft lockup while attempting to iterate the cache and access relevant locks.(CVE-2015-8952i1/4%0\n\n - Off-by-one error in the pipe_advance function in lib/iov_iter.c in the Linux kernel before 4.9.5 allows local users to obtain sensitive information from uninitialized heap-memory locations in opportunistic circumstances by reading from a pipe after an incorrect buffer-release decision.(CVE-2017-5550i1/4%0\n\n - The HMAC implementation (crypto/hmac.c) in the Linux kernel, before 4.14.8, does not validate that the underlying cryptographic hash algorithm is unkeyed.\n This allows a local attacker, able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3), to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization.(CVE-2017-17806i1/4%0\n\n - The mp_get_count function in drivers/staging/sb105x/sb_pci_mp.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a TIOCGICOUNT ioctl call.(CVE-2013-4516i1/4%0\n\n - The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation.(CVE-2017-18255i1/4%0\n\n - An issue was discovered in the btrfs filesystem code in the Linux kernel. An invalid pointer dereference in\n __del_reloc_root() in fs/btrfs/relocation.c when mounting a crafted btrfs image could lead to a system crash and a denial of service.(CVE-2018-14609i1/4%0\n\n - The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet.(CVE-2015-4003i1/4%0\n\n - drivers/hid/hid-logitech-dj.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_LOGITECH_DJ is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) or obtain sensitive information from kernel memory via a crafted device.(CVE-2013-2895i1/4%0\n\n - drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device without both an interrupt-in and an interrupt-out endpoint descriptor, related to the cypress_generic_port_probe and cypress_open functions.(CVE-2016-3137i1/4%0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2019-05-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1476)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-2895", "CVE-2013-4516", "CVE-2014-7283", "CVE-2015-2877", "CVE-2015-3636", "CVE-2015-4003", "CVE-2015-4004", "CVE-2015-8952", "CVE-2015-8964", "CVE-2016-2061", "CVE-2016-3137", "CVE-2017-17806", "CVE-2017-18193", "CVE-2017-18255", "CVE-2017-5550", "CVE-2017-8824", "CVE-2018-1092", "CVE-2018-12633", "CVE-2018-14609", "CVE-2018-8822"], "modified": "2021-02-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1476.NASL", "href": "https://www.tenable.com/plugins/nessus/124800", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124800);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/09\");\n\n script_cve_id(\n \"CVE-2013-2895\",\n \"CVE-2013-4516\",\n \"CVE-2014-7283\",\n \"CVE-2015-2877\",\n \"CVE-2015-3636\",\n \"CVE-2015-4003\",\n \"CVE-2015-4004\",\n \"CVE-2015-8952\",\n \"CVE-2015-8964\",\n \"CVE-2016-2061\",\n \"CVE-2016-3137\",\n \"CVE-2017-17806\",\n \"CVE-2017-18193\",\n \"CVE-2017-18255\",\n \"CVE-2017-5550\",\n \"CVE-2017-8824\",\n \"CVE-2018-1092\",\n \"CVE-2018-12633\",\n \"CVE-2018-14609\",\n \"CVE-2018-8822\"\n );\n script_bugtraq_id(\n 62045,\n 63519,\n 70261,\n 74450,\n 74668\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1476)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - A use-after-free vulnerability was found in DCCP socket\n code affecting the Linux kernel since 2.6.16. This\n vulnerability could allow an attacker to their escalate\n privileges.(CVE-2017-8824i1/4%0\n\n - The OZWPAN driver in the Linux kernel through 4.0.5\n relies on an untrusted length field during packet\n parsing, which allows remote attackers to obtain\n sensitive information from kernel memory or cause a\n denial of service (out-of-bounds read and system crash)\n via a crafted packet.(CVE-2015-4004i1/4%0\n\n - Integer signedness error in the MSM V4L2 video driver\n for the Linux kernel 3.x, as used in Qualcomm\n Innovation Center (QuIC) Android contributions for MSM\n devices and other products, allows attackers to gain\n privileges or cause a denial of service (array overflow\n and memory corruption) via a crafted application that\n triggers an msm_isp_axi_create_stream\n call.(CVE-2016-2061i1/4%0\n\n - A denial of service flaw was found in the way the Linux\n kernel's XFS file system implementation ordered\n directory hashes under certain conditions. A local\n attacker could use this flaw to corrupt the file system\n by creating directories with colliding hash values,\n potentially resulting in a system\n crash.(CVE-2014-7283i1/4%0\n\n - It was found that the Linux kernel's ping socket\n implementation did not properly handle socket unhashing\n during spurious disconnects, which could lead to a\n use-after-free flaw. On x86-64 architecture systems, a\n local user able to create ping sockets could use this\n flaw to crash the system. On non-x86-64 architecture\n systems, a local user able to create ping sockets could\n use this flaw to escalate their privileges on the\n system.(CVE-2015-3636i1/4%0\n\n - Incorrect buffer length handling was found in the\n ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in\n the Linux kernel, which could be exploited by malicious\n NCPFS servers to crash the kernel or possibly execute\n an arbitrary code.(CVE-2018-8822i1/4%0\n\n - ** DISPUTED ** Kernel Samepage Merging (KSM) in the\n Linux kernel 2.6.32 through 4.x does not prevent use of\n a write-timing side channel, which allows guest OS\n users to defeat the ASLR protection mechanism on other\n guest OS instances via a Cross-VM ASL INtrospection\n (CAIN) attack. NOTE: the vendor states 'Basically if\n you care about this attack vector, disable\n deduplication.' Share-until-written approaches for\n memory conservation among mutually untrusting tenants\n are inherently detectable for information disclosure,\n and can be classified as potentially misunderstood\n behaviors rather than vulnerabilities.(CVE-2015-2877i1/4%0\n\n - The tty_set_termios_ldisc() function in\n 'drivers/tty/tty_ldisc.c' in the Linux kernel before\n 4.5 allows local users to obtain sensitive information\n from kernel memory by reading a tty data\n structure.(CVE-2015-8964i1/4%0\n\n - An issue was discovered in the Linux kernel through\n 4.17.2. vbg_misc_device_ioctl() in\n drivers/virt/vboxguest/vboxguest_linux.c reads the same\n user data twice with copy_from_user. The header part of\n the user data is double-fetched, and a malicious user\n thread can tamper with the critical variables\n (hdr.size_in and hdr.size_out) in the header between\n the two fetches because of a race condition, leading to\n severe kernel errors, such as buffer over-accesses.\n This bug can cause a local denial of service and\n information leakage.(CVE-2018-12633i1/4%0\n\n - ** RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate\n will be provided.(CVE-2018-1092i1/4%0\n\n - fs/f2fs/extent_cache.c in the Linux kernel, before\n 4.13, mishandles extent trees. This allows local users\n to cause a denial of service via an application with\n multiple threads.(CVE-2017-18193i1/4%0\n\n - A design flaw was found in the file extended attribute\n handling of the Linux kernel's handling of cached\n attributes. Too many entries in the cache cause a soft\n lockup while attempting to iterate the cache and access\n relevant locks.(CVE-2015-8952i1/4%0\n\n - Off-by-one error in the pipe_advance function in\n lib/iov_iter.c in the Linux kernel before 4.9.5 allows\n local users to obtain sensitive information from\n uninitialized heap-memory locations in opportunistic\n circumstances by reading from a pipe after an incorrect\n buffer-release decision.(CVE-2017-5550i1/4%0\n\n - The HMAC implementation (crypto/hmac.c) in the Linux\n kernel, before 4.14.8, does not validate that the\n underlying cryptographic hash algorithm is unkeyed.\n This allows a local attacker, able to use the\n AF_ALG-based hash interface\n (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash\n algorithm (CONFIG_CRYPTO_SHA3), to cause a kernel stack\n buffer overflow by executing a crafted sequence of\n system calls that encounter a missing SHA-3\n initialization.(CVE-2017-17806i1/4%0\n\n - The mp_get_count function in\n drivers/staging/sb105x/sb_pci_mp.c in the Linux kernel\n before 3.12 does not initialize a certain data\n structure, which allows local users to obtain sensitive\n information from kernel stack memory via a TIOCGICOUNT\n ioctl call.(CVE-2013-4516i1/4%0\n\n - The perf_cpu_time_max_percent_handler function in\n kernel/events/core.c in the Linux kernel before 4.11\n allows local users to cause a denial of service\n (integer overflow) or possibly have unspecified other\n impact via a large value, as demonstrated by an\n incorrect sample-rate calculation.(CVE-2017-18255i1/4%0\n\n - An issue was discovered in the btrfs filesystem code in\n the Linux kernel. An invalid pointer dereference in\n __del_reloc_root() in fs/btrfs/relocation.c when\n mounting a crafted btrfs image could lead to a system\n crash and a denial of service.(CVE-2018-14609i1/4%0\n\n - The oz_usb_handle_ep_data function in\n drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver\n in the Linux kernel through 4.0.5 allows remote\n attackers to cause a denial of service (divide-by-zero\n error and system crash) via a crafted\n packet.(CVE-2015-4003i1/4%0\n\n - drivers/hid/hid-logitech-dj.c in the Human Interface\n Device (HID) subsystem in the Linux kernel through\n 3.11, when CONFIG_HID_LOGITECH_DJ is enabled, allows\n physically proximate attackers to cause a denial of\n service (NULL pointer dereference and OOPS) or obtain\n sensitive information from kernel memory via a crafted\n device.(CVE-2013-2895i1/4%0\n\n - drivers/usb/serial/cypress_m8.c in the Linux kernel\n before 4.5.1 allows physically proximate attackers to\n cause a denial of service (NULL pointer dereference and\n system crash) via a USB device without both an\n interrupt-in and an interrupt-out endpoint descriptor,\n related to the cypress_generic_port_probe and\n cypress_open functions.(CVE-2016-3137i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1476\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0934af5b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2015-4004\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.28-1.2.117\",\n \"kernel-devel-4.19.28-1.2.117\",\n \"kernel-headers-4.19.28-1.2.117\",\n \"kernel-tools-4.19.28-1.2.117\",\n \"kernel-tools-libs-4.19.28-1.2.117\",\n \"kernel-tools-libs-devel-4.19.28-1.2.117\",\n \"perf-4.19.28-1.2.117\",\n \"python-perf-4.19.28-1.2.117\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 8.5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:C"}}, {"lastseen": "2022-05-10T03:23:09", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet. (CVE-2015-4001)\n\n - drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions. (CVE-2015-4002)\n\n - The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet. (CVE-2015-4003)\n\n - The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet. (CVE-2015-4004)\n\n - arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the 'strict page permissions' protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access. (CVE-2015-8967)\n\n - The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling. (CVE-2016-1583)\n\n - In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes (CVE-2017-11089)\n\n - In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail. (CVE-2017-9725)\n\n - A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free which might lead to privilege escalations. (CVE-2020-25670)\n\n - A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after- free which might lead to privilege escalations. (CVE-2020-25671)\n\n - A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system. (CVE-2020-25673)\n\n - An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after- free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c. (CVE-2020-36385)\n\n - Improper access control in BlueZ may allow an authenticated user to potentially enable information disclosure via adjacent access. (CVE-2021-0129)\n\n - There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. (CVE-2021-20292)\n\n - A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c.\n This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space (CVE-2021-22555)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements, allowing them to execute arbitrary code within the kernel context. This affects arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\n - An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70.\n (CVE-2021-29265)\n\n - An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi- device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. (CVE-2021-31916)\n\n - net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI controller. (CVE-2021-32399)\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. (CVE-2021-33033)\n\n - An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.