In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there is a possible use after free due to a race condition when a request has been previously freed by blk_mq_complete_request. This could lead to local escalation of privilege. Product: Android. Versions: Android kernel. Android ID: A-63083046.
{"ubuntucve": [{"lastseen": "2022-08-04T13:50:48", "description": "In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there is a possible\nuse after free due to a race condition when a request has been previously\nfreed by blk_mq_complete_request. This could lead to local escalation of\nprivilege. Product: Android. Versions: Android kernel. Android ID:\nA-63083046.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-04-05T00:00:00", "type": "ubuntucve", "title": "CVE-2015-9016", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-9016"], "modified": "2018-04-05T00:00:00", "id": "UB:CVE-2015-9016", "href": "https://ubuntu.com/security/CVE-2015-9016", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T14:34:28", "description": "In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there is a possible use after free due to a race condition when a request has been previously freed by blk_mq_complete_request. This could lead to local escalation of privilege. Product: Android. Versions: Android kernel. Android ID: A-63083046.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.0, "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-04-05T18:29:00", "type": "cve", "title": "CVE-2015-9016", "cwe": ["CWE-362", "CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-9016"], "modified": "2018-05-03T01:29:00", "cpe": ["cpe:/o:google:android:-"], "id": "CVE-2015-9016", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9016", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:google:android:-:*:*:*:*:*:*:*"]}], "androidsecurity": [{"lastseen": "2022-08-15T18:03:35", "description": "The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2018-02-05 or later address all of these issues. To learn how to check a device's security patch level, see [Check and update your Android version](<https://support.google.com/pixelphone/answer/4457705>). \n\nAndroid partners are notified of all issues at least a month before publication. Source code patches for these issues have been released to the Android Open Source Project (AOSP) repository and linked from this bulletin. This bulletin also includes links to patches outside of AOSP.\n\nThe most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed. \n\nWe have had no reports of active customer exploitation or abuse of these newly reported issues. Refer to the Android and Google Play Protect mitigations section for details on the Android security platform protections and Google Play Protect, which improve the security of the Android platform. \n\n**Note:** Information on the latest over-the-air update (OTA) and firmware images for Google devices is available in the February 2018 Pixel&hairsp;/&hairsp;Nexus Security Bulletin. \n\n## Android and Google service mitigations\n\nThis is a summary of the mitigations provided by the Android security platform and service protections such as [Google Play Protect](<https://www.android.com/play-protect>). These capabilities reduce the likelihood that security vulnerabilities could be successfully exploited on Android. \n\n * Exploitation for many issues on Android is made more difficult by enhancements in newer versions of the Android platform. We encourage all users to update to the latest version of Android where possible.\n * The Android security team actively monitors for abuse through [Google Play Protect](<https://www.android.com/play-protect>) and warns users about Potentially Harmful Applications. Google Play Protect is enabled by default on devices with [Google Mobile Services](<http://www.android.com/gms>), and is especially important for users who install apps from outside of Google Play.\n\n## 2018-02-01 security patch level\u2014Vulnerability details\n\nIn the sections below, we provide details for each of the security vulnerabilities that apply to the 2018-02-01 patch level. Vulnerabilities are grouped under the component that they affect. There is a description of the issue and a table with the CVE, associated references, type of vulnerability, severity, and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID. \n\n### Media framework\n\nThe most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.\n\nCVE | References | Type | Severity | Updated AOSP versions \n---|---|---|---|--- \nCVE-2017-13228 | [ A-69478425](<https://android.googlesource.com/platform/external/libavc/+/04b68a0a51729b655bcd0f5ae5ec20645eeda946>) | RCE | Critical | 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 \nCVE-2017-13231 | [ A-67962232](<https://android.googlesource.com/platform/hardware/interfaces/+/16a3cd0b0729bd53265897cf8c790013156e92ce>) | EoP | High | 8.0, 8.1 \nCVE-2017-13232 | [ A-68953950](<https://android.googlesource.com/platform/frameworks/av/+/6a5d1fc7cbccd85054e56542a633149622effa67>) | ID | High | 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 \nCVE-2017-13230 | [ A-65483665](<https://android.googlesource.com/platform/external/libhevc/+/68e532d83a1b98f6b5e297d71b547ed93a68dfe3>) | DoS | High | 7.0, 7.1.1, 7.1.2, 8.0, 8.1 \nRCE | Critical | 5.1.1, 6.0, 6.0.1 \nCVE-2017-13233 | [ A-62851602](<https://android.googlesource.com/platform/external/libhevc/+/a22314db4e0cfe11ef3e50dac6a13d52f7a595b3>) | DoS | High | 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 \nCVE-2017-13234 | [ A-68159767](<https://android.googlesource.com/platform/external/sonivox/+/33f45caed3b60bf81790e9b76cf82c8e8d6ed902>) | DoS | High | 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1 \n \n### System\n\nThe most severe vulnerability in this section could enable a local malicious application to execute commands normally limited to privileged processes.\n\nCVE | References | Type | Severity | Updated AOSP versions \n---|---|---|---|--- \nCVE-2017-13236 | [ A-68217699](<https://android.googlesource.com/platform/system/security/+/80592e62a6ae095041e95b811ad7066dd44d37f6>) [[2](<https://android.googlesource.com/platform/system/security/+/b49160023ee8f73ce0ac97f9f4604a34ebdecf76>)] | EoP | Moderate | 8.0, 8.1 \n \n## 2018-02-05 security patch level\u2014Vulnerability details\n\nIn the sections below, we provide details for each of the security vulnerabilities that apply to the 2018-02-05 patch level. Vulnerabilities are grouped under the component that they affect and include details such as the CVE, associated references, type of vulnerability, severity, component (where applicable), and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID. \n\n### HTC components\n\nThe most severe vulnerability in this section could enable a local malicious application to obtain unauthorized access to data.\n\nCVE | References | Type | Severity | Component \n---|---|---|---|--- \nCVE-2017-13238 | A-64610940* | ID | High | Bootloader \nCVE-2017-13247 | A-71486645* | EoP | Moderate | Bootloader \n \n### Kernel components\n\nThe most severe vulnerability in this section could enable a local malicious application to execute arbitrary code within the context of a privileged process.\n\nCVE | References | Type | Severity | Component \n---|---|---|---|--- \nCVE-2017-15265 | A-67900971 [ Upstream kernel](<https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/sound/?h=v4.4.103&id=23709ae9b61429502fcd4686e7a97333f3b3544a>) | EoP | High | ALSA \nCVE-2015-9016 | A-63083046 [ Upstream kernel](<https://github.com/torvalds/linux/commit/0048b4837affd153897ed1222283492070027aa9>) | EoP | High | Multi-queue block IO \nCVE-2017-13273 | A-65853158* | EoP | High | Kernel \n \n### NVIDIA components\n\nThe most severe vulnerability in this section could enable a local malicious application to execute arbitrary code within the context of a privileged process.\n\nCVE | References | Type | Severity | Component \n---|---|---|---|--- \nCVE-2017-6279 | A-65023166* N-CVE-2017-6279 | EoP | High | Media framework \nCVE-2017-6258 | A-38027496* N-CVE-2017-6258 | EoP | High | Media framework \n \n### Qualcomm components\n\nThe most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.\n\nCVE | References | Type | Severity | Component \n---|---|---|---|--- \nCVE-2017-15860 | A-68992416 [ QC-CR#2082544](<https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=71331327ac389bff7d5af2707c4325e5b7949013>) [[2](<https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=a6afff2717791ceb281354833d4489123ae62605>)] | RCE | Critical | WLan \nCVE-2017-11041 | A-35269676* QC-CR#2053101 | EoP | High | Media framework \nCVE-2017-17767 | A-64750179* QC-CR#2115779 | EoP | High | Media framework \nCVE-2017-17765 | A-68992445 [ QC-CR#2115112](<https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=66e561b0c7fff54e8cacd87d2b7d9bb3eef4f13b>) | EoP | High | WLan \nCVE-2017-15862 | A-68992439 [ QC-CR#2114426](<https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=41ee23cd0972ef2ed47dd76eb7cd44a0268e4f9f>) | EoP | High | WLan \nCVE-2017-14884 | A-68992429 [ QC-CR#2113052](<https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=0ce15ef4075719a82858b7324690be7011cab832>) | EoP | High | WLan \nCVE-2017-15829 | A-68992397 [ QC-CR#2097917](<https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=c1b60e554e158bfcf6932ed2c543c309236e0f79>) | EoP | High | Graphics_Linux \nCVE-2017-15820 | A-68992396 [ QC-CR#2093377](<https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=7599c5b7d87248b4772d6c4b70ccb922704c8095>) | EoP | High | Graphics_Linux \nCVE-2017-17764 | A-68992443 [ QC-CR#2114789](<https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=f451565c052a0322565225515f46be677c0d1b18>) | EoP | High | WLan \nCVE-2017-15861 | A-68992434 [ QC-CR#2114187](<https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=13e3a516935a0dd90a7bc39e51c30c1592c548b7>) | EoP | High | WLan \n \n### Qualcomm closed-source components\n\nThese vulnerabilities affect Qualcomm components and are described in further detail in the appropriate Qualcomm AMSS security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm.\n\nCVE | References | Type | Severity | Component \n---|---|---|---|--- \nCVE-2017-14910 | A-62212114* | N/A | High | Closed-source component \n \n## Common questions and answers\n\nThis section answers common questions that may occur after reading this bulletin.\n\n**1\\. How do I determine if my device is updated to address these issues? **\n\nTo learn how to check a device's security patch level, see [Check and update your Android version](<https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices>).\n\n * Security patch levels of 2018-02-01 or later address all issues associated with the 2018-02-01 security patch level.