DATABASE RESOURCES PRICING ABOUT US

{"id": "DEBIANCVE:CVE-2017-18079", "vendorId": null, "type": "debiancve", "bulletinFamily": "info", "title": "CVE-2017-18079", "description": "drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated.", "published": "2018-01-29T05:29:00", "modified": "2018-01-29T05:29:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 7.2}, "severity": "HIGH", "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://security-tracker.debian.org/tracker/CVE-2017-18079", "reporter": "Debian Security Bug Tracker", "references": [], "cvelist": ["CVE-2017-18079"], "immutableFields": [], "lastseen": "2022-07-04T06:00:36", "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-18079"]}, {"type": "nessus", "idList": ["EULEROS_SA-2018-1054.NASL", "EULEROS_SA-2018-1234.NASL", "EULEROS_SA-2019-1472.NASL", "EULEROS_SA-2019-1501.NASL", "ORACLELINUX_ELSA-2019-4315.NASL", "ORACLELINUX_ELSA-2019-4316.NASL", "ORACLEVM_OVMSA-2019-0002.NASL", "SUSE_SU-2018-0437-1.NASL", "SUSE_SU-2018-0525-1.NASL", "SUSE_SU-2018-0555-1.NASL", "SUSE_SU-2018-0660-1.NASL", "UBUNTU_USN-3655-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843532", "OPENVAS:1361412562311220181054", "OPENVAS:1361412562311220181234", "OPENVAS:1361412562311220191472", "OPENVAS:1361412562311220191501"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-4315", "ELSA-2019-4316", "ELSA-2019-4317"]}, {"type": "photon", "idList": ["PHSA-2017-0061", "PHSA-2018-0031"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-18079"]}, {"type": "suse", "idList": ["SUSE-SU-2018:0437-1", "SUSE-SU-2018:0525-1", "SUSE-SU-2018:0555-1", "SUSE-SU-2018:0660-1", "SUSE-SU-2018:0841-1"]}, {"type": "ubuntu", "idList": ["USN-3655-1", "USN-3655-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-18079"]}], "rev": 4}, "score": {"value": 6.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2017-18079"]}, {"type": "nessus", "idList": ["ORACLELINUX_ELSA-2019-4315.NASL", "SUSE_SU-2018-0437-1.NASL", "SUSE_SU-2018-0525-1.NASL", "SUSE_SU-2018-0555-1.NASL", "UBUNTU_USN-3655-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310843532"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-4315"]}, {"type": "photon", "idList": ["PHSA-2017-0061", "PHSA-2018-0031"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-18079"]}, {"type": "suse", "idList": ["SUSE-SU-2018:0437-1", "SUSE-SU-2018:0525-1", "SUSE-SU-2018:0555-1"]}, {"type": "ubuntu", "idList": ["USN-3655-1", "USN-3655-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-18079"]}]}, "exploitation": null, "vulnersScore": 6.2}, "_state": {"dependencies": 0, "score": 0}, "_internal": {}, "affectedPackage": [{"OS": "Debian", "OSVersion": "12", "arch": "all", "packageFilename": "linux_5.18.5-1_all.deb", "packageVersion": "5.18.5-1", "operator": "lt", "status": "resolved", "packageName": "linux"}, {"OS": "Debian", "OSVersion": "11", "arch": "all", "packageFilename": "linux_5.10.106-1_all.deb", "packageVersion": "5.10.106-1", "operator": "lt", "status": "resolved", "packageName": "linux"}, {"OS": "Debian", "OSVersion": "10", "arch": "all", "packageFilename": "linux_4.19.235-1_all.deb", "packageVersion": "4.19.235-1", "operator": "lt", "status": "resolved", "packageName": "linux"}, {"OS": "Debian", "OSVersion": "999", "arch": "all", "packageFilename": "linux_5.18.5-1_all.deb", "packageVersion": "5.18.5-1", "operator": "lt", "status": "resolved", "packageName": "linux"}]}

{"ubuntucve": [{"lastseen": "2021-11-22T21:44:03", "description": "drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows\nattackers to cause a denial of service (NULL pointer dereference and system\ncrash) or possibly have unspecified other impact because the port->exists\nvalue can change after it is validated.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-29T00:00:00", "type": "ubuntucve", "title": "CVE-2017-18079", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18079"], "modified": "2018-01-29T00:00:00", "id": "UB:CVE-2017-18079", "href": "https://ubuntu.com/security/CVE-2017-18079", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhatcve": [{"lastseen": "2021-09-02T22:49:15", "description": "A flaw was found in the Linux kernel's implementation of i8042 serial ports. An attacker could cause a kernel panic if they are able to add and remove devices as the module is loaded.