\n (CVE-2021-3347)\n\n - fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. (CVE-2021-33909)\n\n - net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. (CVE-2021-34693)\n\n - A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions before kernel 5.12-rc6 are affected (CVE-2021-3483)\n\n - A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the system. This flaw affects all the Linux kernel versions starting from 3.13. (CVE-2021-3564)\n\n - A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(), hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5. (CVE-2021-3573)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-10-25T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : kernel (EulerOS-SA-2021-2588)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-4001", "CVE-2015-4002", "CVE-2015-4003", "CVE-2015-4004", "CVE-2015-8967", "CVE-2016-1583", "CVE-2017-11089", "CVE-2017-9725", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25673", "CVE-2020-36385", "CVE-2021-0129", "CVE-2021-20292", "CVE-2021-22555", "CVE-2021-28964", "CVE-2021-29154", "CVE-2021-29265", "CVE-2021-31916", "CVE-2021-32399", "CVE-2021-33033", "CVE-2021-3347", "CVE-2021-33909", "CVE-2021-3428", "CVE-2021-34693", "CVE-2021-3483", "CVE-2021-3564", "CVE-2021-3573", "CVE-2021-3609"], "modified": "2022-05-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2588.NASL", "href": "https://www.tenable.com/plugins/nessus/154404", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154404);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2015-4001\",\n \"CVE-2015-4002\",\n \"CVE-2015-4003\",\n \"CVE-2015-4004\",\n \"CVE-2015-8967\",\n \"CVE-2016-1583\",\n \"CVE-2017-9725\",\n \"CVE-2017-11089\",\n \"CVE-2020-25670\",\n \"CVE-2020-25671\",\n \"CVE-2020-25673\",\n \"CVE-2020-36385\",\n \"CVE-2021-0129\",\n \"CVE-2021-3347\",\n \"CVE-2021-3428\",\n \"CVE-2021-3483\",\n \"CVE-2021-3564\",\n \"CVE-2021-3573\",\n \"CVE-2021-3609\",\n \"CVE-2021-20292\",\n \"CVE-2021-22555\",\n \"CVE-2021-28964\",\n \"CVE-2021-29154\",\n \"CVE-2021-29265\",\n \"CVE-2021-31916\",\n \"CVE-2021-32399\",\n \"CVE-2021-33033\",\n \"CVE-2021-33909\",\n \"CVE-2021-34693\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0350\");\n\n script_name(english:\"EulerOS 2.0 SP3 : kernel (EulerOS-SA-2021-2588)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the\n OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service\n (system crash) or possibly execute arbitrary code via a crafted packet. (CVE-2015-4001)\n\n - drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure\n that certain length values are sufficiently large, which allows remote attackers to cause a denial of\n service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to\n the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions. (CVE-2015-4002)\n\n - The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux\n kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system\n crash) via a crafted packet. (CVE-2015-4003)\n\n - The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet\n parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a\n denial of service (out-of-bounds read and system crash) via a crafted packet. (CVE-2015-4004)\n\n - arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the 'strict page\n permissions' protection mechanism and modify the system-call table, and consequently gain privileges, by\n leveraging write access. (CVE-2015-8967)\n\n - The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows\n local users to gain privileges or cause a denial of service (stack memory consumption) via vectors\n involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling. (CVE-2016-1583)\n\n - In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux\n kernel, a buffer overread is observed in nl80211_set_station when user space application sends attribute\n NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes (CVE-2017-11089)\n\n - In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due\n to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should\n fail. (CVE-2017-9725)\n\n - A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free\n which might lead to privilege escalations. (CVE-2020-25670)\n\n - A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-\n free which might lead to privilege escalations. (CVE-2020-25671)\n\n - A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak\n and eventually hanging-up the system. (CVE-2020-25673)\n\n - An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-\n free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is\n called, aka CID-f5449e74802c. (CVE-2020-36385)\n\n - Improper access control in BlueZ may allow an authenticated user to potentially enable information\n disclosure via adjacent access. (CVE-2021-0129)\n\n - There is a flaw reported in the Linux kernel in versions before 5.9 in\n drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue\n results from the lack of validating the existence of an object prior to performing operations on the\n object. An attacker with a local account with a root privilege, can leverage this vulnerability to\n escalate privileges and execute code in the context of the kernel. (CVE-2021-20292)\n\n - A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c.\n This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name\n space (CVE-2021-22555)\n\n - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It\n allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer\n before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)\n\n - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements,\n allowing them to execute arbitrary code within the kernel context. This affects\n arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)\n\n - An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in\n drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up\n sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70.\n (CVE-2021-29265)\n\n - An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-\n device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with\n special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or\n a leak of internal kernel information. The highest threat from this vulnerability is to system\n availability. (CVE-2021-31916)\n\n - net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI\n controller. (CVE-2021-32399)\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because\n the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads\n to writing an arbitrary value. (CVE-2021-33033)\n\n - An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free\n during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.\n (CVE-2021-3347)\n\n - fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer\n allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an\n unprivileged user, aka CID-8cae8cd89f05. (CVE-2021-33909)\n\n - net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from\n kernel stack memory because parts of a data structure are uninitialized. (CVE-2021-34693)\n\n - A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice\n into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest\n threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions\n before kernel 5.12-rc6 are affected (CVE-2021-3483)\n\n - A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in\n the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the\n system. This flaw affects all the Linux kernel versions starting from 3.13. (CVE-2021-3564)\n\n - A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way\n user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev()\n together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(),\n hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their\n privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5. (CVE-2021-3573)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2588\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?74bb9ae9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-9725\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3483\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter x_tables Heap OOB Write Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/05/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"kernel-3.10.0-514.44.5.10.h339\",\n \"kernel-debuginfo-3.10.0-514.44.5.10.h339\",\n \"kernel-debuginfo-common-x86_64-3.10.0-514.44.5.10.h339\",\n \"kernel-devel-3.10.0-514.44.5.10.h339\",\n \"kernel-headers-3.10.0-514.44.5.10.h339\",\n \"kernel-tools-3.10.0-514.44.5.10.h339\",\n \"kernel-tools-libs-3.10.0-514.44.5.10.h339\",\n \"perf-3.10.0-514.44.5.10.h339\",\n \"python-perf-3.10.0-514.44.5.10.h339\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T17:02:37", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-2186)\n\n - The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717.(CVE-2014-9892)\n\n - A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering kfifo_alloc() failures, aka CID-a7b2df76b42b.(CVE-2019-19054)\n\n - A memory leak in the adis_update_scan_mode() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-ab612b1daf41.(CVE-2019-19060)\n\n - A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-9c0530e898f3.(CVE-2019-19061)\n\n - A memory leak in the crypto_report() function in crypto/crypto_user_base.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering crypto_report_alg() failures, aka CID-ffdde5932042.(CVE-2019-19062)\n\n - A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.(CVE-2019-18808)\n\n - In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to insufficient locking when accessing asma.\n This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product:\n Android. Versions: Android kernel. Android ID:\n A-66954097.(CVE-2017-13216)\n\n - A certain backport in the TCP Fast Open implementation for the Linux kernel before 3.18 does not properly maintain a count value, which allow local users to cause a denial of service (system crash) via the Fast Open feature, as demonstrated by visiting the chrome://flags/#enable-tcp-fast-open URL when using certain 3.10.x through 3.16.x kernel builds, including longterm-maintenance releases and ckt (aka Canonical Kernel Team) builds.(CVE-2015-3332)\n\n - The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading a Netlink message.(CVE-2016-4486)\n\n - The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access.(CVE-2017-5897)\n\n - In the Linux kernel before version 4.12, Kerberos 5 tickets decoded when using the RXRPC keys incorrectly assumes the size of a field. This could lead to the size-remaining variable wrapping and the data pointer going over the end of the buffer. This could possibly lead to memory corruption and possible privilege escalation.(CVE-2017-7482)\n\n - A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.(CVE-2018-14625)\n\n - drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16647)\n\n - A memory leak in the ql_alloc_large_buffers() function in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux kernel before 5.3.5 allows local users to cause a denial of service (memory consumption) by triggering pci_dma_mapping_error() failures, aka CID-1acb8f2a7a9f.(CVE-2019-18806)\n\n - An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR.(CVE-2018-7755)\n\n - The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux (RHEL) 7.1 allows physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor.(CVE-2015-7833)\n\n - A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.(CVE-2019-3846)\n\n - drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.(CVE-2019-16232)\n\n - drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.(CVE-2019-16234)\n\n - drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.(CVE-2019-16231)\n\n - Insufficient access control in the Intel(R) PROSet/Wireless WiFi Software driver before version 21.10 may allow an unauthenticated user to potentially enable denial of service via adjacent access.(CVE-2019-0136)\n\n - A flaw was found in the Linux kernel. A heap based buffer overflow in mwifiex_uap_parse_tail_ies function in drivers/net/wireless/marvell/mwifiex/ie.c might lead to memory corruption and possibly other consequences.(CVE-2019-10126)\n\n - The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka 'KNOB') that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.(CVE-2019-9506)\n\n - An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow.(CVE-2019-16746)\n\n - In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed.\n User interaction is not needed for exploitation.\n Product: Android Versions: Android kernel Android ID:\n A-65853588 References: Upstream kernel.(CVE-2018-9363)\n\n - An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable.\n This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance.(CVE-2019-17075)\n\n - rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.(CVE-2019-17666)\n\n - arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not prevent executable DMA mappings, which might allow local users to gain privileges via a crafted application, aka Android internal bug 28803642 and Qualcomm internal bug CR642735.(CVE-2014-9888)\n\n - An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated.(CVE-2017-18551)\n\n - The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interface's own IP address, as demonstrated by rds-ping.(CVE-2012-2372)\n\n - In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.(CVE-2019-17133)\n\n - A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/bfad_attr.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering bfa_port_get_stats() failures, aka CID-0e62395da2bd.(CVE-2019-19066)\n\n - The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 28522518.(CVE-2016-3857)\n\n - arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the 'strict page permissions' protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access.(CVE-2015-8967)\n\n - arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during a span of multiple HW PMUs.(CVE-2015-8955)\n\n - The __clear_user function in arch/arm64/lib/clear_user.