\n * Security patch levels of 2018-02-05 or later address all issues associated with the 2018-02-05 security patch level and all previous patch levels.\n\nDevice manufacturers that include these updates should set the patch string level to: \n\n * [ro.build.version.security_patch]:[2018-02-01]\n * [ro.build.version.security_patch]:[2018-02-05]\n\n**2\\. Why does this bulletin have two security patch levels?**\n\nThis bulletin has two security patch levels so that Android partners have the flexibility to fix a subset of vulnerabilities that are similar across all Android devices more quickly. Android partners are encouraged to fix all issues in this bulletin and use the latest security patch level. \n\n * Devices that use the 2018-02-01 security patch level must include all issues associated with that security patch level, as well as fixes for all issues reported in previous security bulletins.\n * Devices that use the security patch level of 2018-02-05 or newer must include all applicable patches in this (and previous) security bulletins.\n\nPartners are encouraged to bundle the fixes for all issues they are addressing in a single update. \n\n**3\\. What do the entries in the _Type_ column mean?**\n\nEntries in the _Type_ column of the vulnerability details table reference the classification of the security vulnerability. \n\nAbbreviation | Definition \n---|--- \nRCE | Remote code execution \nEoP | Elevation of privilege \nID | Information disclosure \nDoS | Denial of service \nN/A | Classification not available \n \n**4\\. What do the entries in the _References_ column mean?**\n\nEntries under the _References_ column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs. \n\nPrefix | Reference \n---|--- \nA- | Android bug ID \nQC- | Qualcomm reference number \nM- | MediaTek reference number \nN- | NVIDIA reference number \nB- | Broadcom reference number \n \n**5\\. What does a * next to the Android bug ID in the _References_ column mean?**\n\nIssues that are not publicly available have a * next to the Android bug ID in the _References_ column. The update for that issue is generally contained in the latest binary drivers for Nexus devices available from the [Google Developer site](<https://developers.google.com/android/nexus/drivers>). \n\n**6\\. Why are security vulnerabilities split between this bulletin and device/partner security bulletins, such as the Pixel / Nexus bulletin?**\n\nSecurity vulnerabilities that are documented in this security bulletin are required in order to declare the latest security patch level on Android devices. Additional security vulnerabilities that are documented in the device/partner security bulletins are not required for declaring a security patch level. Android device and chipset manufacturers are encouraged to document the presence of other fixes on their devices through their own security websites, such as the [Samsung](<https://security.samsungmobile.com/securityUpdate.smsb>), [LGE](<https://lgsecurity.lge.com/security_updates.html>), or Pixel&hairsp;/&hairsp;Nexus security bulletins. \n\n## Versions\n\nVersion | Date | Notes \n---|---|--- \n1.0 | February 5, 2018 | Bulletin published. \n1.1 | February 7, 2018 | Bulletin revise to include AOSP links. \n1.2 | February 14, 2018 | Corrected CVE numbers for CVE-2017-13273, CVE-2017-15860, CVE-2017-15861 and CVE-2017-15862. \n1.3 | April 2, 2018 | Moved CVE-2017-15817 from the February Android Bulletin to the February Pixel Bulletin.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-02-05T00:00:00", "type": "androidsecurity", "title": "Android Security Bulletin\u2014February 2018", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-9016", "CVE-2017-11041", "CVE-2017-13228", "CVE-2017-13230", "CVE-2017-13231", "CVE-2017-13232", "CVE-2017-13233", "CVE-2017-13234", "CVE-2017-13236", "CVE-2017-13238", "CVE-2017-13247", "CVE-2017-13273", "CVE-2017-14884", "CVE-2017-14910", "CVE-2017-15265", "CVE-2017-15817", "CVE-2017-15820", "CVE-2017-15829", "CVE-2017-15860", "CVE-2017-15861", "CVE-2017-15862", "CVE-2017-17764", "CVE-2017-17765", "CVE-2017-17767", "CVE-2017-6258", "CVE-2017-6279"], "modified": "2018-04-02T00:00:00", "id": "ANDROID:2018-02-01", "href": "https://source.android.com/docs/security/bulletin/2018-02-01", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2021-10-21T21:28:00", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4187-1 security@debian.org\nhttps://www.debian.org/security/ Ben Hutchings\nMay 01, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2015-9016 CVE-2017-0861 CVE-2017-5715 CVE-2017-5753\n CVE-2017-13166 CVE-2017-13220 CVE-2017-16526 CVE-2017-16911\n CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-18017\n CVE-2017-18203 CVE-2017-18216 CVE-2017-18232 CVE-2017-18241\n CVE-2018-1066 CVE-2018-1068 CVE-2018-1092 CVE-2018-5332\n CVE-2018-5333 CVE-2018-5750 CVE-2018-5803 CVE-2018-6927\n CVE-2018-7492 CVE-2018-7566 CVE-2018-7740 CVE-2018-7757\n CVE-2018-7995 CVE-2018-8781 CVE-2018-8822 CVE-2018-1000004\n CVE-2018-1000199\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2015-9016\n\n Ming Lei reported a race condition in the multiqueue block layer\n (blk-mq). On a system with a driver using blk-mq (mtip32xx,\n null_blk, or virtio_blk), a local user might be able to use this\n for denial of service or possibly for privilege escalation.\n\nCVE-2017-0861\n\n Robb Glasser reported a potential use-after-free in the ALSA (sound)\n PCM core. We believe this was not possible in practice.\n\nCVE-2017-5715\n\n Multiple researchers have discovered a vulnerability in various\n processors supporting speculative execution, enabling an attacker\n controlling an unprivileged process to read memory from arbitrary\n addresses, including from the kernel and all other processes\n running on the system.\n\n This specific attack has been named Spectre variant 2 (branch\n target injection) and is mitigated for the x86 architecture (amd64\n and i386) by using the "retpoline" compiler feature which allows\n indirect branches to be isolated from speculative execution.\n\nCVE-2017-5753\n\n Multiple researchers have discovered a vulnerability in various\n processors supporting speculative execution, enabling an attacker\n controlling an unprivileged process to read memory from arbitrary\n addresses, including from the kernel and all other processes\n running on the system.\n\n This specific attack has been named Spectre variant 1\n (bounds-check bypass) and is mitigated by identifying vulnerable\n code sections (array bounds checking followed by array access) and\n replacing the array access with the speculation-safe\n array_index_nospec() function.\n\n More use sites will be added over time.\n\nCVE-2017-13166\n\n A bug in the 32-bit compatibility layer of the v4l2 ioctl handling\n code has been found. Memory protections ensuring user-provided\n buffers always point to userland memory were disabled, allowing\n destination addresses to be in kernel space. On a 64-bit kernel a\n local user with access to a suitable video device can exploit this\n to overwrite kernel memory, leading to privilege escalation.\n\nCVE-2017-13220\n\n Al Viro reported that the Bluetooth HIDP implementation could\n dereference a pointer before performing the necessary type check.\n A local user could use this to cause a denial of service.\n\nCVE-2017-16526\n\n Andrey Konovalov reported that the UWB subsystem may dereference\n an invalid pointer in an error case. A local user might be able\n to use this for denial of service.\n\nCVE-2017-16911\n\n Secunia Research reported that the USB/IP vhci_hcd driver exposed\n kernel heap addresses to local users. This information could aid the\n exploitation of other vulnerabilities.\n\nCVE-2017-16912\n\n Secunia Research reported that the USB/IP stub driver failed to\n perform a range check on a received packet header field, leading\n to an out-of-bounds read. A remote user able to connect to the\n USB/IP server could use this for denial of service.\n\nCVE-2017-16913\n\n Secunia Research reported that the USB/IP stub driver failed to\n perform a range check on a received packet header field, leading\n to excessive memory allocation. A remote user able to connect to\n the USB/IP server could use this for denial of service.\n\nCVE-2017-16914\n\n Secunia Research reported that the USB/IP stub driver failed to\n check for an invalid combination of fields in a received packet,\n leading to a null pointer dereference. A remote user able to\n connect to the USB/IP server could use this for denial of service.\n\nCVE-2017-18017\n\n Denys Fedoryshchenko reported that the netfilter xt_TCPMSS module\n failed to validate TCP header lengths, potentially leading to a\n use-after-free. If this module is loaded, it could be used by a\n remote attacker for denial of service or possibly for code\n execution.\n\nCVE-2017-18203\n\n Hou Tao reported that there was a race condition in creation and\n deletion of device-mapper (DM) devices. A local user could\n potentially use this for denial of service.\n\nCVE-2017-18216\n\n Alex Chen reported that the OCFS2 filesystem failed to hold a\n necessary lock during nodemanager sysfs file operations,\n potentially leading to a null pointer dereference. A local user\n could use this for denial of service.\n\nCVE-2017-18232\n\n Jason Yan reported a race condition in the SAS (Serial-Attached\n SCSI) subsystem, between probing and destroying a port. This\n could lead to a deadlock. A physically present attacker could\n use this to cause a denial of service.\n\nCVE-2017-18241\n\n Yunlei He reported that the f2fs implementation does not properly\n initialise its state if the "noflush_merge" mount option is used.\n A local user with access to a filesystem mounted with this option\n could use this to cause a denial of service.\n\nCVE-2018-1066\n\n Dan Aloni reported to Red Hat that the CIFS client implementation\n would dereference a null pointer if the server sent an invalid\n response during NTLMSSP setup negotiation. This could be used\n by a malicious server for denial of service.\n\nCVE-2018-1068\n\n The syzkaller tool found that the 32-bit compatibility layer of\n ebtables did not sufficiently validate offset values. On a 64-bit\n kernel, a local user with the CAP_NET_ADMIN capability (in any user\n namespace) could use this to overwrite kernel memory, possibly\n leading to privilege escalation. Debian disables unprivileged user\n namespaces by default.\n\nCVE-2018-1092\n\n Wen Xu reported that a crafted ext4 filesystem image would\n trigger a null dereference when mounted. A local user able\n to mount arbitrary filesystems could use this for denial of\n service.\n\nCVE-2018-5332\n\n Mohamed Ghannam reported that the RDS protocol did not\n sufficiently validate RDMA requests, leading to an out-of-bounds\n write. A local attacker on a system with the rds module loaded\n could use this for denial of service or possibly for privilege\n escalation.