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-29T14:19:57", "type": "redhatcve", "title": "CVE-2017-18079", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18079"], "modified": "2021-03-18T16:56:59", "id": "RH:CVE-2017-18079", "href": "https://access.redhat.com/security/cve/cve-2017-18079", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T15:11:26", "description": "drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-01-29T05:29:00", "type": "cve", "title": "CVE-2017-18079", "cwe": ["CWE-476"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18079"], "modified": "2019-01-19T11:29:00", "cpe": [], "id": "CVE-2017-18079", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18079", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": []}], "photon": [{"lastseen": "2022-05-12T18:10:17", "description": "Updates of ['linux', 'linux-esx'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-08-10T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2017-0061", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-11473", "CVE-2017-18079", "CVE-2017-7541", "CVE-2018-14634"], "modified": "2017-08-10T00:00:00", "id": "PHSA-2017-0061", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-61", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-12T18:32:31", "description": "Updates of ['linux-aws', 'linux-secure', 'linux-esx', 'linux', 'postgresql'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-03-29T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2018-0031", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-1000251", "CVE-2017-1000364", "CVE-2017-1000365", "CVE-2017-1000405", "CVE-2017-10661", "CVE-2017-10662", "CVE-2017-10663", "CVE-2017-10810", "CVE-2017-11176", "CVE-2017-11472", "CVE-2017-11473", "CVE-2017-11600", "CVE-2017-12146", "CVE-2017-12154", "CVE-2017-12188", "CVE-2017-13166", "CVE-2017-14497", "CVE-2017-15115", "CVE-2017-15265", "CVE-2017-15649", "CVE-2017-15951", "CVE-2017-16526", "CVE-2017-16939", "CVE-2017-16995", "CVE-2017-17052", "CVE-2017-17053", "CVE-2017-17448", "CVE-2017-17450", "CVE-2017-17712", "CVE-2017-17805", "CVE-2017-17806", "CVE-2017-18075", "CVE-2017-18079", "CVE-2017-18202", "CVE-2017-18595", "CVE-2017-2636", "CVE-2017-6347", "CVE-2017-6874", "CVE-2017-7187", "CVE-2017-7294", "CVE-2017-7308", "CVE-2017-7374", "CVE-2017-7477", "CVE-2017-7487", "CVE-2017-7533", "CVE-2017-7541", "CVE-2017-7618", "CVE-2017-7645", "CVE-2017-7889", "CVE-2017-8065", "CVE-2017-8797", "CVE-2017-8824", "CVE-2017-8831", "CVE-2017-8890", "CVE-2017-9074", "CVE-2017-9075", "CVE-2017-9076", "CVE-2017-9077", "CVE-2017-9984", "CVE-2017-9985", "CVE-2018-1058", "CVE-2018-5332", "CVE-2018-5344", "CVE-2018-6927", "CVE-2018-7480"], "modified": "2018-03-29T00:00:00", "id": "PHSA-2018-0031", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-31", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "openvas": [{"lastseen": "2020-01-27T18:32:54", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1234)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18079", "CVE-2017-13215", "CVE-2018-5333", "CVE-2017-15129", "CVE-2018-5332", "CVE-2017-18017"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181234", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181234", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1234\");\n script_version(\"2020-01-23T11:18:17+0000\");\n script_cve_id(\"CVE-2017-13215\", \"CVE-2017-15129\", \"CVE-2017-18017\", \"CVE-2017-18079\", \"CVE-2018-5332\", \"CVE-2018-5333\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:18:17 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:18:17 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1234)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1234\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1234\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2018-1234 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely.(CVE-2017-15129)\n\nThe tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.(CVE-2017-18017)\n\nA flaw was found in the upstream kernel Skcipher component. This vulnerability affects the skcipher_recvmsg function of the component Skcipher. The manipulation with an unknown input leads to a privilege escalation vulnerability.(CVE-2017-13215)\n\nIn the Linux kernel through 4.14.13, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size() function in 'net/rds/rdma.c') and thus to a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2018-5332)\n\nIn the Linux kernel through 4.14.13, the rds_cmsg_atomic() function in 'net/rds/rdma.c' mishandles cases where page pinning fails or an invalid address is supplied by a user. This can lead to a NULL pointer dereference in rds_atomic_free_op() and thus to a system panic.(CVE-2018-5333)\n\ndrivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port-exists value can change after it is validated.(CVE-2017-18079)\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization 2.5.