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary.(CVE-2014-7843)\n\n - The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace() or rt_sigreturn() system call, allowing local users to read the FPU registers of other processes on the system, related to arch/x86/kernel/fpu/regset.c and arch/x86/kernel/fpu/signal.c.(CVE-2017-15537)\n\n - The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges via a crafted application, aka Android internal bug 28749743 and Qualcomm internal bug CR561044.(CVE-2014-9870)\n\n - ** DISPUTED ** Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck directory. NOTE: a third party has indicated that this report is not security relevant.(CVE-2018-7995)\n\n - arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000.(CVE-2014-4508)\n\n - arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in the Linux kernel through 3.18.1 allows local users to bypass the espfix protection mechanism, and consequently makes it easier for local users to bypass the ASLR protection mechanism, via a crafted application that makes a set_thread_area system call and later reads a 16-bit value.(CVE-2014-8133)\n\n - arch/mips/include/asm/thread_info.h in the Linux kernel before 3.14.8 on the MIPS platform does not configure\n _TIF_SECCOMP checks on the fast system-call path, which allows local users to bypass intended PR_SET_SECCOMP restrictions by executing a crafted application without invoking a trace or audit subsystem.(CVE-2014-4157)\n\n - Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted packet.(CVE-2015-4001)\n\n - drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure that certain length values are sufficiently large, which allows remote attackers to cause a denial of service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions.(CVE-2015-4002)\n\n - The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system crash) via a crafted packet.(CVE-2015-4003)\n\n - The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read and system crash) via a crafted packet.(CVE-2015-4004)\n\n - Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel before 4.6 allows local users to obtain sensitive information from kernel memory by changing a certain length value, aka a 'double fetch' vulnerability.(CVE-2016-6130)\n\n - The print_binder_transaction_ilocked function in drivers/android/binder.c in the Linux kernel 4.14.90 allows local users to obtain sensitive address information by reading '*from *code *flags' lines in a debugfs file.(CVE-2018-20510)\n\n - In the Linux kernel before 4.1.4, a buffer overflow occurs when checking userspace params in drivers/media/dvb-frontends/cx24116.c. The maximum size for a DiSEqC command is 6, according to the userspace API. However, the code allows larger values such as 23.(CVE-2015-9289)\n\n - The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a 'double fetch' vulnerability.(CVE-2017-8831)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-12-09T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-2531)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2012-2372", "CVE-2014-4157", "CVE-2014-4508", "CVE-2014-7843", "CVE-2014-8133", "CVE-2014-9870", "CVE-2014-9888", "CVE-2014-9892", "CVE-2015-3332", "CVE-2015-4001", "CVE-2015-4002", "CVE-2015-4003", "CVE-2015-4004", "CVE-2015-7833", "CVE-2015-8955", "CVE-2015-8967", "CVE-2015-9289", "CVE-2016-2186", "CVE-2016-3857", "CVE-2016-4486", "CVE-2016-6130", "CVE-2017-13216", "CVE-2017-15537", "CVE-2017-16647", "CVE-2017-18551", "CVE-2017-5897", "CVE-2017-7482", "CVE-2017-8831", "CVE-2018-14625", "CVE-2018-20510", "CVE-2018-7755", "CVE-2018-7995", "CVE-2018-9363", "CVE-2019-0136", "CVE-2019-10126", "CVE-2019-16231", "CVE-2019-16232", "CVE-2019-16234", "CVE-2019-16746", "CVE-2019-17075", "CVE-2019-17133", "CVE-2019-17666", "CVE-2019-18806", "CVE-2019-18808", "CVE-2019-19054", "CVE-2019-19060", "CVE-2019-19061", "CVE-2019-19062", "CVE-2019-19066", "CVE-2019-3846", "CVE-2019-9506"], "modified": "2022-05-18T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2531.NASL", "href": "https://www.tenable.com/plugins/nessus/131805", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131805);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/18\");\n\n script_cve_id(\n \"CVE-2012-2372\",\n \"CVE-2014-4157\",\n \"CVE-2014-4508\",\n \"CVE-2014-7843\",\n \"CVE-2014-8133\",\n \"CVE-2014-9870\",\n \"CVE-2014-9888\",\n \"CVE-2014-9892\",\n \"CVE-2015-3332\",\n \"CVE-2015-4001\",\n \"CVE-2015-4002\",\n \"CVE-2015-4003\",\n \"CVE-2015-4004\",\n \"CVE-2015-7833\",\n \"CVE-2015-8955\",\n \"CVE-2015-8967\",\n \"CVE-2015-9289\",\n \"CVE-2016-2186\",\n \"CVE-2016-3857\",\n \"CVE-2016-4486\",\n \"CVE-2016-6130\",\n \"CVE-2017-5897\",\n \"CVE-2017-7482\",\n \"CVE-2017-8831\",\n \"CVE-2017-13216\",\n \"CVE-2017-15537\",\n \"CVE-2017-16647\",\n \"CVE-2017-18551\",\n \"CVE-2018-7755\",\n \"CVE-2018-7995\",\n \"CVE-2018-9363\",\n \"CVE-2018-14625\",\n \"CVE-2018-20510\",\n \"CVE-2019-0136\",\n \"CVE-2019-3846\",\n \"CVE-2019-9506\",\n \"CVE-2019-10126\",\n \"CVE-2019-16231\",\n \"CVE-2019-16232\",\n \"CVE-2019-16234\",\n \"CVE-2019-16746\",\n \"CVE-2019-17075\",\n \"CVE-2019-17133\",\n \"CVE-2019-17666\",\n \"CVE-2019-18806\",\n \"CVE-2019-18808\",\n \"CVE-2019-19054\",\n \"CVE-2019-19060\",\n \"CVE-2019-19061\",\n \"CVE-2019-19062\",\n \"CVE-2019-19066\"\n );\n script_bugtraq_id(\n 54062,\n 68083,\n 68126,\n 71082,\n 71684,\n 74232,\n 74668,\n 74672\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-2531)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The powermate_probe function in\n drivers/input/misc/powermate.c in the Linux kernel\n before 4.5.1 allows physically proximate attackers to\n cause a denial of service (NULL pointer dereference and\n system crash) via a crafted endpoints value in a USB\n device descriptor.(CVE-2016-2186)\n\n - The snd_compr_tstamp function in\n sound/core/compress_offload.c in the Linux kernel\n through 4.7, as used in Android before 2016-08-05 on\n Nexus 5 and 7 (2013) devices, does not properly\n initialize a timestamp data structure, which allows\n attackers to obtain sensitive information via a crafted\n application, aka Android internal bug 28770164 and\n Qualcomm internal bug CR568717.(CVE-2014-9892)\n\n - A memory leak in the cx23888_ir_probe() function in\n drivers/media/pci/cx23885/cx23888-ir.c in the Linux\n kernel through 5.3.11 allows attackers to cause a\n denial of service (memory consumption) by triggering\n kfifo_alloc() failures, aka\n CID-a7b2df76b42b.(CVE-2019-19054)\n\n - A memory leak in the adis_update_scan_mode() function\n in drivers/iio/imu/adis_buffer.c in the Linux kernel\n before 5.3.9 allows attackers to cause a denial of\n service (memory consumption), aka\n CID-ab612b1daf41.(CVE-2019-19060)\n\n - A memory leak in the adis_update_scan_mode_burst()\n function in drivers/iio/imu/adis_buffer.c in the Linux\n kernel before 5.3.9 allows attackers to cause a denial\n of service (memory consumption), aka\n CID-9c0530e898f3.(CVE-2019-19061)\n\n - A memory leak in the crypto_report() function in\n crypto/crypto_user_base.c in the Linux kernel through\n 5.3.11 allows attackers to cause a denial of service\n (memory consumption) by triggering crypto_report_alg()\n failures, aka CID-ffdde5932042.(CVE-2019-19062)\n\n - A memory leak in the ccp_run_sha_cmd() function in\n drivers/crypto/ccp/ccp-ops.c in the Linux kernel\n through 5.3.9 allows attackers to cause a denial of\n service (memory consumption), aka\n CID-128c66429247.(CVE-2019-18808)\n\n - In ashmem_ioctl of ashmem.c, there is an out-of-bounds\n write due to insufficient locking when accessing asma.\n This could lead to a local elevation of privilege\n enabling code execution as a privileged process with no\n additional execution privileges needed. User\n interaction is not needed for exploitation. Product:\n Android. Versions: Android kernel. Android ID:\n A-66954097.(CVE-2017-13216)\n\n - A certain backport in the TCP Fast Open implementation\n for the Linux kernel before 3.18 does not properly\n maintain a count value, which allow local users to\n cause a denial of service (system crash) via the Fast\n Open feature, as demonstrated by visiting the\n chrome://flags/#enable-tcp-fast-open URL when using\n certain 3.10.x through 3.16.x kernel builds, including\n longterm-maintenance releases and ckt (aka Canonical\n Kernel Team) builds.(CVE-2015-3332)\n\n - The rtnl_fill_link_ifmap function in\n net/core/rtnetlink.c in the Linux kernel before 4.5.5\n does not initialize a certain data structure, which\n allows local users to obtain sensitive information from\n kernel stack memory by reading a Netlink\n message.(CVE-2016-4486)\n\n - The ip6gre_err function in net/ipv6/ip6_gre.c in the\n Linux kernel allows remote attackers to have\n unspecified impact via vectors involving GRE flags in\n an IPv6 packet, which trigger an out-of-bounds\n access.(CVE-2017-5897)\n\n - In the Linux kernel before version 4.12, Kerberos 5\n tickets decoded when using the RXRPC keys incorrectly\n assumes the size of a field. This could lead to the\n size-remaining variable wrapping and the data pointer\n going over the end of the buffer. This could possibly\n lead to memory corruption and possible privilege\n escalation.(CVE-2017-7482)\n\n - A flaw was found in the Linux Kernel where an attacker\n may be able to have an uncontrolled read to\n kernel-memory from within a vm guest. A race condition\n between connect() and close() function may allow an\n attacker using the AF_VSOCK protocol to gather a 4 byte\n information leak or possibly intercept or corrupt\n AF_VSOCK messages destined to other\n clients.(CVE-2018-14625)\n\n - drivers/net/usb/asix_devices.c in the Linux kernel\n through 4.13.11 allows local users to cause a denial of\n service (NULL pointer dereference and system crash) or\n possibly have unspecified other impact via a crafted\n USB device.(CVE-2017-16647)\n\n - A memory leak in the ql_alloc_large_buffers() function\n in drivers/net/ethernet/qlogic/qla3xxx.c in the Linux\n kernel before 5.3.5 allows local users to cause a\n denial of service (memory consumption) by triggering\n pci_dma_mapping_error() failures, aka\n CID-1acb8f2a7a9f.(CVE-2019-18806)\n\n - An issue was discovered in the fd_locked_ioctl function\n in drivers/block/floppy.c in the Linux kernel through\n 4.15.7. The floppy driver will copy a kernel pointer to\n user memory in response to the FDGETPRM ioctl. An\n attacker can send the FDGETPRM ioctl and use the\n obtained kernel pointer to discover the location of\n kernel code and data and bypass kernel security\n protections such as KASLR.(CVE-2018-7755)\n\n - The usbvision driver in the Linux kernel package\n 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red\n Hat Enterprise Linux (RHEL) 7.1 allows physically\n proximate attackers to cause a denial of service\n (panic) via a nonzero bInterfaceNumber value in a USB\n device descriptor.(CVE-2015-7833)\n\n - A flaw that allowed an attacker to corrupt memory and\n possibly escalate privileges was found in the mwifiex\n kernel module while connecting to a malicious wireless\n network.(CVE-2019-3846)\n\n - drivers/net/wireless/marvell/libertas/if_sdio.c in the\n Linux kernel 5.2.14 does not check the alloc_workqueue\n return value, leading to a NULL pointer\n dereference.(CVE-2019-16232)\n\n - drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the\n Linux kernel 5.2.14 does not check the alloc_workqueue\n return value, leading to a NULL pointer\n dereference.(CVE-2019-16234)\n\n - drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14\n does not check the alloc_workqueue return value,\n leading to a NULL pointer dereference.(CVE-2019-16231)\n\n - Insufficient access control in the Intel(R)\n PROSet/Wireless WiFi Software driver before version\n 21.10 may allow an unauthenticated user to potentially\n enable denial of service via adjacent\n access.(CVE-2019-0136)\n\n - A flaw was found in the Linux kernel. A heap based\n buffer overflow in mwifiex_uap_parse_tail_ies function\n in drivers/net/wireless/marvell/mwifiex/ie.c might lead\n to memory corruption and possibly other\n consequences.(CVE-2019-10126)\n\n - The Bluetooth BR/EDR specification up to and including\n version 5.1 permits sufficiently low encryption key\n length and does not prevent an attacker from\n influencing the key length negotiation. This allows\n practical brute-force attacks (aka 'KNOB') that can\n decrypt traffic and inject arbitrary ciphertext without\n the victim noticing.(CVE-2019-9506)\n\n - An issue was discovered in net/wireless/nl80211.c in\n the Linux kernel through 5.2.17. It does not check the\n length of variable elements in a beacon head, leading\n to a buffer overflow.(CVE-2019-16746)\n\n - In the hidp_process_report in bluetooth, there is an\n integer overflow. This could lead to an out of bounds\n write with no additional execution privileges needed.\n User interaction is not needed for exploitation.\n Product: Android Versions: Android kernel Android ID:\n A-65853588 References: Upstream kernel.(CVE-2018-9363)\n\n - An issue was discovered in write_tpt_entry in\n drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel\n through 5.3.2. The cxgb4 driver is directly calling\n dma_map_single (a DMA function) from a stack variable.\n This could allow an attacker to trigger a Denial of\n Service, exploitable if this driver is used on an\n architecture for which this stack/DMA interaction has\n security relevance.