\n\nCVE-2018-5333\n\n Mohamed Ghannam reported that the RDS protocol did not properly\n handle an error case, leading to a null pointer dereference. A\n local attacker on a system with the rds module loaded could\n possibly use this for denial of service.\n\nCVE-2018-5750\n\n Wang Qize reported that the ACPI sbshc driver logged a kernel heap\n address. This information could aid the exploitation of other\n vulnerabilities.\n\nCVE-2018-5803\n\n Alexey Kodanev reported that the SCTP protocol did not range-check\n the length of chunks to be created. A local or remote user could\n use this to cause a denial of service.\n\nCVE-2018-6927\n\n Li Jinyue reported that the FUTEX_REQUEUE operation on futexes did\n not check for negative parameter values, which might lead to a\n denial of service or other security impact.\n\nCVE-2018-7492\n\n The syzkaller tool found that the RDS protocol was lacking a null\n pointer check. A local attacker on a system with the rds module\n loaded could use this for denial of service.\n\nCVE-2018-7566\n\n Fan LongFei reported a race condition in the ALSA (sound)\n sequencer core, between write and ioctl operations. This could\n lead to an out-of-bounds access or use-after-free. A local user\n with access to a sequencer device could use this for denial of\n service or possibly for privilege escalation.\n\nCVE-2018-7740\n\n Nic Losby reported that the hugetlbfs filesystem's mmap operation\n did not properly range-check the file offset. A local user with\n access to files on a hugetlbfs filesystem could use this to cause\n a denial of service.\n\nCVE-2018-7757\n\n Jason Yan reported a memory leak in the SAS (Serial-Attached\n SCSI) subsystem. A local user on a system with SAS devices\n could use this to cause a denial of service.\n\nCVE-2018-7995\n\n Seunghun Han reported a race condition in the x86 MCE\n (Machine Check Exception) driver. This is unlikely to have\n any security impact.\n\nCVE-2018-8781\n\n Eyal Itkin reported that the udl (DisplayLink) driver's mmap\n operation did not properly range-check the file offset. A local\n user with access to a udl framebuffer device could exploit this to\n overwrite kernel memory, leading to privilege escalation.\n\nCVE-2018-8822\n\n Dr Silvio Cesare of InfoSect reported that the ncpfs client\n implementation did not validate reply lengths from the server. An\n ncpfs server could use this to cause a denial of service or\n remote code execution in the client.\n\nCVE-2018-1000004\n\n Luo Quan reported a race condition in the ALSA (sound) sequencer\n core, between multiple ioctl operations. This could lead to a\n deadlock or use-after-free. A local user with access to a\n sequencer device could use this for denial of service or possibly\n for privilege escalation.\n\nCVE-2018-1000199\n\n Andy Lutomirski discovered that the ptrace subsystem did not\n sufficiently validate hardware breakpoint settings. Local users\n can use this to cause a denial of service, or possibly for\n privilege escalation, on x86 (amd64 and i386) and possibly other\n architectures.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 3.16.56-1.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-05-01T17:12:02", "type": "debian", "title": "[SECURITY] [DSA 4187-1] linux security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-9016", "CVE-2017-0861", "CVE-2017-13166", "CVE-2017-13220", "CVE-2017-16526", "CVE-2017-16911", "CVE-2017-16912", "CVE-2017-16913", "CVE-2017-16914", "CVE-2017-18017", "CVE-2017-18203", "CVE-2017-18216", "CVE-2017-18232", "CVE-2017-18241", "CVE-2017-5715", "CVE-2017-5753", "CVE-2018-1000004", "CVE-2018-1000199", "CVE-2018-1066", "CVE-2018-1068", "CVE-2018-1092", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-6927", "CVE-2018-7492", "CVE-2018-7566", "CVE-2018-7740", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8781", "CVE-2018-8822"], "modified": "2018-05-01T17:12:02", "id": "DEBIAN:DSA-4187-1:E8170", "href": "https://lists.debian.org/debian-security-announce/2018/msg00115.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-19T15:28:00", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4187-1 security@debian.org\nhttps://www.debian.org/security/ Ben Hutchings\nMay 01, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2015-9016 CVE-2017-0861 CVE-2017-5715 CVE-2017-5753\n CVE-2017-13166 CVE-2017-13220 CVE-2017-16526 CVE-2017-16911\n CVE-2017-16912 CVE-2017-16913 CVE-2017-16914 CVE-2017-18017\n CVE-2017-18203 CVE-2017-18216 CVE-2017-18232 CVE-2017-18241\n CVE-2018-1066 CVE-2018-1068 CVE-2018-1092 CVE-2018-5332\n CVE-2018-5333 CVE-2018-5750 CVE-2018-5803 CVE-2018-6927\n CVE-2018-7492 CVE-2018-7566 CVE-2018-7740 CVE-2018-7757\n CVE-2018-7995 CVE-2018-8781 CVE-2018-8822 CVE-2018-1000004\n CVE-2018-1000199\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2015-9016\n\n Ming Lei reported a race condition in the multiqueue block layer\n (blk-mq). On a system with a driver using blk-mq (mtip32xx,\n null_blk, or virtio_blk), a local user might be able to use this\n for denial of service or possibly for privilege escalation.\n\nCVE-2017-0861\n\n Robb Glasser reported a potential use-after-free in the ALSA (sound)\n PCM core. We believe this was not possible in practice.\n\nCVE-2017-5715\n\n Multiple researchers have discovered a vulnerability in various\n processors supporting speculative execution, enabling an attacker\n controlling an unprivileged process to read memory from arbitrary\n addresses, including from the kernel and all other processes\n running on the system.\n\n This specific attack has been named Spectre variant 2 (branch\n target injection) and is mitigated for the x86 architecture (amd64\n and i386) by using the "retpoline" compiler feature which allows\n indirect branches to be isolated from speculative execution.\n\nCVE-2017-5753\n\n Multiple researchers have discovered a vulnerability in various\n processors supporting speculative execution, enabling an attacker\n controlling an unprivileged process to read memory from arbitrary\n addresses, including from the kernel and all other processes\n running on the system.\n\n This specific attack has been named Spectre variant 1\n (bounds-check bypass) and is mitigated by identifying vulnerable\n code sections (array bounds checking followed by array access) and\n replacing the array access with the speculation-safe\n array_index_nospec() function.\n\n More use sites will be added over time.\n\nCVE-2017-13166\n\n A bug in the 32-bit compatibility layer of the v4l2 ioctl handling\n code has been found. Memory protections ensuring user-provided\n buffers always point to userland memory were disabled, allowing\n destination addresses to be in kernel space. On a 64-bit kernel a\n local user with access to a suitable video device can exploit this\n to overwrite kernel memory, leading to privilege escalation.\n\nCVE-2017-13220\n\n Al Viro reported that the Bluetooth HIDP implementation could\n dereference a pointer before performing the necessary type check.\n A local user could use this to cause a denial of service.\n\nCVE-2017-16526\n\n Andrey Konovalov reported that the UWB subsystem may dereference\n an invalid pointer in an error case. A local user might be able\n to use this for denial of service.\n\nCVE-2017-16911\n\n Secunia Research reported that the USB/IP vhci_hcd driver exposed\n kernel heap addresses to local users. This information could aid the\n exploitation of other vulnerabilities.\n\nCVE-2017-16912\n\n Secunia Research reported that the USB/IP stub driver failed to\n perform a range check on a received packet header field, leading\n to an out-of-bounds read. A remote user able to connect to the\n USB/IP server could use this for denial of service.\n\nCVE-2017-16913\n\n Secunia Research reported that the USB/IP stub driver failed to\n perform a range check on a received packet header field, leading\n to excessive memory allocation. A remote user able to connect to\n the USB/IP server could use this for denial of service.\n\nCVE-2017-16914\n\n Secunia Research reported that the USB/IP stub driver failed to\n check for an invalid combination of fields in a received packet,\n leading to a null pointer dereference. A remote user able to\n connect to the USB/IP server could use this for denial of service.\n\nCVE-2017-18017\n\n Denys Fedoryshchenko reported that the netfilter xt_TCPMSS module\n failed to validate TCP header lengths, potentially leading to a\n use-after-free. If this module is loaded, it could be used by a\n remote attacker for denial of service or possibly for code\n execution.\n\nCVE-2017-18203\n\n Hou Tao reported that there was a race condition in creation and\n deletion of device-mapper (DM) devices. A local user could\n potentially use this for denial of service.\n\nCVE-2017-18216\n\n Alex Chen reported that the OCFS2 filesystem failed to hold a\n necessary lock during nodemanager sysfs file operations,\n potentially leading to a null pointer dereference. A local user\n could use this for denial of service.\n\nCVE-2017-18232\n\n Jason Yan reported a race condition in the SAS (Serial-Attached\n SCSI) subsystem, between probing and destroying a port. This\n could lead to a deadlock. A physically present attacker could\n use this to cause a denial of service.\n\nCVE-2017-18241\n\n Yunlei He reported that the f2fs implementation does not properly\n initialise its state if the "noflush_merge" mount option is used.\n A local user with access to a filesystem mounted with this option\n could use this to cause a denial of service.\n\nCVE-2018-1066\n\n Dan Aloni reported to Red Hat that the CIFS client implementation\n would dereference a null pointer if the server sent an invalid\n response during NTLMSSP setup negotiation. This could be used\n by a malicious server for denial of service.\n\nCVE-2018-1068\n\n The syzkaller tool found that the 32-bit compatibility layer of\n ebtables did not sufficiently validate offset values. On a 64-bit\n kernel, a local user with the CAP_NET_ADMIN capability (in any user\n namespace) could use this to overwrite kernel memory, possibly\n leading to privilege escalation. Debian disables unprivileged user\n namespaces by default.\n\nCVE-2018-1092\n\n Wen Xu reported that a crafted ext4 filesystem image would\n trigger a null dereference when mounted. A local user able\n to mount arbitrary filesystems could use this for denial of\n service.\n\nCVE-2018-5332\n\n Mohamed Ghannam reported that the RDS protocol did not\n sufficiently validate RDMA requests, leading to an out-of-bounds\n write. A local attacker on a system with the rds module loaded\n could use this for denial of service or possibly for privilege\n escalation.\n\nCVE-2018-5333\n\n Mohamed Ghannam reported that the RDS protocol did not properly\n handle an error case, leading to a null pointer dereference. A\n local attacker on a system with the rds module loaded could\n possibly use this for denial of service.