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~327.61.59.66_25\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~327.61.59.66_25\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~327.61.59.66_25\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~327.61.59.66_25\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~327.61.59.66_25\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~327.61.59.66_25\", rls:\"EULEROSVIRT-2.5.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:39:15", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1054)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18079", "CVE-2018-1000004", "CVE-2017-18203", "CVE-2018-6927", "CVE-2017-18208", "CVE-2018-5750"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181054", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181054", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1054\");\n script_version(\"2020-01-23T11:10:25+0000\");\n script_cve_id(\"CVE-2017-18079\", \"CVE-2017-18203\", \"CVE-2017-18208\", \"CVE-2018-1000004\", \"CVE-2018-5750\", \"CVE-2018-6927\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:10:25 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:10:25 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1054)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1054\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1054\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2018-1054 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.(CVE-2018-1000004)\n\ndrivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port-exists value can change after it is validated.(CVE-2017-18079)\n\nThe acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.(CVE-2018-5750)\n\nThe futex_requeue function in kernel/futex.c in the Linux kernel, before 4.14.15, might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impacts by triggering a negative wake or requeue value. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2018-6927)\n\nThe Linux kernel, before version 4.14.3, is vulnerable to a denial of service in drivers/md/dm.c:dm_get_from_kobject() which can be caused by local users leveraging a race condition with __dm_destroy() during creation and removal of DM devices. Only privileged local users (with CAP_SYS_ADMIN capability) can directly perform the ioctl operations for dm device creation and removal and this would typically be outside the direct control of the unprivileged attacker.(CVE-2017-18203)\n\nThe madvise_willneed function in the Linux kernel allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.(CVE-2017-18208)\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~229.49.1.175\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~229.49.1.175\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~229.49.1.175\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~229.49.1.175\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~229.49.1.175\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~229.49.1.175\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~229.49.1.175\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~229.49.1.175\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~229.49.1.175\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~229.49.1.175\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:33:20", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-05-22T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-3655-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-8822", "CVE-2017-18079", "CVE-2017-18203", "CVE-2017-18204", "CVE-2017-13305", "CVE-2017-18208", "CVE-2017-17449", "CVE-2017-12134", "CVE-2017-13220", "CVE-2018-3639", "CVE-2017-18221"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310843532", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843532", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_3655_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for linux USN-3655-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.843532\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-05-22 12:42:26 +0200 (Tue, 22 May 2018)\");\n script_cve_id(\"CVE-2018-3639\", \"CVE-2017-12134\", \"CVE-2017-13220\", \"CVE-2017-13305\",\n \"CVE-2017-17449\", \"CVE-2017-18079\", \"CVE-2017-18203\", \"CVE-2017-18204\",\n \"CVE-2017-18208\", \"CVE-2017-18221\", \"CVE-2018-8822\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for linux USN-3655-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\non the target host.