(CVE-2019-17075)\n\n - rtl_p2p_noa_ie in\n drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux\n kernel through 5.3.6 lacks a certain upper-bound check,\n leading to a buffer overflow.(CVE-2019-17666)\n\n - arch/arm/mm/dma-mapping.c in the Linux kernel before\n 3.13 on ARM platforms, as used in Android before\n 2016-08-05 on Nexus 5 and 7 (2013) devices, does not\n prevent executable DMA mappings, which might allow\n local users to gain privileges via a crafted\n application, aka Android internal bug 28803642 and\n Qualcomm internal bug CR642735.(CVE-2014-9888)\n\n - An issue was discovered in drivers/i2c/i2c-core-smbus.c\n in the Linux kernel before 4.14.15. There is an out of\n bounds write in the function\n i2c_smbus_xfer_emulated.(CVE-2017-18551)\n\n - The rds_ib_xmit function in net/rds/ib_send.c in the\n Reliable Datagram Sockets (RDS) protocol implementation\n in the Linux kernel 3.7.4 and earlier allows local\n users to cause a denial of service (BUG_ON and kernel\n panic) by establishing an RDS connection with the\n source IP address equal to the IPoIB interface's own IP\n address, as demonstrated by rds-ping.(CVE-2012-2372)\n\n - In the Linux kernel through 5.3.2,\n cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c\n does not reject a long SSID IE, leading to a Buffer\n Overflow.(CVE-2019-17133)\n\n - A memory leak in the bfad_im_get_stats() function in\n drivers/scsi/bfa/bfad_attr.c in the Linux kernel\n through 5.3.11 allows attackers to cause a denial of\n service (memory consumption) by triggering\n bfa_port_get_stats() failures, aka\n CID-0e62395da2bd.(CVE-2019-19066)\n\n - The kernel in Android before 2016-08-05 on Nexus 7\n (2013) devices allows attackers to gain privileges via\n a crafted application, aka internal bug\n 28522518.(CVE-2016-3857)\n\n - arch/arm64/kernel/sys.c in the Linux kernel before 4.0\n allows local users to bypass the 'strict page\n permissions' protection mechanism and modify the\n system-call table, and consequently gain privileges, by\n leveraging write access.(CVE-2015-8967)\n\n - arch/arm64/kernel/perf_event.c in the Linux kernel\n before 4.1 on arm64 platforms allows local users to\n gain privileges or cause a denial of service (invalid\n pointer dereference) via vectors involving events that\n are mishandled during a span of multiple HW\n PMUs.(CVE-2015-8955)\n\n - The __clear_user function in\n arch/arm64/lib/clear_user.S in the Linux kernel before\n 3.17.4 on the ARM64 platform allows local users to\n cause a denial of service (system crash) by reading one\n byte beyond a /dev/zero page boundary.(CVE-2014-7843)\n\n - The x86/fpu (Floating Point Unit) subsystem in the\n Linux kernel before 4.13.5, when a processor supports\n the xsave feature but not the xsaves feature, does not\n correctly handle attempts to set reserved bits in the\n xstate header via the ptrace() or rt_sigreturn() system\n call, allowing local users to read the FPU registers of\n other processes on the system, related to\n arch/x86/kernel/fpu/regset.c and\n arch/x86/kernel/fpu/signal.c.(CVE-2017-15537)\n\n - The Linux kernel before 3.11 on ARM platforms, as used\n in Android before 2016-08-05 on Nexus 5 and 7 (2013)\n devices, does not properly consider user-space access\n to the TPIDRURW register, which allows local users to\n gain privileges via a crafted application, aka Android\n internal bug 28749743 and Qualcomm internal bug\n CR561044.(CVE-2014-9870)\n\n - ** DISPUTED ** Race condition in the\n store_int_with_restart() function in\n arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel\n through 4.15.7 allows local users to cause a denial of\n service (panic) by leveraging root access to write to\n the check_interval file in a\n /sys/devices/system/machinecheck/machinecheck\n directory. NOTE: a third party has indicated that this\n report is not security relevant.(CVE-2018-7995)\n\n - arch/x86/kernel/entry_32.S in the Linux kernel through\n 3.15.1 on 32-bit x86 platforms, when syscall auditing\n is enabled and the sep CPU feature flag is set, allows\n local users to cause a denial of service (OOPS and\n system crash) via an invalid syscall number, as\n demonstrated by number 1000.(CVE-2014-4508)\n\n - arch/x86/kernel/tls.c in the Thread Local Storage (TLS)\n implementation in the Linux kernel through 3.18.1\n allows local users to bypass the espfix protection\n mechanism, and consequently makes it easier for local\n users to bypass the ASLR protection mechanism, via a\n crafted application that makes a set_thread_area system\n call and later reads a 16-bit value.(CVE-2014-8133)\n\n - arch/mips/include/asm/thread_info.h in the Linux kernel\n before 3.14.8 on the MIPS platform does not configure\n _TIF_SECCOMP checks on the fast system-call path, which\n allows local users to bypass intended PR_SET_SECCOMP\n restrictions by executing a crafted application without\n invoking a trace or audit subsystem.(CVE-2014-4157)\n\n - Integer signedness error in the oz_hcd_get_desc_cnf\n function in drivers/staging/ozwpan/ozhcd.c in the\n OZWPAN driver in the Linux kernel through 4.0.5 allows\n remote attackers to cause a denial of service (system\n crash) or possibly execute arbitrary code via a crafted\n packet.(CVE-2015-4001)\n\n - drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver\n in the Linux kernel through 4.0.5 does not ensure that\n certain length values are sufficiently large, which\n allows remote attackers to cause a denial of service\n (system crash or large loop) or possibly execute\n arbitrary code via a crafted packet, related to the (1)\n oz_usb_rx and (2) oz_usb_handle_ep_data\n functions.(CVE-2015-4002)\n\n - The oz_usb_handle_ep_data function in\n drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver\n in the Linux kernel through 4.0.5 allows remote\n attackers to cause a denial of service (divide-by-zero\n error and system crash) via a crafted\n packet.(CVE-2015-4003)\n\n - The OZWPAN driver in the Linux kernel through 4.0.5\n relies on an untrusted length field during packet\n parsing, which allows remote attackers to obtain\n sensitive information from kernel memory or cause a\n denial of service (out-of-bounds read and system crash)\n via a crafted packet.(CVE-2015-4004)\n\n - Race condition in the sclp_ctl_ioctl_sccb function in\n drivers/s390/char/sclp_ctl.c in the Linux kernel before\n 4.6 allows local users to obtain sensitive information\n from kernel memory by changing a certain length value,\n aka a 'double fetch' vulnerability.(CVE-2016-6130)\n\n - The print_binder_transaction_ilocked function in\n drivers/android/binder.c in the Linux kernel 4.14.90\n allows local users to obtain sensitive address\n information by reading '*from *code *flags' lines in a\n debugfs file.(CVE-2018-20510)\n\n - In the Linux kernel before 4.1.4, a buffer overflow\n occurs when checking userspace params in\n drivers/media/dvb-frontends/cx24116.c. The maximum size\n for a DiSEqC command is 6, according to the userspace\n API. However, the code allows larger values such as\n 23.(CVE-2015-9289)\n\n - The saa7164_bus_get function in\n drivers/media/pci/saa7164/saa7164-bus.c in the Linux\n kernel through 4.11.5 allows local users to cause a\n denial of service (out-of-bounds array access) or\n possibly have unspecified other impact by changing a\n certain sequence-number value, aka a 'double fetch'\n vulnerability.(CVE-2017-8831)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2531\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2de1205c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-3857\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-17133\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.5.h328.eulerosv2r7\",\n \"kernel-devel-3.10.0-862.14.1.5.h328.eulerosv2r7\",\n \"kernel-headers-3.10.0-862.14.1.5.h328.eulerosv2r7\",\n \"kernel-tools-3.10.0-862.14.1.5.h328.eulerosv2r7\",\n \"kernel-tools-libs-3.10.0-862.14.1.5.h328.eulerosv2r7\",\n \"perf-3.10.0-862.14.1.5.h328.eulerosv2r7\",\n \"python-perf-3.10.0-862.14.1.5.h328.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T20:20:38", "description": "The openSUSE 13.1 kernel was updated to receive various security and bugfixes.\n\nFollowing security bugs were fixed :\n\n - CVE-2016-0728: A reference leak in keyring handling with join_session_keyring() could lead to local attackers gain root privileges. (bsc#962075).\n\n - CVE-2015-7550: A local user could have triggered a race between read and revoke in keyctl (bnc#958951).\n\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel did not verify an address length, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted application (bnc#959190).\n\n - CVE-2015-8543: The networking implementation in the Linux kernel did not validate protocol identifiers for certain protocol families, which allowed local users to cause a denial of service (NULL function pointer dereference and system crash) or possibly gain privileges by leveraging CLONE_NEWUSER support to execute a crafted SOCK_RAW application (bnc#958886).\n\n - CVE-2014-8989: The Linux kernel did not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allowed local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the entry for the other category, aka a 'negative groups' issue, related to kernel/groups.c, kernel/uid16.c, and kernel/user_namespace.c (bnc#906545).\n\n - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI (bnc#937969).\n\n - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 did not ensure that certain slot numbers are valid, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call (bnc#949936).\n\n - CVE-2015-8104: The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c (bnc#954404).\n\n - CVE-2015-5307: The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allowed guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c (bnc#953527).\n\n - CVE-2014-9529: Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel allowed local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key (bnc#912202).\n\n - CVE-2015-7990: Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6937 (bnc#952384 953052).\n\n - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound (bnc#945825).\n\n - CVE-2015-7885: The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 did not initialize a certain structure member, which allowed local users to obtain sensitive information from kernel memory via a crafted application (bnc#951627).\n\n - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel did not validate attempted changes to the MTU value, which allowed context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product (bnc#955354).\n\n - CVE-2015-8767: A case can occur when sctp_accept() is called by the user during a heartbeat timeout event after the 4-way handshake. Since sctp_assoc_migrate() changes both assoc->base.sk and assoc->ep, the bh_sock_lock in sctp_generate_heartbeat_event() will be taken with the listening socket but released with the new association socket. The result is a deadlock on any future attempts to take the listening socket lock.\n (bsc#961509)\n\n - CVE-2015-8575: Validate socket address length in sco_sock_bind() to prevent information leak (bsc#959399).\n\n - CVE-2015-8551, CVE-2015-8552: xen/pciback: For XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled (bsc#957990).\n\n - CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers could have lead to double fetch vulnerabilities, causing denial of service or arbitrary code execution (depending on the configuration) (bsc#957988).\n\nThe following non-security bugs were fixed :\n\n - ALSA: hda - Disable 64bit address for Creative HDA controllers (bnc#814440).\n\n - ALSA: hda - Fix noise problems on Thinkpad T440s (boo#958504).\n\n - Input: aiptek - fix crash on detecting device without endpoints (bnc#956708).\n\n - KEYS: Make /proc/keys unconditional if CONFIG_KEYS=y (boo#956934).\n\n - KVM: x86: update masterclock values on TSC writes (bsc#961739).\n\n - NFS: Fix a NULL pointer dereference of migration recovery ops for v4.2 client (bsc#960839).\n\n - apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another task (bsc#921949).\n\n - blktap: also call blkif_disconnect() when frontend switched to closed (bsc#952976).\n\n - blktap: refine mm tracking (bsc#952976).\n\n - cdrom: Random writing support for BD-RE media (bnc#959568).\n\n - genksyms: Handle string literals with spaces in reference files (bsc#958510).\n\n - ipv4: Do not increase PMTU with Datagram Too Big message (bsc#955224).\n\n - ipv6: distinguish frag queues by device for multicast and link-local packets (bsc#955422).\n\n - ipv6: fix tunnel error handling (bsc#952579).\n\n - route: Use ipv4_mtu instead of raw rt_pmtu (bsc#955224).\n\n - uas: Add response iu handling (bnc#954138).\n\n - usbvision fix overflow of interfaces array (bnc#950998).\n\n - x86/evtchn: make use of PHYSDEVOP_map_pirq.