\n\nCVE-2018-5750\n\n Wang Qize reported that the ACPI sbshc driver logged a kernel heap\n address. This information could aid the exploitation of other\n vulnerabilities.\n\nCVE-2018-5803\n\n Alexey Kodanev reported that the SCTP protocol did not range-check\n the length of chunks to be created. A local or remote user could\n use this to cause a denial of service.\n\nCVE-2018-6927\n\n Li Jinyue reported that the FUTEX_REQUEUE operation on futexes did\n not check for negative parameter values, which might lead to a\n denial of service or other security impact.\n\nCVE-2018-7492\n\n The syzkaller tool found that the RDS protocol was lacking a null\n pointer check. A local attacker on a system with the rds module\n loaded could use this for denial of service.\n\nCVE-2018-7566\n\n Fan LongFei reported a race condition in the ALSA (sound)\n sequencer core, between write and ioctl operations. This could\n lead to an out-of-bounds access or use-after-free. A local user\n with access to a sequencer device could use this for denial of\n service or possibly for privilege escalation.\n\nCVE-2018-7740\n\n Nic Losby reported that the hugetlbfs filesystem's mmap operation\n did not properly range-check the file offset. A local user with\n access to files on a hugetlbfs filesystem could use this to cause\n a denial of service.\n\nCVE-2018-7757\n\n Jason Yan reported a memory leak in the SAS (Serial-Attached\n SCSI) subsystem. A local user on a system with SAS devices\n could use this to cause a denial of service.\n\nCVE-2018-7995\n\n Seunghun Han reported a race condition in the x86 MCE\n (Machine Check Exception) driver. This is unlikely to have\n any security impact.\n\nCVE-2018-8781\n\n Eyal Itkin reported that the udl (DisplayLink) driver's mmap\n operation did not properly range-check the file offset. A local\n user with access to a udl framebuffer device could exploit this to\n overwrite kernel memory, leading to privilege escalation.\n\nCVE-2018-8822\n\n Dr Silvio Cesare of InfoSect reported that the ncpfs client\n implementation did not validate reply lengths from the server. An\n ncpfs server could use this to cause a denial of service or\n remote code execution in the client.\n\nCVE-2018-1000004\n\n Luo Quan reported a race condition in the ALSA (sound) sequencer\n core, between multiple ioctl operations. This could lead to a\n deadlock or use-after-free. A local user with access to a\n sequencer device could use this for denial of service or possibly\n for privilege escalation.\n\nCVE-2018-1000199\n\n Andy Lutomirski discovered that the ptrace subsystem did not\n sufficiently validate hardware breakpoint settings. Local users\n can use this to cause a denial of service, or possibly for\n privilege escalation, on x86 (amd64 and i386) and possibly other\n architectures.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 3.16.56-1.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security\ntracker page at:\nhttps://security-tracker.debian.org/tracker/linux\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-05-01T17:12:02", "type": "debian", "title": "[SECURITY] [DSA 4187-1] linux security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-9016", "CVE-2017-0861", "CVE-2017-13166", "CVE-2017-13220", "CVE-2017-16526", "CVE-2017-16911", "CVE-2017-16912", "CVE-2017-16913", "CVE-2017-16914", "CVE-2017-18017", "CVE-2017-18203", "CVE-2017-18216", "CVE-2017-18232", "CVE-2017-18241", "CVE-2017-5715", "CVE-2017-5753", "CVE-2018-1000004", "CVE-2018-1000199", "CVE-2018-1066", "CVE-2018-1068", "CVE-2018-1092", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-6927", "CVE-2018-7492", "CVE-2018-7566", "CVE-2018-7740", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8781", "CVE-2018-8822"], "modified": "2018-05-01T17:12:02", "id": "DEBIAN:DSA-4187-1:481CA", "href": "https://lists.debian.org/debian-security-announce/2018/msg00115.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "osv": [{"lastseen": "2022-07-21T08:24:01", "description": "\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\n\n* [CVE-2015-9016](https://security-tracker.debian.org/tracker/CVE-2015-9016)\nMing Lei reported a race condition in the multiqueue block layer\n (blk-mq). On a system with a driver using blk-mq (mtip32xx,\n null\\_blk, or virtio\\_blk), a local user might be able to use this\n for denial of service or possibly for privilege escalation.\n* [CVE-2017-0861](https://security-tracker.debian.org/tracker/CVE-2017-0861)\nRobb Glasser reported a potential use-after-free in the ALSA (sound)\n PCM core. We believe this was not possible in practice.\n* [CVE-2017-5715](https://security-tracker.debian.org/tracker/CVE-2017-5715)\nMultiple researchers have discovered a vulnerability in various\n processors supporting speculative execution, enabling an attacker\n controlling an unprivileged process to read memory from arbitrary\n addresses, including from the kernel and all other processes\n running on the system.\n\n\nThis specific attack has been named Spectre variant 2 (branch\n target injection) and is mitigated for the x86 architecture (amd64\n and i386) by using the retpoline compiler feature which allows\n indirect branches to be isolated from speculative execution.\n* [CVE-2017-5753](https://security-tracker.debian.org/tracker/CVE-2017-5753)\nMultiple researchers have discovered a vulnerability in various\n processors supporting speculative execution, enabling an attacker\n controlling an unprivileged process to read memory from arbitrary\n addresses, including from the kernel and all other processes\n running on the system.\n\n\nThis specific attack has been named Spectre variant 1\n (bounds-check bypass) and is mitigated by identifying vulnerable\n code sections (array bounds checking followed by array access) and\n replacing the array access with the speculation-safe\n array\\_index\\_nospec() function.\n\n\nMore use sites will be added over time.\n* [CVE-2017-13166](https://security-tracker.debian.org/tracker/CVE-2017-13166)\nA bug in the 32-bit compatibility layer of the v4l2 ioctl handling\n code has been found. Memory protections ensuring user-provided\n buffers always point to userland memory were disabled, allowing\n destination addresses to be in kernel space. On a 64-bit kernel a\n local user with access to a suitable video device can exploit this\n to overwrite kernel memory, leading to privilege escalation.\n* [CVE-2017-13220](https://security-tracker.debian.org/tracker/CVE-2017-13220)\nAl Viro reported that the Bluetooth HIDP implementation could\n dereference a pointer before performing the necessary type check.\n A local user could use this to cause a denial of service.\n* [CVE-2017-16526](https://security-tracker.debian.org/tracker/CVE-2017-16526)\nAndrey Konovalov reported that the UWB subsystem may dereference\n an invalid pointer in an error case. A local user might be able\n to use this for denial of service.\n* [CVE-2017-16911](https://security-tracker.debian.org/tracker/CVE-2017-16911)\nSecunia Research reported that the USB/IP vhci\\_hcd driver exposed\n kernel heap addresses to local users. This information could aid the\n exploitation of other vulnerabilities.\n* [CVE-2017-16912](https://security-tracker.debian.org/tracker/CVE-2017-16912)\nSecunia Research reported that the USB/IP stub driver failed to\n perform a range check on a received packet header field, leading\n to an out-of-bounds read. A remote user able to connect to the\n USB/IP server could use this for denial of service.\n* [CVE-2017-16913](https://security-tracker.debian.org/tracker/CVE-2017-16913)\nSecunia Research reported that the USB/IP stub driver failed to\n perform a range check on a received packet header field, leading\n to excessive memory allocation. A remote user able to connect to\n the USB/IP server could use this for denial of service.\n* [CVE-2017-16914](https://security-tracker.debian.org/tracker/CVE-2017-16914)\nSecunia Research reported that the USB/IP stub driver failed to\n check for an invalid combination of fields in a received packet,\n leading to a null pointer dereference. A remote user able to\n connect to the USB/IP server could use this for denial of service.\n* [CVE-2017-18017](https://security-tracker.debian.org/tracker/CVE-2017-18017)\nDenys Fedoryshchenko reported that the netfilter xt\\_TCPMSS module\n failed to validate TCP header lengths, potentially leading to a\n use-after-free. If this module is loaded, it could be used by a\n remote attacker for denial of service or possibly for code\n execution.\n* [CVE-2017-18203](https://security-tracker.debian.org/tracker/CVE-2017-18203)\nHou Tao reported that there was a race condition in creation and\n deletion of device-mapper (DM) devices. A local user could\n potentially use this for denial of service.\n* [CVE-2017-18216](https://security-tracker.debian.org/tracker/CVE-2017-18216)\nAlex Chen reported that the OCFS2 filesystem failed to hold a\n necessary lock during nodemanager sysfs file operations,\n potentially leading to a null pointer dereference. A local user\n could use this for denial of service.\n* [CVE-2017-18232](https://security-tracker.debian.org/tracker/CVE-2017-18232)\nJason Yan reported a race condition in the SAS (Serial-Attached\n SCSI) subsystem, between probing and destroying a port. This\n could lead to a deadlock. A physically present attacker could\n use this to cause a denial of service.\n* [CVE-2017-18241](https://security-tracker.debian.org/tracker/CVE-2017-18241)\nYunlei He reported that the f2fs implementation does not properly\n initialise its state if the noflush\\_merge mount option is used.\n A local user with access to a filesystem mounted with this option\n could use this to cause a denial of service.\n* [CVE-2018-1066](https://security-tracker.debian.org/tracker/CVE-2018-1066)\nDan Aloni reported to Red Hat that the CIFS client implementation\n would dereference a null pointer if the server sent an invalid\n response during NTLMSSP setup negotiation. This could be used\n by a malicious server for denial of service.\n* [CVE-2018-1068](https://security-tracker.debian.org/tracker/CVE-2018-1068)\nThe syzkaller tool found that the 32-bit compatibility layer of\n ebtables did not sufficiently validate offset values. On a 64-bit\n kernel, a local user with the CAP\\_NET\\_ADMIN capability (in any user\n namespace) could use this to overwrite kernel memory, possibly\n leading to privilege escalation. Debian disables unprivileged user\n namespaces by default.\n* [CVE-2018-1092](https://security-tracker.debian.org/tracker/CVE-2018-1092)\nWen Xu reported that a crafted ext4 filesystem image would\n trigger a null dereference when mounted. A local user able\n to mount arbitrary filesystems could use this for denial of\n service.