\");\n script_tag(name:\"insight\", value:\"Jann Horn and Ken Johnson discovered that\nmicroprocessors utilizing speculative execution of a memory read may allow\nunauthorized memory reads via a sidechannel attack. This flaw is known as Spectre\nVariant 4. A local attacker could use this to expose sensitive\ninformation, including kernel memory. (CVE-2018-3639)\n\nJan H. Schnherr discovered that the Xen subsystem did not properly handle\nblock IO merges correctly in some situations. An attacker in a guest vm\ncould use this to cause a denial of service (host crash) or possibly gain\nadministrative privileges in the host. (CVE-2017-12134)\n\nIt was discovered that the Bluetooth HIP Protocol implementation in the\nLinux kernel did not properly validate HID connection setup information. An\nattacker could use this to cause a denial of service (system crash) or\npossibly execute arbitrary code. (CVE-2017-13220)\n\nIt was discovered that a buffer overread vulnerability existed in the\nkeyring subsystem of the Linux kernel. A local attacker could possibly use\nthis to expose sensitive information (kernel memory). (CVE-2017-13305)\n\nIt was discovered that the netlink subsystem in the Linux kernel did not\nproperly restrict observations of netlink messages to the appropriate net\nnamespace. A local attacker could use this to expose sensitive information\n(kernel netlink traffic). (CVE-2017-17449)\n\nIt was discovered that a race condition existed in the i8042 serial device\ndriver implementation in the Linux kernel. A physically proximate attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2017-18079)\n\nIt was discovered that a race condition existed in the Device Mapper\ncomponent of the Linux kernel. A local attacker could use this to cause a\ndenial of service (system crash). (CVE-2017-18203)\n\nIt was discovered that a race condition existed in the OCFS2 file system\nimplementation in the Linux kernel. A local attacker could use this to\ncause a denial of service (kernel deadlock). (CVE-2017-18204)\n\nIt was discovered that an infinite loop could occur in the madvise(2)\nimplementation in the Linux kernel in certain circumstances. A local\nattacker could use this to cause a denial of service (system hang).\n(CVE-2017-18208)\n\nKefeng Wang discovered that a race condition existed in the memory locking\nimplementation in the Linux kernel. A local attacker could use this to\ncause a denial of service. (CVE-2017-18221)\n\nSilvio Cesare discovered a buffer overwrite existed in the NCPFS\nimplementation in the Linux kernel. A remote attacker controlling a\nmalicious NCPFS server could use this to cause a denial of service (system\ncrash) or possibly execute arbitrary code. (CVE-2018-8822)\");\n script_tag(name:\"affected\", value:\"linux on Ubuntu 14.04 LTS\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n\n script_xref(name:\"USN\", value:\"3655-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-3655-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU14\\.04 LTS\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-149-generic\", ver:\"3.13.0-149.199\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-149-generic-lpae\", ver:\"3.13.0-149.199\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-149-lowlatency\", ver:\"3.13.0-149.199\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-149-powerpc-e500\", ver:\"3.13.0-149.199\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-149-powerpc-e500mc\", ver:\"3.13.0-149.199\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-149-powerpc-smp\", ver:\"3.13.0-149.199\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-149-powerpc64-emb\", ver:\"3.13.0-149.199\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-3.13.0-149-powerpc64-smp\", ver:\"3.13.0-149.199\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"3.13.0.149.159\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"3.13.0.149.159\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"3.13.0.149.159\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500\", ver:\"3.13.0.149.159\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"3.13.0.149.159\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"3.13.0.149.159\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"3.13.0.149.159\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"3.13.0.149.159\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-02-05T16:36:28", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1472)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18079", "CVE-2016-9754", "CVE-2017-7261", "CVE-2017-16525", "CVE-2014-9529", "CVE-2014-9420", "CVE-2016-4568", "CVE-2016-2383", "CVE-2013-2892", "CVE-2014-2568", "CVE-2017-18204", "CVE-2014-9730", "CVE-2016-7915", "CVE-2014-7843", "CVE-2018-16276", "CVE-2016-2070", "CVE-2016-6327", "CVE-2017-9605", "CVE-2018-1094", "CVE-2016-3134"], "modified": "2020-02-05T00:00:00", "id": "OPENVAS:1361412562311220191472", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191472", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1472\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2013-2892\", \"CVE-2014-2568\", \"CVE-2014-7843\", \"CVE-2014-9420\", \"CVE-2014-9529\", \"CVE-2014-9730\", \"CVE-2016-2070\", \"CVE-2016-2383\", \"CVE-2016-3134\", \"CVE-2016-4568\", \"CVE-2016-6327\", \"CVE-2016-7915\", \"CVE-2016-9754\", \"CVE-2017-16525\", \"CVE-2017-18079\", \"CVE-2017-18204\", \"CVE-2017-7261\", \"CVE-2017-9605\", \"CVE-2018-1094\", \"CVE-2018-16276\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:49:09 