\n\n - xen/pciback: Do not allow MSI-X ops if PCI_COMMAND_MEMORY is not set (bsc#957990 XSA-157).", "cvss3": {"score": 8.2, "vector": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H"}, "published": "2016-02-03T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2016-124)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-2568", "CVE-2014-8133", "CVE-2014-8989", "CVE-2014-9090", "CVE-2014-9419", "CVE-2014-9529", "CVE-2014-9683", "CVE-2014-9715", "CVE-2014-9728", "CVE-2014-9729", "CVE-2014-9730", "CVE-2014-9731", "CVE-2015-0272", "CVE-2015-0777", "CVE-2015-1420", "CVE-2015-1421", "CVE-2015-2041", "CVE-2015-2042", "CVE-2015-2150", "CVE-2015-2666", "CVE-2015-2830", "CVE-2015-2922", "CVE-2015-2925", "CVE-2015-3212", "CVE-2015-3339", "CVE-2015-3636", "CVE-2015-4001", "CVE-2015-4002", "CVE-2015-4003", "CVE-2015-4004", "CVE-2015-4036", "CVE-2015-4167", "CVE-2015-4692", "CVE-2015-4700", "CVE-2015-5157", "CVE-2015-5283", "CVE-2015-5307", "CVE-2015-5364", "CVE-2015-5366", "CVE-2015-5707", "CVE-2015-6937", "CVE-2015-7550", "CVE-2015-7799", "CVE-2015-7833", "CVE-2015-7872", "CVE-2015-7885", "CVE-2015-7990", "CVE-2015-8104", "CVE-2015-8215", "CVE-2015-8543", "CVE-2015-8550", "CVE-2015-8551", "CVE-2015-8552", "CVE-2015-8569", "CVE-2015-8575", "CVE-2015-8767", "CVE-2016-0728"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:cloop", "p-cpe:/a:novell:opensuse:cloop-debuginfo", "p-cpe:/a:novell:opensuse:cloop-debugsource", "p-cpe:/a:novell:opensuse:cloop-kmp-default", "p-cpe:/a:novell:opensuse:cloop-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-desktop", "p-cpe:/a:novell:opensuse:cloop-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-pae", "p-cpe:/a:novell:opensuse:cloop-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:cloop-kmp-xen", "p-cpe:/a:novell:opensuse:cloop-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:crash", "p-cpe:/a:novell:opensuse:crash-debuginfo", "p-cpe:/a:novell:opensuse:crash-debugsource", "p-cpe:/a:novell:opensuse:crash-devel", "p-cpe:/a:novell:opensuse:crash-eppic", "p-cpe:/a:novell:opensuse:crash-eppic-debuginfo", "p-cpe:/a:novell:opensuse:crash-gcore", "p-cpe:/a:novell:opensuse:crash-gcore-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-default", "p-cpe:/a:novell:opensuse:crash-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-desktop", "p-cpe:/a:novell:opensuse:crash-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-pae", "p-cpe:/a:novell:opensuse:crash-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:crash-kmp-xen", "p-cpe:/a:novell:opensuse:crash-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-debugsource", "p-cpe:/a:novell:opensuse:hdjmod-kmp-default", "p-cpe:/a:novell:opensuse:hdjmod-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop", "p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-pae", "p-cpe:/a:novell:opensuse:hdjmod-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:hdjmod-kmp-xen", "p-cpe:/a:novell:opensuse:hdjmod-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:ipset", "p-cpe:/a:novell:opensuse:ipset-debuginfo", "p-cpe:/a:novell:opensuse:ipset-debugsource", "p-cpe:/a:novell:opensuse:ipset-devel", "p-cpe:/a:novell:opensuse:ipset-kmp-default", "p-cpe:/a:novell:opensuse:ipset-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-desktop", "p-cpe:/a:novell:opensuse:ipset-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-pae", "p-cpe:/a:novell:opensuse:ipset-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:ipset-kmp-xen", "p-cpe:/a:novell:opensuse:ipset-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:iscsitarget", "p-cpe:/a:novell:opensuse:iscsitarget-debuginfo", "p-cpe:/a:novell:opensuse:iscsitarget-debugsource", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-default", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen", "p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop", "p-cpe:/a:novell:opensuse:kernel-desktop-base", "p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo", "p-cpe:/a:novell:opensuse:kernel-desktop-debugsource", "p-cpe:/a:novell:opensuse:kernel-desktop-devel", "p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-ec2", "p-cpe:/a:novell:opensuse:kernel-ec2-base", "p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo", "p-cpe:/a:novell:opensuse:kernel-ec2-debugsource", "p-cpe:/a:novell:opensuse:kernel-ec2-devel", "p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae", "p-cpe:/a:novell:opensuse:kernel-pae-base", "p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debuginfo", "p-cpe:/a:novell:opensuse:kernel-pae-debugsource", "p-cpe:/a:novell:opensuse:kernel-pae-devel", "p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-trace", "p-cpe:/a:novell:opensuse:kernel-trace-base", "p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-trace-debuginfo", "p-cpe:/a:novell:opensuse:kernel-trace-debugsource", "p-cpe:/a:novell:opensuse:kernel-trace-devel", "p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen", "p-cpe:/a:novell:opensuse:kernel-xen-base", "p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debuginfo", "p-cpe:/a:novell:opensuse:kernel-xen-debugsource", "p-cpe:/a:novell:opensuse:kernel-xen-devel", "p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo", "p-cpe:/a:novell:opensuse:libipset3", "p-cpe:/a:novell:opensuse:libipset3-debuginfo", "p-cpe:/a:novell:opensuse:ndiswrapper", "p-cpe:/a:novell:opensuse:ndiswrapper-debuginfo", "p-cpe:/a:novell:opensuse:ndiswrapper-debugsource", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae", "p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock", "p-cpe:/a:novell:opensuse:pcfclock-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-debugsource", "p-cpe:/a:novell:opensuse:pcfclock-kmp-default", "p-cpe:/a:novell:opensuse:pcfclock-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop", "p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:pcfclock-kmp-pae", "p-cpe:/a:novell:opensuse:pcfclock-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:python-virtualbox", "p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-debugsource", "p-cpe:/a:novell:opensuse:vhba-kmp-default", "p-cpe:/a:novell:opensuse:vhba-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-desktop", "p-cpe:/a:novell:opensuse:vhba-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-pae", "p-cpe:/a:novell:opensuse:vhba-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:vhba-kmp-xen", "p-cpe:/a:novell:opensuse:vhba-kmp-xen-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox", "p-cpe:/a:novell:opensuse:virtualbox-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-debugsource", "p-cpe:/a:novell:opensuse:virtualbox-devel", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae", "p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools", "p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11", "p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae", "p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-host-source", "p-cpe:/a:novell:opensuse:virtualbox-qt", "p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo", "p-cpe:/a:novell:opensuse:virtualbox-websrv", "p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo", "p-cpe:/a:novell:opensuse:xen", "p-cpe:/a:novell:opensuse:xen-debugsource", "p-cpe:/a:novell:opensuse:xen-devel", "p-cpe:/a:novell:opensuse:xen-doc-html", "p-cpe:/a:novell:opensuse:xen-kmp-default", "p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:xen-kmp-desktop", "p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:xen-kmp-pae", "p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs", "p-cpe:/a:novell:opensuse:xen-libs-32bit", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo", "p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit", "p-cpe:/a:novell:opensuse:xen-tools", "p-cpe:/a:novell:opensuse:xen-tools-debuginfo", "p-cpe:/a:novell:opensuse:xen-tools-domU", "p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo", "p-cpe:/a:novell:opensuse:xen-xend-tools", "p-cpe:/a:novell:opensuse:xen-xend-tools-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons", "p-cpe:/a:novell:opensuse:xtables-addons-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-debugsource", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-default", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-default-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae-debuginfo", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen", "p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen-debuginfo", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2016-124.NASL", "href": "https://www.tenable.com/plugins/nessus/88545", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-124.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(88545);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-2568\", \"CVE-2014-8133\", \"CVE-2014-8989\", \"CVE-2014-9090\", \"CVE-2014-9419\", \"CVE-2014-9529\", \"CVE-2014-9683\", \"CVE-2014-9715\", \"CVE-2014-9728\", \"CVE-2014-9729\", \"CVE-2014-9730\", \"CVE-2014-9731\", \"CVE-2015-0272\", \"CVE-2015-0777\", \"CVE-2015-1420\", \"CVE-2015-1421\", \"CVE-2015-2041\", \"CVE-2015-2042\", \"CVE-2015-2150\", \"CVE-2015-2666\", \"CVE-2015-2830\", \"CVE-2015-2922\", \"CVE-2015-2925\", \"CVE-2015-3212\", \"CVE-2015-3339\", \"CVE-2015-3636\", \"CVE-2015-4001\", \"CVE-2015-4002\", \"CVE-2015-4003\", \"CVE-2015-4004\", \"CVE-2015-4036\", \"CVE-2015-4167\", \"CVE-2015-4692\", \"CVE-2015-4700\", \"CVE-2015-5157\", \"CVE-2015-5283\", \"CVE-2015-5307\", \"CVE-2015-5364\", \"CVE-2015-5366\", \"CVE-2015-5707\", \"CVE-2015-6937\", \"CVE-2015-7550\", \"CVE-2015-7799\", \"CVE-2015-7833\", \"CVE-2015-7872\", \"CVE-2015-7885\", \"CVE-2015-7990\", \"CVE-2015-8104\", \"CVE-2015-8215\", \"CVE-2015-8543\", \"CVE-2015-8550\", \"CVE-2015-8551\", \"CVE-2015-8552\", \"CVE-2015-8569\", \"CVE-2015-8575\", \"CVE-2015-8767\", \"CVE-2016-0728\");\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2016-124)\");\n script_summary(english:\"Check for the openSUSE-2016-124 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The openSUSE 13.1 kernel was updated to receive various security and\nbugfixes.\n\nFollowing security bugs were fixed :\n\n - CVE-2016-0728: A reference leak in keyring handling with\n join_session_keyring() could lead to local attackers\n gain root privileges. (bsc#962075).\n\n - CVE-2015-7550: A local user could have triggered a race\n between read and revoke in keyctl (bnc#958951).\n\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect\n functions in drivers/net/ppp/pptp.c in the Linux kernel\n did not verify an address length, which allowed local\n users to obtain sensitive information from kernel memory\n and bypass the KASLR protection mechanism via a crafted\n application (bnc#959190).\n\n - CVE-2015-8543: The networking implementation in the\n Linux kernel did not validate protocol identifiers for\n certain protocol families, which allowed local users to\n cause a denial of service (NULL function pointer\n dereference and system crash) or possibly gain\n privileges by leveraging CLONE_NEWUSER support to\n execute a crafted SOCK_RAW application (bnc#958886).\n\n - CVE-2014-8989: The Linux kernel did not properly\n restrict dropping of supplemental group memberships in\n certain namespace scenarios, which allowed local users\n to bypass intended file permissions by leveraging a\n POSIX ACL containing an entry for the group category\n that is more restrictive than the entry for the other\n category, aka a 'negative groups' issue, related to\n kernel/groups.c, kernel/uid16.c, and\n kernel/user_namespace.c (bnc#906545).\n\n - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux\n kernel on the x86_64 platform mishandles IRET faults in\n processing NMIs that occurred during userspace\n execution, which might allow local users to gain\n privileges by triggering an NMI (bnc#937969).\n\n - CVE-2015-7799: The slhc_init function in\n drivers/net/slip/slhc.c in the Linux kernel through\n 4.2.3 did not ensure that certain slot numbers are\n valid, which allowed local users to cause a denial of\n service (NULL pointer dereference and system crash) via\n a crafted PPPIOCSMAXCID ioctl call (bnc#949936).\n\n - CVE-2015-8104: The KVM subsystem in the Linux kernel\n through 4.2.6, and Xen 4.3.x through 4.6.x, allowed\n guest OS users to cause a denial of service (host OS\n panic or hang) by triggering many #DB (aka Debug)\n exceptions, related to svm.c (bnc#954404).\n\n - CVE-2015-5307: The KVM subsystem in the Linux kernel\n through 4.2.6, and Xen 4.3.x through 4.6.x, allowed\n guest OS users to cause a denial of service (host OS\n panic or hang) by triggering many #AC (aka Alignment\n Check) exceptions, related to svm.c and vmx.c\n (bnc#953527).\n\n - CVE-2014-9529: Race condition in the key_gc_unused_keys\n function in security/keys/gc.c in the Linux kernel\n allowed local users to cause a denial of service (memory\n corruption or panic) or possibly have unspecified other\n impact via keyctl commands that trigger access to a key\n structure member during garbage collection of a key\n (bnc#912202).\n\n - CVE-2015-7990: Race condition in the rds_sendmsg\n function in net/rds/sendmsg.c in the Linux kernel\n allowed local users to cause a denial of service (NULL\n pointer dereference and system crash) or possibly have\n unspecified other impact by using a socket that was not\n properly bound. NOTE: this vulnerability exists because\n of an incomplete fix for CVE-2015-6937 (bnc#952384\n 953052).\n\n - CVE-2015-6937: The __rds_conn_create function in\n net/rds/connection.c in the Linux kernel allowed local\n users to cause a denial of service (NULL pointer\n dereference and system crash) or possibly have\n unspecified other impact by using a socket that was not\n properly bound (bnc#945825).\n\n - CVE-2015-7885: The dgnc_mgmt_ioctl function in\n drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel\n through 4.3.3 did not initialize a certain structure\n member, which allowed local users to obtain sensitive\n information from kernel memory via a crafted application\n (bnc#951627).