\n* [CVE-2018-5332](https://security-tracker.debian.org/tracker/CVE-2018-5332)\nMohamed Ghannam reported that the RDS protocol did not\n sufficiently validate RDMA requests, leading to an out-of-bounds\n write. A local attacker on a system with the rds module loaded\n could use this for denial of service or possibly for privilege\n escalation.\n* [CVE-2018-5333](https://security-tracker.debian.org/tracker/CVE-2018-5333)\nMohamed Ghannam reported that the RDS protocol did not properly\n handle an error case, leading to a null pointer dereference. A\n local attacker on a system with the rds module loaded could\n possibly use this for denial of service.\n* [CVE-2018-5750](https://security-tracker.debian.org/tracker/CVE-2018-5750)\nWang Qize reported that the ACPI sbshc driver logged a kernel heap\n address. This information could aid the exploitation of other\n vulnerabilities.\n* [CVE-2018-5803](https://security-tracker.debian.org/tracker/CVE-2018-5803)\nAlexey Kodanev reported that the SCTP protocol did not range-check\n the length of chunks to be created. A local or remote user could\n use this to cause a denial of service.\n* [CVE-2018-6927](https://security-tracker.debian.org/tracker/CVE-2018-6927)\nLi Jinyue reported that the FUTEX\\_REQUEUE operation on futexes did\n not check for negative parameter values, which might lead to a\n denial of service or other security impact.\n* [CVE-2018-7492](https://security-tracker.debian.org/tracker/CVE-2018-7492)\nThe syzkaller tool found that the RDS protocol was lacking a null\n pointer check. A local attacker on a system with the rds module\n loaded could use this for denial of service.\n* [CVE-2018-7566](https://security-tracker.debian.org/tracker/CVE-2018-7566)\nFan LongFei reported a race condition in the ALSA (sound)\n sequencer core, between write and ioctl operations. This could\n lead to an out-of-bounds access or use-after-free. A local user\n with access to a sequencer device could use this for denial of\n service or possibly for privilege escalation.\n* [CVE-2018-7740](https://security-tracker.debian.org/tracker/CVE-2018-7740)\nNic Losby reported that the hugetlbfs filesystem's mmap operation\n did not properly range-check the file offset. A local user with\n access to files on a hugetlbfs filesystem could use this to cause\n a denial of service.\n* [CVE-2018-7757](https://security-tracker.debian.org/tracker/CVE-2018-7757)\nJason Yan reported a memory leak in the SAS (Serial-Attached\n SCSI) subsystem. A local user on a system with SAS devices\n could use this to cause a denial of service.\n* [CVE-2018-7995](https://security-tracker.debian.org/tracker/CVE-2018-7995)\nSeunghun Han reported a race condition in the x86 MCE\n (Machine Check Exception) driver. This is unlikely to have\n any security impact.\n* [CVE-2018-8781](https://security-tracker.debian.org/tracker/CVE-2018-8781)\nEyal Itkin reported that the udl (DisplayLink) driver's mmap\n operation did not properly range-check the file offset. A local\n user with access to a udl framebuffer device could exploit this to\n overwrite kernel memory, leading to privilege escalation.\n* [CVE-2018-8822](https://security-tracker.debian.org/tracker/CVE-2018-8822)\nDr Silvio Cesare of InfoSect reported that the ncpfs client\n implementation did not validate reply lengths from the server. An\n ncpfs server could use this to cause a denial of service or\n remote code execution in the client.\n* [CVE-2018-1000004](https://security-tracker.debian.org/tracker/CVE-2018-1000004)\nLuo Quan reported a race condition in the ALSA (sound) sequencer\n core, between multiple ioctl operations. This could lead to a\n deadlock or use-after-free. A local user with access to a\n sequencer device could use this for denial of service or possibly\n for privilege escalation.\n* [CVE-2018-1000199](https://security-tracker.debian.org/tracker/CVE-2018-1000199)\nAndy Lutomirski discovered that the ptrace subsystem did not\n sufficiently validate hardware breakpoint settings. Local users\n can use this to cause a denial of service, or possibly for\n privilege escalation, on x86 (amd64 and i386) and possibly other\n architectures.\n\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 3.16.56-1.\n\n\nWe recommend that you upgrade your linux packages.\n\n\nFor the detailed security status of linux please refer to its security\ntracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/linux](https://security-tracker.debian.org/tracker/linux)\n\n\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-05-01T00:00:00", "type": "osv", "title": "linux - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-8822", "CVE-2017-5753", "CVE-2017-16913", "CVE-2018-1000004", "CVE-2018-7566", "CVE-2018-5333", "CVE-2018-1066", "CVE-2017-0861", "CVE-2017-18203", "CVE-2017-16912", "CVE-2018-1000199", "CVE-2018-6927", "CVE-2018-7757", "CVE-2017-13166", "CVE-2018-8781", "CVE-2017-16526", "CVE-2017-5715", "CVE-2017-18232", "CVE-2017-18241", "CVE-2018-7740", "CVE-2017-16911", "CVE-2018-7492", "CVE-2018-5332", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-18216", "CVE-2018-1068", "CVE-2017-18017", "CVE-2017-13220", "CVE-2018-5803", "CVE-2018-1092", "CVE-2015-9016", "CVE-2017-16914"], "modified": "2022-07-21T05:49:50", "id": "OSV:DSA-4187-1", "href": "https://osv.dev/vulnerability/DSA-4187-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-07-04T18:56:48", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2015-9016\nMing Lei reported a race condition in the multiqueue block layer\n(blk-mq). On a system with a driver using blk-mq (mtip32xx,\nnull_blk, or virtio_blk), a local user might be able to use this\nfor denial of service or possibly for privilege escalation.\n\nCVE-2017-0861\nRobb Glasser reported a potential use-after-free in the ALSA (sound)\nPCM core. We believe this was not possible in practice.\n\nDescription truncated. Please see the references for more information.", "cvss3": {}, "published": "2018-05-01T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4187-1 (linux - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-8822", "CVE-2017-5753", "CVE-2017-16913", "CVE-2018-1000004", "CVE-2018-7566", "CVE-2018-5333", "CVE-2018-1066", "CVE-2017-0861", "CVE-2017-18203", "CVE-2017-16912", "CVE-2018-1000199", "CVE-2018-6927", "CVE-2018-7757", "CVE-2017-13166", "CVE-2018-8781", "CVE-2017-16526", "CVE-2017-5715", "CVE-2017-18232", "CVE-2017-18241", "CVE-2018-7740", "CVE-2017-16911", "CVE-2018-7492", "CVE-2018-5332", "CVE-2018-7995", "CVE-2018-5750", "CVE-2017-18216", "CVE-2018-1068", "CVE-2017-18017", "CVE-2017-13220", "CVE-2018-5803", "CVE-2018-1092", "CVE-2015-9016", "CVE-2017-16914"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704187", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704187", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4187-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704187\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2015-9016\", \"CVE-2017-0861\", \"CVE-2017-13166\", \"CVE-2017-13220\", \"CVE-2017-16526\",\n \"CVE-2017-16911\", \"CVE-2017-16912\", \"CVE-2017-16913\", \"CVE-2017-16914\", \"CVE-2017-18017\",\n \"CVE-2017-18203\", \"CVE-2017-18216\", \"CVE-2017-18232\", \"CVE-2017-18241\", \"CVE-2017-5715\",\n \"CVE-2017-5753\", \"CVE-2018-1000004\", \"CVE-2018-1000199\", \"CVE-2018-1066\", \"CVE-2018-1068\",\n \"CVE-2018-1092\", \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2018-5750\", \"CVE-2018-5803\",\n \"CVE-2018-6927\", \"CVE-2018-7492\", \"CVE-2018-7566\", \"CVE-2018-7740\", \"CVE-2018-7757\",\n \"CVE-2018-7995\", \"CVE-2018-8781\", \"CVE-2018-8822\");\n script_name(\"Debian Security Advisory DSA 4187-1 (linux - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-05-01 00:00:00 +0200 (Tue, 01 May 2018)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4187.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"linux on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 3.16.56-1.\n\nWe recommend that you upgrade your linux packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/linux\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2015-9016\nMing Lei reported a race condition in the multiqueue block layer\n(blk-mq). On a system with a driver using blk-mq (mtip32xx,\nnull_blk, or virtio_blk), a local user might be able to use this\nfor denial of service or possibly for privilege escalation.\n\nCVE-2017-0861\nRobb Glasser reported a potential use-after-free in the ALSA (sound)\nPCM core. We believe this was not possible in practice.\n\nDescription truncated. Please see the references for more information.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-arm\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-s390\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-x86\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.9-x86\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-doc-3.16\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-4kc-malta\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-586\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-5kc-malta\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-686-pae\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-amd64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-arm64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armel\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armhf\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-i386\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mips\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mipsel\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-powerpc\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-ppc64el\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-s390x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-amd64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-arm64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp-lpae\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-common\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-ixp4xx\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-kirkwood\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2e\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2f\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-3\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-octeon\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-orion5x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc-smp\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64le\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r4k-ip22\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r5k-ip32\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-s390x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-versatile\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-4kc-malta\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-586\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-5kc-malta\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