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1472)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1472\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1472\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1472 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The hid_input_field() function in 'drivers/hid/hid-core.c' in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device.(CVE-2016-7915)\n\nThe Linux kernel, before version 4.14.2, is vulnerable to a deadlock caused by fs/ocfs2/file.c:ocfs2_setattr(), as the function does not wait for DIO requests before locking the inode. This can be exploited by local users to cause a subsequent denial of service.(CVE-2017-18204)\n\nThe vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.11.4 defines a backup_handle variable but does not give it an initial value. If one attempts to create a GB surface, with a previously allocated DMA buffer to be used as a backup buffer, the backup_handle variable does not get written to and is then later returned to user space, allowing local users to obtain sensitive information from uninitialized kernel memory via a crafted ioctl call.(CVE-2017-9605)\n\nUse-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the affected code was moved to the skb_zerocopy function in net/core/skbuff.c before the vulnerability was announced.(CVE-2014-2568)\n\nIt was found that the Linux kernel's ISO file system implementation did not correctly limit the traversal of Rock Ridge extension Continuation Entries (CE). An attacker with physical access to the system could use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service.(CVE-2014-9420)\n\nAn integer overflow vulnerability was found in the ring_buffer_resize() calculations in which a privileged user can adjust the size of the ringbuffer message size. These calculations can create an issue where the kernel memory allocator will not allocate the correct count of pages yet expect them to be usable. This can lead to the ftrace() output to appear to corrupt kernel memory and possibly be used for privileged escalation or more likely kernel panic.(CVE-2016-9754)\n\nA symlink size validation was missing in Linux kernels built with UDF file system (CONFIG_UDF_FS) support, allowing the corruption of kernel memory. An attacker able to mount a corrupted/malicious UDF file system image could cause the kernel to crash.(CVE-2014-9730)\n\nIn was found that in the Linux kernel ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-27T18:35:27", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1501)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18079", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-18203", "CVE-2017-17805", "CVE-2017-16649", "CVE-2017-16535", "CVE-2017-16537", "CVE-2017-17448", "CVE-2017-16533", "CVE-2017-16536", "CVE-2017-18208", "CVE-2017-16939", "CVE-2017-17449", "CVE-2017-16650", "CVE-2017-16643", "CVE-2017-16538", "CVE-2017-16534", "CVE-2017-17807", "CVE-2017-16644", "CVE-2017-16645", "CVE-2017-17806"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191501", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191501", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1501\");\n script_version(\"2020-01-23T11:57:49+0000\");\n script_cve_id(\"CVE-2017-16533\", \"CVE-2017-16534\", \"CVE-2017-16535\", \"CVE-2017-16536\", \"CVE-2017-16537\", \"CVE-2017-16538\", \"CVE-2017-16643\", \"CVE-2017-16644\", \"CVE-2017-16645\", \"CVE-2017-16649\", \"CVE-2017-16650\", \"CVE-2017-16939\", \"CVE-2017-17448\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17558\", \"CVE-2017-17805\", \"CVE-2017-17806\", \"CVE-2017-17807\", \"CVE-2017-18079\", \"CVE-2017-18203\", \"CVE-2017-18208\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:57:49 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:57:49 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1501)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1501\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1501\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1501 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel, before 4.13.8, allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16533)\n\nThe cdc_parse_cdc_header() function in 'drivers/usb/core/message.c' in the Linux kernel, before 4.13.6, allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2017-16534)\n\nThe usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel can allow a local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16535)\n\nThe cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16536)\n\nThe imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16537)\n\nThe drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel, through 4.13.11, allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner).(CVE-2017-16538)\n\nThe parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16643)\n\nThe hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16644)\n\nThe ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel, through 4.13.11, allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system cra ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~862.14.1.6_42\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2022-04-24T17:03:53", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely.(CVE-2017-15129)\n\n - The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.(CVE-2017-18017)\n\n - A flaw was found in the upstream kernel Skcipher component. This vulnerability affects the skcipher_recvmsg function of the component Skcipher.\n The manipulation with an unknown input leads to a privilege escalation vulnerability.(CVE-2017-13215)\n\n - In the Linux kernel through 4.14.13, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size() function in 'net/rds/rdma.c') and thus to a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2018-5332)\n\n - In the Linux kernel through 4.14.13, the rds_cmsg_atomic() function in 'net/rds/rdma.c' mishandles cases where page pinning fails or an invalid address is supplied by a user. This can lead to a NULL pointer dereference in rds_atomic_free_op() and thus to a system panic.(CVE-2018-5333)\n\n - drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port-i1/4zexists value can change after it is validated.(CVE-2017-18079)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-09-18T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.0 : kernel (EulerOS-SA-2018-1234)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13215", "CVE-2017-15129", "CVE-2017-18017", "CVE-2017-18079", "CVE-2018-5332", "CVE-2018-5333"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "cpe:/o:huawei:euleros:uvp:2.5.0"], "id": "EULEROS_SA-2018-1234.NASL", "href": "https://www.tenable.com/plugins/nessus/117543", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(117543);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-13215\",\n \"CVE-2017-15129\",\n \"CVE-2017-18017\",\n \"CVE-2017-18079\",\n \"CVE-2018-5332\",\n \"CVE-2018-5333\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.0 : kernel (EulerOS-SA-2018-1234)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A use-after-free vulnerability was found in network\n namespaces code affecting the Linux kernel before\n 4.14.11. The function get_net_ns_by_id() in\n net/core/net_namespace.c does not check for the\n net::count value after it has found a peer network in\n netns_ids idr, which could lead to double free and\n memory corruption. This vulnerability could allow an\n unprivileged local user to induce kernel memory\n corruption on the system, leading to a crash. Due to\n the nature of the flaw, privilege escalation cannot be\n fully ruled out, although it is thought to be\n unlikely.(CVE-2017-15129)\n\n - The tcpmss_mangle_packet function in\n net/netfilter/xt_TCPMSS.c in the Linux kernel before\n 4.11, and 4.9.x before 4.9.36, allows remote attackers\n to cause a denial of service (use-after-free and memory\n corruption) or possibly have unspecified other impact\n by leveraging the presence of xt_TCPMSS in an iptables\n action.(CVE-2017-18017)\n\n - A flaw was found in the upstream kernel Skcipher\n component. This vulnerability affects the\n skcipher_recvmsg function of the component Skcipher.\n The manipulation with an unknown input leads to a\n privilege escalation vulnerability.(CVE-2017-13215)\n\n - In the Linux kernel through 4.14.13, the\n rds_message_alloc_sgs() function does not validate a\n value that is used during DMA page allocation, leading\n to a heap-based out-of-bounds write (related to the\n rds_rdma_extra_size() function in 'net/rds/rdma.c') and\n thus to a system panic. Due to the nature of the flaw,\n privilege escalation cannot be fully ruled out,\n although we believe it is unlikely.