\n\n - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in\n the Linux kernel did not validate attempted changes to\n the MTU value, which allowed context-dependent attackers\n to cause a denial of service (packet loss) via a value\n that is (1) smaller than the minimum compliant value or\n (2) larger than the MTU of an interface, as demonstrated\n by a Router Advertisement (RA) message that is not\n validated by a daemon, a different vulnerability than\n CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is\n limited to the NetworkManager product (bnc#955354).\n\n - CVE-2015-8767: A case can occur when sctp_accept() is\n called by the user during a heartbeat timeout event\n after the 4-way handshake. Since sctp_assoc_migrate()\n changes both assoc->base.sk and assoc->ep, the\n bh_sock_lock in sctp_generate_heartbeat_event() will be\n taken with the listening socket but released with the\n new association socket. The result is a deadlock on any\n future attempts to take the listening socket lock.\n (bsc#961509)\n\n - CVE-2015-8575: Validate socket address length in\n sco_sock_bind() to prevent information leak\n (bsc#959399).\n\n - CVE-2015-8551, CVE-2015-8552: xen/pciback: For\n XEN_PCI_OP_disable_msi[|x] only disable if device has\n MSI(X) enabled (bsc#957990).\n\n - CVE-2015-8550: Compiler optimizations in the XEN PV\n backend drivers could have lead to double fetch\n vulnerabilities, causing denial of service or arbitrary\n code execution (depending on the configuration)\n (bsc#957988).\n\nThe following non-security bugs were fixed :\n\n - ALSA: hda - Disable 64bit address for Creative HDA\n controllers (bnc#814440).\n\n - ALSA: hda - Fix noise problems on Thinkpad T440s\n (boo#958504).\n\n - Input: aiptek - fix crash on detecting device without\n endpoints (bnc#956708).\n\n - KEYS: Make /proc/keys unconditional if CONFIG_KEYS=y\n (boo#956934).\n\n - KVM: x86: update masterclock values on TSC writes\n (bsc#961739).\n\n - NFS: Fix a NULL pointer dereference of migration\n recovery ops for v4.2 client (bsc#960839).\n\n - apparmor: allow SYS_CAP_RESOURCE to be sufficient to\n prlimit another task (bsc#921949).\n\n - blktap: also call blkif_disconnect() when frontend\n switched to closed (bsc#952976).\n\n - blktap: refine mm tracking (bsc#952976).\n\n - cdrom: Random writing support for BD-RE media\n (bnc#959568).\n\n - genksyms: Handle string literals with spaces in\n reference files (bsc#958510).\n\n - ipv4: Do not increase PMTU with Datagram Too Big message\n (bsc#955224).\n\n - ipv6: distinguish frag queues by device for multicast\n and link-local packets (bsc#955422).\n\n - ipv6: fix tunnel error handling (bsc#952579).\n\n - route: Use ipv4_mtu instead of raw rt_pmtu (bsc#955224).\n\n - uas: Add response iu handling (bnc#954138).\n\n - usbvision fix overflow of interfaces array (bnc#950998).\n\n - x86/evtchn: make use of PHYSDEVOP_map_pirq.\n\n - xen/pciback: Do not allow MSI-X ops if\n PCI_COMMAND_MEMORY is not set (bsc#957990 XSA-157).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=814440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=851610\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=869564\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=873385\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=906545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=907818\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=909077\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=909477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=911326\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=912202\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=915517\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=915577\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=917830\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=918333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=919007\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=919018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=919463\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=919596\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=921313\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=921949\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=922583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=922936\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=922944\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=926238\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=926240\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=927780\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=927786\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=928130\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=929525\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=930399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=931988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=932348\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=933896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=933904\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=933907\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=933934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=935542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=935705\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=936502\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=936831\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=937032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=937033\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=937969\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=938706\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=940338\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=944296\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=945825\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=947155\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=949936\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=950998\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=951194\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=951440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=951627\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=952384\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=952579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=952976\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=953052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=953527\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=954138\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=954404\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=955224\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=955354\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=955422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=956708\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=956934\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=957988\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=957990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=958504\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=958510\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=958886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=958951\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=959190\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=959399\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=959568\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=960839\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=961509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=961739\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=962075\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected the Linux Kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:cloop-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-eppic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-eppic-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-gcore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-gcore-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:crash-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:hdjmod-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ipset-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:iscsitarget-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-desktop-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-ec2-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-pae-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-trace-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-xen-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libipset3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libipset3-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ndiswrapper-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:pcfclock-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vhba-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-guest-x11-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-host-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-qt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:virtualbox-websrv-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-libs-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-tools-domU-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-xend-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xen-xend-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-desktop-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-pae-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:xtables-addons-kmp-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/02/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-2.639-11.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-debuginfo-2.639-11.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-debugsource-2.639-11.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-default-2.639_k3.11.10_34-11.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-default-debuginfo-2.639_k3.11.10_34-11.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-desktop-2.639_k3.11.10_34-11.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-desktop-debuginfo-2.639_k3.11.10_34-11.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-pae-2.639_k3.11.10_34-11.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-pae-debuginfo-2.639_k3.11.10_34-11.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-xen-2.639_k3.11.10_34-11.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"cloop-kmp-xen-debuginfo-2.639_k3.11.10_34-11.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-7.0.2-2.23.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-debuginfo-7.0.2-2.23.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-debugsource-7.0.2-2.23.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-devel-7.0.2-2.23.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-eppic-7.0.2-2.23.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-eppic-debuginfo-7.0.2-2.23.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-gcore-7.0.2-2.23.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-gcore-debuginfo-7.0.2-2.23.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-default-7.0.2_k3.11.10_34-2.23.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-default-debuginfo-7.0.2_k3.11.10_34-2.23.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-desktop-7.0.2_k3.11.10_34-2.23.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-desktop-debuginfo-7.0.2_k3.11.10_34-2.23.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-pae-7.0.2_k3.11.10_34-2.23.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-pae-debuginfo-7.0.2_k3.11.10_34-2.23.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-xen-7.0.2_k3.11.10_34-2.23.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"crash-kmp-xen-debuginfo-7.0.2_k3.11.10_34-2.23.7\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-debugsource-1.28-16.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-default-1.28_k3.11.10_34-16.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-default-debuginfo-1.28_k3.11.10_34-16.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-desktop-1.28_k3.11.10_34-16.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-desktop-debuginfo-1.28_k3.11.10_34-16.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-pae-1.28_k3.11.10_34-16.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-pae-debuginfo-1.28_k3.11.10_34-16.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-xen-1.28_k3.11.10_34-16.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"hdjmod-kmp-xen-debuginfo-1.28_k3.11.10_34-16.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-6.21.1-2.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-debuginfo-6.21.1-2.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-debugsource-6.21.1-2.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-devel-6.21.1-2.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-default-6.21.1_k3.11.10_34-2.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-default-debuginfo-6.21.1_k3.11.10_34-2.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-desktop-6.21.1_k3.11.10_34-2.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-desktop-debuginfo-6.21.1_k3.11.10_34-2.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-pae-6.21.1_k3.11.10_34-2.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-pae-debuginfo-6.21.1_k3.11.10_34-2.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-xen-6.21.1_k3.11.10_34-2.