-686-pae\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-amd64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-arm64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-armel\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-armhf\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-i386\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-mips\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-mipsel\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-powerpc\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-ppc64el\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-all-s390x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-amd64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-arm64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-armmp\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-armmp-lpae\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-common\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-ixp4xx\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-kirkwood\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-loongson-2e\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-loongson-2f\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-loongson-3\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-octeon\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-orion5x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-powerpc\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-powerpc-smp\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-powerpc64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-powerpc64le\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-r4k-ip22\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-r5k-ip32\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-s390x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-sb1-bcm91250a\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-5-versatile\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-4kc-malta\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-586\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-5kc-malta\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-686-pae\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-amd64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-arm64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-armel\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-armhf\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-i386\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-mips\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-powerpc\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-ppc64el\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-all-s390x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-amd64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-arm64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-armmp\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-armmp-lpae\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-common\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-ixp4xx\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-kirkwood\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-octeon\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-orion5x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-powerpc\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-powerpc-smp\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-powerpc64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-powerpc64le\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-r4k-ip22\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-r5k-ip32\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-s390x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-sb1-bcm91250a\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-headers-3.16.0-6-versatile\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-4kc-malta\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-586\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-5kc-malta\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae-dbg\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64-dbg\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64-dbg\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp-lpae\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-ixp4xx\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-kirkwood\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2e\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2f\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-3\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-octeon\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-orion5x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc-smp\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64le\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r4k-ip22\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r5k-ip32\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x-dbg\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-versatile\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-4kc-malta\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-586\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-5kc-malta\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-686-pae\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-686-pae-dbg\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-amd64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-amd64-dbg\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-arm64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-arm64-dbg\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-armmp\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-armmp-lpae\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-ixp4xx\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-kirkwood\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-loongson-2e\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-loongson-2f\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-loongson-3\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-octeon\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-orion5x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-powerpc\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-powerpc-smp\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-powerpc64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-powerpc64le\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-r4k-ip22\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-r5k-ip32\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-s390x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-s390x-dbg\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-sb1-bcm91250a\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-5-versatile\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-4kc-malta\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-586\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-5kc-malta\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-686-pae\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-686-pae-dbg\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-amd64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-amd64-dbg\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-arm64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-arm64-dbg\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-armmp\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-armmp-lpae\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-ixp4xx\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-kirkwood\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-octeon\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-orion5x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-powerpc\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-powerpc-smp\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-powerpc64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-powerpc64le\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-r4k-ip22\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-r5k-ip32\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-s390x\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-s390x-dbg\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-sb1-bcm91250a\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-image-3.16.0-6-versatile\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-manual-3.16\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-source-3.16\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-3.16.0-4\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-3.16.0-5\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"linux-support-3.16.0-6\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-4-amd64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-5-amd64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-6-amd64\", ver:\"3.16.56-1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-01-11T14:45:57", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\n - CVE-2015-9016 Ming Lei reported a race condition in the multiqueue block layer (blk-mq). On a system with a driver using blk-mq (mtip32xx, null_blk, or virtio_blk), a local user might be able to use this for denial of service or possibly for privilege escalation.\n\n - CVE-2017-0861 Robb Glasser reported a potential use-after-free in the ALSA (sound) PCM core. We believe this was not possible in practice.\n\n - CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system.\n\n This specific attack has been named Spectre variant 2 (branch target injection) and is mitigated for the x86 architecture (amd64 and i386) by using the 'retpoline' compiler feature which allows indirect branches to be isolated from speculative execution.\n\n - CVE-2017-5753 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system.\n\n This specific attack has been named Spectre variant 1 (bounds-check bypass) and is mitigated by identifying vulnerable code sections (array bounds checking followed by array access) and replacing the array access with the speculation-safe array_index_nospec() function.\n\n More use sites will be added over time.\n\n - CVE-2017-13166 A bug in the 32-bit compatibility layer of the v4l2 ioctl handling code has been found. Memory protections ensuring user-provided buffers always point to userland memory were disabled, allowing destination addresses to be in kernel space. On a 64-bit kernel a local user with access to a suitable video device can exploit this to overwrite kernel memory, leading to privilege escalation.\n\n - CVE-2017-13220 Al Viro reported that the Bluetooth HIDP implementation could dereference a pointer before performing the necessary type check. A local user could use this to cause a denial of service.