(CVE-2018-5332)\n\n - In the Linux kernel through 4.14.13, the\n rds_cmsg_atomic() function in 'net/rds/rdma.c'\n mishandles cases where page pinning fails or an invalid\n address is supplied by a user. This can lead to a NULL\n pointer dereference in rds_atomic_free_op() and thus to\n a system panic.(CVE-2018-5333)\n\n - drivers/input/serio/i8042.c in the Linux kernel before\n 4.12.4 allows attackers to cause a denial of service\n (NULL pointer dereference and system crash) or possibly\n have unspecified other impact because the\n port-i1/4zexists value can change after it is\n validated.(CVE-2017-18079)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1234\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?10ab5c96\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/09/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-327.61.59.66_25\",\n \"kernel-devel-3.10.0-327.61.59.66_25\",\n \"kernel-headers-3.10.0-327.61.59.66_25\",\n \"kernel-tools-3.10.0-327.61.59.66_25\",\n \"kernel-tools-libs-3.10.0-327.61.59.66_25\",\n \"kernel-tools-libs-devel-3.10.0-327.61.59.66_25\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:33:14", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.(CVE-2018-1000004)\n\n - drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port-i1/4zexists value can change after it is validated.(CVE-2017-18079)\n\n - The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.(CVE-2018-5750)\n\n - The futex_requeue function in kernel/futex.c in the Linux kernel, before 4.14.15, might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impacts by triggering a negative wake or requeue value. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2018-6927)\n\n - The Linux kernel, before version 4.14.3, is vulnerable to a denial of service in drivers/md/dm.c:dm_get_from_kobject() which can be caused by local users leveraging a race condition with\n __dm_destroy() during creation and removal of DM devices. Only privileged local users (with CAP_SYS_ADMIN capability) can directly perform the ioctl operations for dm device creation and removal and this would typically be outside the direct control of the unprivileged attacker.(CVE-2017-18203)\n\n - The madvise_willneed function in the Linux kernel allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.(CVE-2017-18208)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-03-20T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : kernel (EulerOS-SA-2018-1054)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18079", "CVE-2017-18203", "CVE-2017-18208", "CVE-2018-1000004", "CVE-2018-5750", "CVE-2018-6927"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debug", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1054.NASL", "href": "https://www.tenable.com/plugins/nessus/108458", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108458);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-18079\",\n \"CVE-2017-18203\",\n \"CVE-2017-18208\",\n \"CVE-2018-1000004\",\n \"CVE-2018-5750\",\n \"CVE-2018-6927\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : kernel (EulerOS-SA-2018-1054)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - In the Linux kernel 4.12, 3.10, 2.6 and possibly\n earlier versions a race condition vulnerability exists\n in the sound system, this can lead to a deadlock and\n denial of service condition.(CVE-2018-1000004)\n\n - drivers/input/serio/i8042.c in the Linux kernel before\n 4.12.4 allows attackers to cause a denial of service\n (NULL pointer dereference and system crash) or possibly\n have unspecified other impact because the\n port-i1/4zexists value can change after it is\n validated.(CVE-2017-18079)\n\n - The acpi_smbus_hc_add function in drivers/acpi/sbshc.c\n in the Linux kernel through 4.14.15 allows local users\n to obtain sensitive address information by reading\n dmesg data from an SBS HC printk call.(CVE-2018-5750)\n\n - The futex_requeue function in kernel/futex.c in the\n Linux kernel, before 4.14.15, might allow attackers to\n cause a denial of service (integer overflow) or\n possibly have unspecified other impacts by triggering a\n negative wake or requeue value. Due to the nature of\n the flaw, privilege escalation cannot be fully ruled\n out, although we believe it is unlikely.(CVE-2018-6927)\n\n - The Linux kernel, before version 4.14.3, is vulnerable\n to a denial of service in\n drivers/md/dm.c:dm_get_from_kobject() which can be\n caused by local users leveraging a race condition with\n __dm_destroy() during creation and removal of DM\n devices. Only privileged local users (with\n CAP_SYS_ADMIN capability) can directly perform the\n ioctl operations for dm device creation and removal and\n this would typically be outside the direct control of\n the unprivileged attacker.