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ipset-kmp-xen-debuginfo-6.21.1_k3.11.10_34-2.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-1.4.20.3-13.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-debuginfo-1.4.20.3-13.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-debugsource-1.4.20.3-13.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-default-1.4.20.3_k3.11.10_34-13.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-default-debuginfo-1.4.20.3_k3.11.10_34-13.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-desktop-1.4.20.3_k3.11.10_34-13.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-desktop-debuginfo-1.4.20.3_k3.11.10_34-13.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-pae-1.4.20.3_k3.11.10_34-13.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-pae-debuginfo-1.4.20.3_k3.11.10_34-13.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-xen-1.4.20.3_k3.11.10_34-13.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"iscsitarget-kmp-xen-debuginfo-1.4.20.3_k3.11.10_34-13.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-base-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-base-debuginfo-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-debuginfo-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-debugsource-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-devel-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-default-devel-debuginfo-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-devel-3.11.10-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-source-3.11.10-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-source-vanilla-3.11.10-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"kernel-syms-3.11.10-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libipset3-6.21.1-2.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libipset3-debuginfo-6.21.1-2.27.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-1.58-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-debuginfo-1.58-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-debugsource-1.58-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-default-1.58_k3.11.10_34-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-default-debuginfo-1.58_k3.11.10_34-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-desktop-1.58_k3.11.10_34-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-desktop-debuginfo-1.58_k3.11.10_34-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-pae-1.58_k3.11.10_34-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"ndiswrapper-kmp-pae-debuginfo-1.58_k3.11.10_34-23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-0.44-258.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-debuginfo-0.44-258.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-debugsource-0.44-258.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-default-0.44_k3.11.10_34-258.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-default-debuginfo-0.44_k3.11.10_34-258.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-desktop-0.44_k3.11.10_34-258.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-desktop-debuginfo-0.44_k3.11.10_34-258.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-pae-0.44_k3.11.10_34-258.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"pcfclock-kmp-pae-debuginfo-0.44_k3.11.10_34-258.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-virtualbox-4.2.36-2.56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"python-virtualbox-debuginfo-4.2.36-2.56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-debugsource-20130607-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-default-20130607_k3.11.10_34-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-default-debuginfo-20130607_k3.11.10_34-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-desktop-20130607_k3.11.10_34-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-desktop-debuginfo-20130607_k3.11.10_34-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-pae-20130607_k3.11.10_34-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-pae-debuginfo-20130607_k3.11.10_34-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-xen-20130607_k3.11.10_34-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vhba-kmp-xen-debuginfo-20130607_k3.11.10_34-2.24.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-4.2.36-2.56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-debuginfo-4.2.36-2.56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-debugsource-4.2.36-2.56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-devel-4.2.36-2.56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-default-4.2.36_k3.11.10_34-2.56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-default-debuginfo-4.2.36_k3.11.10_34-2.56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-desktop-4.2.36_k3.11.10_34-2.56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-desktop-debuginfo-4.2.36_k3.11.10_34-2.56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-pae-4.2.36_k3.11.10_34-2.56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-kmp-pae-debuginfo-4.2.36_k3.11.10_34-2.56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-tools-4.2.36-2.56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-tools-debuginfo-4.2.36-2.56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-x11-4.2.36-2.56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-guest-x11-debuginfo-4.2.36-2.56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-default-4.2.36_k3.11.10_34-2.56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-default-debuginfo-4.2.36_k3.11.10_34-2.56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-desktop-4.2.36_k3.11.10_34-2.56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-desktop-debuginfo-4.2.36_k3.11.10_34-2.56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-pae-4.2.36_k3.11.10_34-2.56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-kmp-pae-debuginfo-4.2.36_k3.11.10_34-2.56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-host-source-4.2.36-2.56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-qt-4.2.36-2.56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-qt-debuginfo-4.2.36-2.56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-websrv-4.2.36-2.56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"virtualbox-websrv-debuginfo-4.2.36-2.56.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-debugsource-4.3.4_10-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-devel-4.3.4_10-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-default-4.3.4_10_k3.11.10_34-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-default-debuginfo-4.3.4_10_k3.11.10_34-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-desktop-4.3.4_10_k3.11.10_34-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-desktop-debuginfo-4.3.4_10_k3.11.10_34-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-pae-4.3.4_10_k3.11.10_34-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-kmp-pae-debuginfo-4.3.4_10_k3.11.10_34-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-libs-4.3.4_10-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-libs-debuginfo-4.3.4_10-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-tools-domU-4.3.4_10-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xen-tools-domU-debuginfo-4.3.4_10-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-2.3-2.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-debuginfo-2.3-2.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-debugsource-2.3-2.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-default-2.3_k3.11.10_34-2.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-default-debuginfo-2.3_k3.11.10_34-2.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-desktop-2.3_k3.11.10_34-2.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-desktop-debuginfo-2.3_k3.11.10_34-2.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-pae-2.3_k3.11.10_34-2.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-pae-debuginfo-2.3_k3.11.10_34-2.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-xen-2.3_k3.11.10_34-2.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"xtables-addons-kmp-xen-debuginfo-2.3_k3.11.10_34-2.23.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-base-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-base-debuginfo-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-debugsource-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-devel-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-debug-devel-debuginfo-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-base-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-base-debuginfo-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-debuginfo-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-debugsource-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-devel-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-desktop-devel-debuginfo-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-3.11.10-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-base-3.11.10-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-base-debuginfo-3.11.10-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-debuginfo-3.11.10-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-debugsource-3.11.10-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-devel-3.11.10-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-ec2-devel-debuginfo-3.11.10-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-base-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-base-debuginfo-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-debuginfo-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-debugsource-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-devel-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-pae-devel-debuginfo-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-base-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-base-debuginfo-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-debuginfo-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-debugsource-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-devel-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-trace-devel-debuginfo-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-debuginfo-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-debugsource-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-devel-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-vanilla-devel-debuginfo-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-base-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-base-debuginfo-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-debuginfo-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-debugsource-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-devel-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"i686\", reference:\"kernel-xen-devel-debuginfo-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-base-debuginfo-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-debugsource-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-debug-devel-debuginfo-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-base-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-base-debuginfo-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-debuginfo-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-debugsource-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-devel-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-desktop-devel-debuginfo-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-3.11.10-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.11.10-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-base-debuginfo-3.11.10-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debuginfo-3.11.10-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-debugsource-3.11.10-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.11.10-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-debuginfo-3.11.10-34.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-base-debuginfo-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-debuginfo-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-debugsource-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-pae-devel-debuginfo-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-base-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-base-debuginfo-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-debuginfo-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-debugsource-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-devel-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-trace-devel-debuginfo-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debuginfo-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-debugsource-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-vanilla-devel-debuginfo-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-debuginfo-3.11.10-34.2\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-4.3.4_10-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-doc-html-4.3.4_10-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-libs-32bit-4.3.4_10-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-libs-debuginfo-32bit-4.3.4_10-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-tools-4.3.4_10-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-tools-debuginfo-4.3.4_10-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-xend-tools-4.3.4_10-57.