\n\n - CVE-2017-16526 Andrey Konovalov reported that the UWB subsystem may dereference an invalid pointer in an error case. A local user might be able to use this for denial of service.\n\n - CVE-2017-16911 Secunia Research reported that the USB/IP vhci_hcd driver exposed kernel heap addresses to local users.\n This information could aid the exploitation of other vulnerabilities.\n\n - CVE-2017-16912 Secunia Research reported that the USB/IP stub driver failed to perform a range check on a received packet header field, leading to an out-of-bounds read. A remote user able to connect to the USB/IP server could use this for denial of service.\n\n - CVE-2017-16913 Secunia Research reported that the USB/IP stub driver failed to perform a range check on a received packet header field, leading to excessive memory allocation. A remote user able to connect to the USB/IP server could use this for denial of service.\n\n - CVE-2017-16914 Secunia Research reported that the USB/IP stub driver failed to check for an invalid combination of fields in a received packet, leading to a NULL pointer dereference. A remote user able to connect to the USB/IP server could use this for denial of service.\n\n - CVE-2017-18017 Denys Fedoryshchenko reported that the netfilter xt_TCPMSS module failed to validate TCP header lengths, potentially leading to a use-after-free. If this module is loaded, it could be used by a remote attacker for denial of service or possibly for code execution.\n\n - CVE-2017-18203 Hou Tao reported that there was a race condition in creation and deletion of device-mapper (DM) devices. A local user could potentially use this for denial of service.\n\n - CVE-2017-18216 Alex Chen reported that the OCFS2 filesystem failed to hold a necessary lock during nodemanager sysfs file operations, potentially leading to a NULL pointer dereference. A local user could use this for denial of service.\n\n - CVE-2017-18232 Jason Yan reported a race condition in the SAS (Serial-Attached SCSI) subsystem, between probing and destroying a port. This could lead to a deadlock. A physically present attacker could use this to cause a denial of service.\n\n - CVE-2017-18241 Yunlei He reported that the f2fs implementation does not properly initialise its state if the 'noflush_merge' mount option is used. A local user with access to a filesystem mounted with this option could use this to cause a denial of service.\n\n - CVE-2018-1066 Dan Aloni reported to Red Hat that the CIFS client implementation would dereference a NULL pointer if the server sent an invalid response during NTLMSSP setup negotiation. This could be used by a malicious server for denial of service.\n\n - CVE-2018-1068 The syzkaller tool found that the 32-bit compatibility layer of ebtables did not sufficiently validate offset values. On a 64-bit kernel, a local user with the CAP_NET_ADMIN capability (in any user namespace) could use this to overwrite kernel memory, possibly leading to privilege escalation. Debian disables unprivileged user namespaces by default.\n\n - CVE-2018-1092 Wen Xu reported that a crafted ext4 filesystem image would trigger a null dereference when mounted. A local user able to mount arbitrary filesystems could use this for denial of service.\n\n - CVE-2018-5332 Mohamed Ghannam reported that the RDS protocol did not sufficiently validate RDMA requests, leading to an out-of-bounds write. A local attacker on a system with the rds module loaded could use this for denial of service or possibly for privilege escalation.\n\n - CVE-2018-5333 Mohamed Ghannam reported that the RDS protocol did not properly handle an error case, leading to a NULL pointer dereference. A local attacker on a system with the rds module loaded could possibly use this for denial of service.\n\n - CVE-2018-5750 Wang Qize reported that the ACPI sbshc driver logged a kernel heap address. This information could aid the exploitation of other vulnerabilities.\n\n - CVE-2018-5803 Alexey Kodanev reported that the SCTP protocol did not range-check the length of chunks to be created. A local or remote user could use this to cause a denial of service.\n\n - CVE-2018-6927 Li Jinyue reported that the FUTEX_REQUEUE operation on futexes did not check for negative parameter values, which might lead to a denial of service or other security impact.\n\n - CVE-2018-7492 The syzkaller tool found that the RDS protocol was lacking a null pointer check. A local attacker on a system with the rds module loaded could use this for denial of service.\n\n - CVE-2018-7566 Fan LongFei reported a race condition in the ALSA (sound) sequencer core, between write and ioctl operations. This could lead to an out-of-bounds access or use-after-free. A local user with access to a sequencer device could use this for denial of service or possibly for privilege escalation.\n\n - CVE-2018-7740 Nic Losby reported that the hugetlbfs filesystem's mmap operation did not properly range-check the file offset.\n A local user with access to files on a hugetlbfs filesystem could use this to cause a denial of service.\n\n - CVE-2018-7757 Jason Yan reported a memory leak in the SAS (Serial-Attached SCSI) subsystem. A local user on a system with SAS devices could use this to cause a denial of service.\n\n - CVE-2018-7995 Seunghun Han reported a race condition in the x86 MCE (Machine Check Exception) driver. This is unlikely to have any security impact.\n\n - CVE-2018-8781 Eyal Itkin reported that the udl (DisplayLink) driver's mmap operation did not properly range-check the file offset. A local user with access to a udl framebuffer device could exploit this to overwrite kernel memory, leading to privilege escalation.\n\n - CVE-2018-8822 Dr Silvio Cesare of InfoSect reported that the ncpfs client implementation did not validate reply lengths from the server. An ncpfs server could use this to cause a denial of service or remote code execution in the client.\n\n - CVE-2018-1000004 Luo Quan reported a race condition in the ALSA (sound) sequencer core, between multiple ioctl operations. This could lead to a deadlock or use-after-free. A local user with access to a sequencer device could use this for denial of service or possibly for privilege escalation.\n\n - CVE-2018-1000199 Andy Lutomirski discovered that the ptrace subsystem did not sufficiently validate hardware breakpoint settings.\n Local users can use this to cause a denial of service, or possibly for privilege escalation, on x86 (amd64 and i386) and possibly other architectures.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-05-02T00:00:00", "type": "nessus", "title": "Debian DSA-4187-1 : linux - security update (Spectre)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-9016", "CVE-2017-0861", "CVE-2017-13166", "CVE-2017-13220", "CVE-2017-16526", "CVE-2017-16911", "CVE-2017-16912", "CVE-2017-16913", "CVE-2017-16914", "CVE-2017-18017", "CVE-2017-18203", "CVE-2017-18216", "CVE-2017-18232", "CVE-2017-18241", "CVE-2017-5715", "CVE-2017-5753", "CVE-2018-1000004", "CVE-2018-1000199", "CVE-2018-1066", "CVE-2018-1068", "CVE-2018-1092", "CVE-2018-5332", "CVE-2018-5333", "CVE-2018-5750", "CVE-2018-5803", "CVE-2018-6927", "CVE-2018-7492", "CVE-2018-7566", "CVE-2018-7740", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-8781", "CVE-2018-8822"], "modified": "2020-01-23T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-4187.NASL", "href": "https://www.tenable.com/plugins/nessus/109517", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4187. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(109517);\n script_version(\"1.9\");\n script_cvs_date(\"Date: 2020/01/23\");\n\n script_cve_id(\"CVE-2015-9016\", \"CVE-2017-0861\", \"CVE-2017-13166\", \"CVE-2017-13220\", \"CVE-2017-16526\", \"CVE-2017-16911\", \"CVE-2017-16912\", \"CVE-2017-16913\", \"CVE-2017-16914\", \"CVE-2017-18017\", \"CVE-2017-18203\", \"CVE-2017-18216\", \"CVE-2017-18232\", \"CVE-2017-18241\", \"CVE-2017-5715\", \"CVE-2017-5753\", \"CVE-2018-1000004\", \"CVE-2018-1000199\", \"CVE-2018-1066\", \"CVE-2018-1068\", \"CVE-2018-1092\", \"CVE-2018-5332\", \"CVE-2018-5333\", \"CVE-2018-5750\", \"CVE-2018-5803\", \"CVE-2018-6927\", \"CVE-2018-7492\", \"CVE-2018-7566\", \"CVE-2018-7740\", \"CVE-2018-7757\", \"CVE-2018-7995\", \"CVE-2018-8781\", \"CVE-2018-8822\");\n script_xref(name:\"DSA\", value:\"4187\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"Debian DSA-4187-1 : linux - security update (Spectre)\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\n - CVE-2015-9016\n Ming Lei reported a race condition in the multiqueue\n block layer (blk-mq). On a system with a driver using\n blk-mq (mtip32xx, null_blk, or virtio_blk), a local user\n might be able to use this for denial of service or\n possibly for privilege escalation.\n\n - CVE-2017-0861\n Robb Glasser reported a potential use-after-free in the\n ALSA (sound) PCM core. We believe this was not possible\n in practice.\n\n - CVE-2017-5715\n Multiple researchers have discovered a vulnerability in\n various processors supporting speculative execution,\n enabling an attacker controlling an unprivileged process\n to read memory from arbitrary addresses, including from\n the kernel and all other processes running on the\n system.\n\n This specific attack has been named Spectre variant 2 (branch target\n injection) and is mitigated for the x86 architecture (amd64 and\n i386) by using the 'retpoline' compiler feature which allows\n indirect branches to be isolated from speculative execution.\n\n - CVE-2017-5753\n Multiple researchers have discovered a vulnerability in\n various processors supporting speculative execution,\n enabling an attacker controlling an unprivileged process\n to read memory from arbitrary addresses, including from\n the kernel and all other processes running on the\n system.\n\n This specific attack has been named Spectre variant 1 (bounds-check\n bypass) and is mitigated by identifying vulnerable code sections\n (array bounds checking followed by array access) and replacing the\n array access with the speculation-safe array_index_nospec()\n function.\n\n More use sites will be added over time.\n\n - CVE-2017-13166\n A bug in the 32-bit compatibility layer of the v4l2\n ioctl handling code has been found. Memory protections\n ensuring user-provided buffers always point to userland\n memory were disabled, allowing destination addresses to\n be in kernel space. On a 64-bit kernel a local user with\n access to a suitable video device can exploit this to\n overwrite kernel memory, leading to privilege\n escalation.\n\n - CVE-2017-13220\n Al Viro reported that the Bluetooth HIDP implementation\n could dereference a pointer before performing the\n necessary type check. A local user could use this to\n cause a denial of service.\n\n - CVE-2017-16526\n Andrey Konovalov reported that the UWB subsystem may\n dereference an invalid pointer in an error case. A local\n user might be able to use this for denial of service.