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", cpu:\"x86_64\", reference:\"xen-xend-tools-debuginfo-4.3.4_10-57.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cloop / cloop-debuginfo / cloop-debugsource / cloop-kmp-default / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cloudfoundry": [{"lastseen": "2019-05-29T18:32:53", "description": "USN-3001-1 Linux kernel (Vivid HWE) vulnerabilities\n\n# \n\nHigh\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 14.04 LTS \n\n# Description\n\nJustin Yackoski discovered that the Atheros L2 Ethernet Driver in the Linux kernel incorrectly enables scatter/gather I/O. A remote attacker could use this to obtain potentially sensitive information from kernel memory. ([CVE-2016-2117](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2117.html>))\n\nJann Horn discovered that eCryptfs improperly attempted to use the mmap() handler of a lower filesystem that did not implement one, causing a recursive page fault to occur. A local unprivileged attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. ([CVE-2016-1583](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1583.html>))\n\nJason A. Donenfeld discovered multiple out-of-bounds reads in the OZMO USB over wifi device drivers in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or obtain potentially sensitive information from kernel memory. ([CVE-2015-4004](<http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-4004.html>))\n\nRalf Spenneberg discovered that the Linux kernel\u2019s GTCO digitizer USB device driver did not properly validate endpoint descriptors. An attacker with physical access could use this to cause a denial of service (system crash). ([CVE-2016-2187](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2187.html>))\n\nHector Marco and Ismael Ripoll discovered that the Linux kernel would improperly disable Address Space Layout Randomization (ASLR) for x86 processes running in 32 bit mode if stack-consumption resource limits were disabled. A local attacker could use this to make it easier to exploit an existing vulnerability in a setuid/setgid program. ([CVE-2016-3672](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3672.html>))\n\nAndrey Konovalov discovered that the CDC Network Control Model USB driver in the Linux kernel did not cancel work events queued if a later error occurred, resulting in a use-after-free. An attacker with physical access could use this to cause a denial of service (system crash). ([CVE-2016-3951](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3951.html>))\n\nIt was discovered that an out-of-bounds write could occur when handling incoming packets in the USB/IP implementation in the Linux kernel. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. ([CVE-2016-3955](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3955.html>))\n\nVitaly Kuznetsov discovered that the Linux kernel did not properly suppress hugetlbfs support in X86 paravirtualized guests. An attacker in the guest OS could cause a denial of service (guest system crash). ([CVE-2016-3961](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3961.html>))\n\nKangjie Lu discovered an information leak in the ANSI/IEEE 802.2 LLC type 2 Support implementations in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. ([CVE-2016-4485](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4485.html>))\n\nKangjie Lu discovered an information leak in the routing netlink socket interface (rtnetlink) implementation in the Linux kernel. A local attacker could use this to obtain potentially sensitive information from kernel memory. ([CVE-2016-4486](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4486.html>))\n\nJann Horn discovered that the InfiniBand interfaces within the Linux kernel could be coerced into overwriting kernel memory. A local unprivileged attacker could use this to possibly gain administrative privileges on systems where InifiniBand related kernel modules are loaded. ([CVE-2016-4565](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4565.html>))\n\nIt was discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local unprivileged attacker could use this to cause a denial of service (system crash). ([CVE-2016-4581](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-4581.html>))\n\n# Affected Products and Versions\n\n_Severity is high unless otherwise noted. \n_\n\n * Cloud Foundry BOSH stemcells 3146.1 versions prior to 3146.15 AND other versions prior to 3232.7 are vulnerable \n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * The Cloud Foundry project recommends that Cloud Foundry upgrade BOSH stemcell 3146.x versions to 3146.16 OR other versions to 3232.8\n\n# Credit\n\nJustin Yackoski, Jann Horn, Jason A. Donenfeld, Ralf Spenneberg, Hector Marco and Ismael Ripoll, Andrey Konovalov, Vitaly Kuznetsov, Kangjie Lu\n\n# References\n\n * <http://www.ubuntu.com/usn/usn-3001-1/>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-06-15T00:00:00", "type": "cloudfoundry", "title": "USN-3001-1 Linux kernel (Vivid HWE) vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3961", "CVE-2016-4581", "CVE-2016-4486", "CVE-2015-4004", "CVE-2016-2187", "CVE-2016-1583", "CVE-2016-3951", "CVE-2016-3955", "CVE-2016-4485", "CVE-2016-2117", "CVE-2016-4565", "CVE-2016-3672"], "modified": "2016-06-15T00:00:00", "id": "CFOUNDRY:6D0A7CF1EF35A1C96485B4FC10A51978", "href": "https://www.cloudfoundry.org/blog/usn-3001-1/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2021-06-08T18:42:28", "description": "The openSUSE 13.1 kernel was updated to receive various security and\n bugfixes.\n\n Following security bugs were fixed:\n - CVE-2016-0728: A reference leak in keyring handling with\n join_session_keyring() could lead to local attackers gain root\n privileges. (bsc#962075).\n - CVE-2015-7550: A local user could have triggered a race between read and\n revoke in keyctl (bnc#958951).\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in\n drivers/net/ppp/pptp.c in the Linux kernel did not verify an address\n length, which allowed local users to obtain sensitive information from\n kernel memory and bypass the KASLR protection mechanism via a crafted\n application (bnc#959190).\n - CVE-2015-8543: The networking implementation in the Linux kernel did not\n validate protocol identifiers for certain protocol families, which\n allowed local users to cause a denial of service (NULL function pointer\n dereference and system crash) or possibly gain privileges by leveraging\n CLONE_NEWUSER support to execute a crafted SOCK_RAW application\n (bnc#958886).\n - CVE-2014-8989: The Linux kernel did not properly restrict dropping\n of supplemental group memberships in certain namespace scenarios, which\n allowed local users to bypass intended file permissions by leveraging a\n POSIX ACL containing an entry for the group category that is more\n restrictive than the entry for the other category, aka a &quot;negative\n groups&quot; issue, related to kernel/groups.c, kernel/uid16.c, and\n kernel/user_namespace.c (bnc#906545).\n - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the\n x86_64 platform mishandles IRET faults in processing NMIs that\n occurred during userspace execution, which might allow local users to\n gain privileges by triggering an NMI (bnc#937969).\n - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the\n Linux kernel through 4.2.3 did not ensure that certain slot numbers are\n valid, which allowed local users to cause a denial of service (NULL\n pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl\n call (bnc#949936).\n - CVE-2015-8104: The KVM subsystem in the Linux kernel through 4.2.6, and\n Xen 4.3.x through 4.6.x, allowed guest OS users to cause a denial\n of service (host OS panic or hang) by triggering many #DB (aka Debug)\n exceptions, related to svm.c (bnc#954404).\n - CVE-2015-5307: The KVM subsystem in the Linux kernel through 4.2.6, and\n Xen 4.3.x through 4.6.x, allowed guest OS users to cause a denial\n of service (host OS panic or hang) by triggering many #AC (aka Alignment\n Check) exceptions, related to svm.c and vmx.c (bnc#953527).\n - CVE-2014-9529: Race condition in the key_gc_unused_keys function in\n security/keys/gc.c in the Linux kernel allowed local users to cause a\n denial of service (memory corruption or panic) or possibly have\n unspecified other impact via keyctl commands that trigger access to a\n key structure member during garbage collection of a key (bnc#912202).\n - CVE-2015-7990: Race condition in the rds_sendmsg function in\n net/rds/sendmsg.c in the Linux kernel allowed local users to cause a\n denial of service (NULL pointer dereference and system crash) or\n possibly have unspecified other impact by using a socket that was not\n properly bound. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2015-6937 (bnc#952384 953052).\n - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in\n the Linux kernel allowed local users to cause a denial of service (NULL\n pointer dereference and system crash) or possibly have unspecified\n other impact by using a socket that was not properly bound (bnc#945825).\n - CVE-2015-7885: The dgnc_mgmt_ioctl function in\n drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 did\n not initialize a certain structure member, which allowed local users to\n obtain sensitive information from kernel memory via a crafted\n application (bnc#951627).\n - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel\n did not validate attempted changes to the MTU value, which allowed\n context-dependent attackers to cause a denial of service (packet loss)\n via a value that is (1) smaller than the minimum compliant value or (2)\n larger than the MTU of an interface, as demonstrated by a Router\n Advertisement (RA) message that is not validated by a daemon, a\n different vulnerability than CVE-2015-0272. NOTE: the scope of\n CVE-2015-0272 is limited to the NetworkManager product (bnc#955354).\n - CVE-2015-8767: A case can occur when sctp_accept() is called by the user\n during a heartbeat timeout event after the 4-way handshake. Since\n sctp_assoc_migrate() changes both assoc-&gt;base.sk and assoc-&gt;ep, the\n bh_sock_lock in sctp_generate_heartbeat_event() will be taken with the\n listening socket but released with the new association socket. The\n result is a deadlock on any future attempts to take the listening socket\n lock. (bsc#961509)\n - CVE-2015-8575: Validate socket address length in sco_sock_bind() to\n prevent information leak (bsc#959399).\n - CVE-2015-8551, CVE-2015-8552: xen/pciback: For\n XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled\n (bsc#957990).\n - CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers\n could have lead to double fetch vulnerabilities, causing denial of\n service or arbitrary code execution (depending on the configuration)\n (bsc#957988).\n\n The following non-security bugs were fixed:\n - ALSA: hda - Disable 64bit address for Creative HDA controllers\n (bnc#814440).\n - ALSA: hda - Fix noise problems on Thinkpad T440s (boo#958504).\n - Input: aiptek - fix crash on detecting device without endpoints\n (bnc#956708).\n - KEYS: Make /proc/keys unconditional if CONFIG_KEYS=y (boo#956934).\n - KVM: x86: update masterclock values on TSC writes (bsc#961739).\n - NFS: Fix a NULL pointer dereference of migration recovery ops for v4.2\n client (bsc#960839).\n - apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another\n task (bsc#921949).\n - blktap: also call blkif_disconnect() when frontend switched to closed\n (bsc#952976).\n - blktap: refine mm tracking (bsc#952976).\n - cdrom: Random writing support for BD-RE media (bnc#959568).\n - genksyms: Handle string literals with spaces in reference files\n (bsc#958510).\n - ipv4: Do not increase PMTU with Datagram Too Big message (bsc#955224).\n - ipv6: distinguish frag queues by device for multicast and link-local\n packets (bsc#955422).\n - ipv6: fix tunnel error handling (bsc#952579).\n - route: Use ipv4_mtu instead of raw rt_pmtu (bsc#955224).\n - uas: Add response iu handling (bnc#954138).\n - usbvision fix overflow of interfaces array (bnc#950998).\n - x86/evtchn: make use of PHYSDEVOP_map_pirq.\n - xen/pciback: Do not allow MSI-X ops if PCI_COMMAND_MEMORY is not set\n (bsc#957990 XSA-157).\n\n", "cvss3": {}, "published": "2016-02-01T16:11:19", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-9715", "CVE-2015-8551", "CVE-2015-2830", "CVE-2015-4003", "CVE-2015-4692", "CVE-2015-2925", "CVE-2014-9529", "CVE-2015-8215", "CVE-2015-1420", "CVE-2014-9090", "CVE-2015-5364", "CVE-2015-4002", "CVE-2015-2922", "CVE-2015-7550", "CVE-2015-3339", "CVE-2014-2568", "CVE-2014-9728", "CVE-2014-8989", "CVE-2015-1421", "CVE-2014-9730", "CVE-2015-4004", "CVE-2015-5366", "CVE-2015-7872", "CVE-2015-5307", "CVE-2015-8550", "CVE-2015-4001", "CVE-2015-8543", "CVE-2016-0728", "CVE-2015-7990", "CVE-2015-0777", "CVE-2014-9729", "CVE-2015-3636", "CVE-2015-7833", "CVE-2015-8767", "CVE-2015-3212", "CVE-2015-7799", "CVE-2014-9683", "CVE-2015-2150", "CVE-2015-5283", "CVE-2015-8575", "CVE-2015-8552", "CVE-2015-4167", "CVE-2015-8569", "CVE-2014-8133", "CVE-2015-2041", "CVE-2014-9419", "CVE-2015-0272", "CVE-2014-9731", "CVE-2015-5707", "CVE-2015-5157", "CVE-2015-7885", "CVE-2015-4036", "CVE-2015-2042", "CVE-2015-6937", "CVE-2015-8104", "CVE-2015-4700", "CVE-2015-2666"], "modified": "2016-02-01T16:11:19", "id": "OPENSUSE-SU-2016:0301-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00000.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}