\n\n - CVE-2017-16911\n Secunia Research reported that the USB/IP vhci_hcd\n driver exposed kernel heap addresses to local users.\n This information could aid the exploitation of other\n vulnerabilities.\n\n - CVE-2017-16912\n Secunia Research reported that the USB/IP stub driver\n failed to perform a range check on a received packet\n header field, leading to an out-of-bounds read. A remote\n user able to connect to the USB/IP server could use this\n for denial of service.\n\n - CVE-2017-16913\n Secunia Research reported that the USB/IP stub driver\n failed to perform a range check on a received packet\n header field, leading to excessive memory allocation. A\n remote user able to connect to the USB/IP server could\n use this for denial of service.\n\n - CVE-2017-16914\n Secunia Research reported that the USB/IP stub driver\n failed to check for an invalid combination of fields in\n a received packet, leading to a NULL pointer\n dereference. A remote user able to connect to the USB/IP\n server could use this for denial of service.\n\n - CVE-2017-18017\n Denys Fedoryshchenko reported that the netfilter\n xt_TCPMSS module failed to validate TCP header lengths,\n potentially leading to a use-after-free. If this module\n is loaded, it could be used by a remote attacker for\n denial of service or possibly for code execution.\n\n - CVE-2017-18203\n Hou Tao reported that there was a race condition in\n creation and deletion of device-mapper (DM) devices. A\n local user could potentially use this for denial of\n service.\n\n - CVE-2017-18216\n Alex Chen reported that the OCFS2 filesystem failed to\n hold a necessary lock during nodemanager sysfs file\n operations, potentially leading to a NULL pointer\n dereference. A local user could use this for denial of\n service.\n\n - CVE-2017-18232\n Jason Yan reported a race condition in the SAS\n (Serial-Attached SCSI) subsystem, between probing and\n destroying a port. This could lead to a deadlock. A\n physically present attacker could use this to cause a\n denial of service.\n\n - CVE-2017-18241\n Yunlei He reported that the f2fs implementation does not\n properly initialise its state if the 'noflush_merge'\n mount option is used. A local user with access to a\n filesystem mounted with this option could use this to\n cause a denial of service.\n\n - CVE-2018-1066\n Dan Aloni reported to Red Hat that the CIFS client\n implementation would dereference a NULL pointer if the\n server sent an invalid response during NTLMSSP setup\n negotiation. This could be used by a malicious server\n for denial of service.\n\n - CVE-2018-1068\n The syzkaller tool found that the 32-bit compatibility\n layer of ebtables did not sufficiently validate offset\n values. On a 64-bit kernel, a local user with the\n CAP_NET_ADMIN capability (in any user namespace) could\n use this to overwrite kernel memory, possibly leading to\n privilege escalation. Debian disables unprivileged user\n namespaces by default.\n\n - CVE-2018-1092\n Wen Xu reported that a crafted ext4 filesystem image\n would trigger a null dereference when mounted. A local\n user able to mount arbitrary filesystems could use this\n for denial of service.\n\n - CVE-2018-5332\n Mohamed Ghannam reported that the RDS protocol did not\n sufficiently validate RDMA requests, leading to an\n out-of-bounds write. A local attacker on a system with\n the rds module loaded could use this for denial of\n service or possibly for privilege escalation.\n\n - CVE-2018-5333\n Mohamed Ghannam reported that the RDS protocol did not\n properly handle an error case, leading to a NULL pointer\n dereference. A local attacker on a system with the rds\n module loaded could possibly use this for denial of\n service.\n\n - CVE-2018-5750\n Wang Qize reported that the ACPI sbshc driver logged a\n kernel heap address. This information could aid the\n exploitation of other vulnerabilities.\n\n - CVE-2018-5803\n Alexey Kodanev reported that the SCTP protocol did not\n range-check the length of chunks to be created. A local\n or remote user could use this to cause a denial of\n service.\n\n - CVE-2018-6927\n Li Jinyue reported that the FUTEX_REQUEUE operation on\n futexes did not check for negative parameter values,\n which might lead to a denial of service or other\n security impact.\n\n - CVE-2018-7492\n The syzkaller tool found that the RDS protocol was\n lacking a null pointer check. A local attacker on a\n system with the rds module loaded could use this for\n denial of service.\n\n - CVE-2018-7566\n Fan LongFei reported a race condition in the ALSA\n (sound) sequencer core, between write and ioctl\n operations. This could lead to an out-of-bounds access\n or use-after-free. A local user with access to a\n sequencer device could use this for denial of service or\n possibly for privilege escalation.\n\n - CVE-2018-7740\n Nic Losby reported that the hugetlbfs filesystem's mmap\n operation did not properly range-check the file offset.\n A local user with access to files on a hugetlbfs\n filesystem could use this to cause a denial of service.\n\n - CVE-2018-7757\n Jason Yan reported a memory leak in the SAS\n (Serial-Attached SCSI) subsystem. A local user on a\n system with SAS devices could use this to cause a denial\n of service.\n\n - CVE-2018-7995\n Seunghun Han reported a race condition in the x86 MCE\n (Machine Check Exception) driver. This is unlikely to\n have any security impact.\n\n - CVE-2018-8781\n Eyal Itkin reported that the udl (DisplayLink) driver's\n mmap operation did not properly range-check the file\n offset. A local user with access to a udl framebuffer\n device could exploit this to overwrite kernel memory,\n leading to privilege escalation.\n\n - CVE-2018-8822\n Dr Silvio Cesare of InfoSect reported that the ncpfs\n client implementation did not validate reply lengths\n from the server. An ncpfs server could use this to cause\n a denial of service or remote code execution in the\n client.\n\n - CVE-2018-1000004\n Luo Quan reported a race condition in the ALSA (sound)\n sequencer core, between multiple ioctl operations. This\n could lead to a deadlock or use-after-free. A local user\n with access to a sequencer device could use this for\n denial of service or possibly for privilege escalation.\n\n - CVE-2018-1000199\n Andy Lutomirski discovered that the ptrace subsystem did\n not sufficiently validate hardware breakpoint settings.\n Local users can use this to cause a denial of service,\n or possibly for privilege escalation, on x86 (amd64 and\n i386) and possibly other architectures.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2015-9016\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-0861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-5715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-5753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-13166\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-13220\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-16526\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-16911\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-16912\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-16913\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-16914\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-18017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-18203\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-18216\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-18232\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2017-18241\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-1066\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-1068\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-1092\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-5332\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-5333\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-5750\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-5803\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-6927\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-7492\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-7566\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-7740\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-7757\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-7995\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-8781\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-8822\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-1000004\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/CVE-2018-1000199\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4187\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the linux packages.\n\nFor the oldstable distribution (jessie), these problems have been\nfixed in version 3.16.56-1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/02\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-arm\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.8-x86\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-compiler-gcc-4.9-x86\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-doc-3.16\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-586\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-686-pae\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-amd64\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armel\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-armhf\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-all-i386\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-amd64\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-armmp-lpae\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-common\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-ixp4xx\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-kirkwood\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-orion5x\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-headers-3.16.0-9-versatile\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-586\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-686-pae-dbg\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-amd64-dbg\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-armmp-lpae\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-ixp4xx\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-kirkwood\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-orion5x\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-image-3.16.0-9-versatile\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-libc-dev\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-manual-3.16\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-source-3.16\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"linux-support-3.16.0-9\", reference:\"3.16.56-1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"xen-linux-system-3.16.0-9-amd64\", reference:\"3.16.56-1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
CVE-2015-9016