(CVE-2017-18203)\n\n - The madvise_willneed function in the Linux kernel\n allows local users to cause a denial of service\n (infinite loop) by triggering use of MADVISE_WILLNEED\n for a DAX mapping.(CVE-2017-18208)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1054\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?77855b39\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-229.49.1.175\",\n \"kernel-debug-3.10.0-229.49.1.175\",\n \"kernel-debuginfo-3.10.0-229.49.1.175\",\n \"kernel-debuginfo-common-x86_64-3.10.0-229.49.1.175\",\n \"kernel-devel-3.10.0-229.49.1.175\",\n \"kernel-headers-3.10.0-229.49.1.175\",\n \"kernel-tools-3.10.0-229.49.1.175\",\n \"kernel-tools-libs-3.10.0-229.49.1.175\",\n \"perf-3.10.0-229.49.1.175\",\n \"python-perf-3.10.0-229.49.1.175\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T16:15:34", "description": "The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed :\n\n - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka 'retpolines'.\n\n - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621).\n\n - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617).\n\n - CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action (bnc#1074488).\n\n - CVE-2017-18079: drivers/input/serio/i8042.c in the Linux kernel allowed attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated (bnc#1077922).\n\n - CVE-2017-17741: The KVM implementation in the Linux kernel allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311).\n\n - CVE-2017-13215: A elevation of privilege vulnerability in the Upstream kernel skcipher. (bnc#1075908).\n\n - CVE-2018-1000004: In the Linux kernel a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition (bnc#1076017).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-03-13T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2018:0660-1) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13215", "CVE-2017-17741", "CVE-2017-18017", "CVE-2017-18079", "CVE-2017-5715", "CVE-2018-1000004", "CVE-2018-5332", "CVE-2018-5333"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-bigsmp", "p-cpe:/a:novell:suse_linux:kernel-bigsmp-base", "p-cpe:/a:novell:suse_linux:kernel-bigsmp-devel", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-0660-1.NASL", "href": "https://www.tenable.com/plugins/nessus/108279", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0660-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(108279);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-13215\", \"CVE-2017-17741\", \"CVE-2017-18017\", \"CVE-2017-18079\", \"CVE-2017-5715\", \"CVE-2018-1000004\", \"CVE-2018-5332\", \"CVE-2018-5333\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2018:0660-1) (Spectre)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive\nvarious security and bugfixes. The following security bugs were \nfixed :\n\n - CVE-2017-5715: Systems with microprocessors utilizing\n speculative execution and indirect branch prediction may\n allow unauthorized disclosure of information to an\n attacker with local user access via a side-channel\n analysis (bnc#1068032). The previous fix using CPU\n Microcode has been complemented by building the Linux\n Kernel with return trampolines aka 'retpolines'.\n\n - CVE-2018-5332: In the Linux kernel the\n rds_message_alloc_sgs() function did not validate a\n value that is used during DMA page allocation, leading\n to a heap-based out-of-bounds write (related to the\n rds_rdma_extra_size function in net/rds/rdma.c)\n (bnc#1075621).\n\n - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic\n function in net/rds/rdma.c mishandled cases where page\n pinning fails or an invalid address is supplied, leading\n to an rds_atomic_free_op NULL pointer dereference\n (bnc#1075617).\n\n - CVE-2017-18017: The tcpmss_mangle_packet function in\n net/netfilter/xt_TCPMSS.c in the Linux kernel allowed\n remote attackers to cause a denial of service\n (use-after-free and memory corruption) or possibly have\n unspecified other impact by leveraging the presence of\n xt_TCPMSS in an iptables action (bnc#1074488).\n\n - CVE-2017-18079: drivers/input/serio/i8042.c in the Linux\n kernel allowed attackers to cause a denial of service\n (NULL pointer dereference and system crash) or possibly\n have unspecified other impact because the port->exists\n value can change after it is validated (bnc#1077922).\n\n - CVE-2017-17741: The KVM implementation in the Linux\n kernel allowed attackers to obtain potentially sensitive\n information from kernel memory, aka a write_mmio\n stack-based out-of-bounds read, related to\n arch/x86/kvm/x86.c and include/trace/events/kvm.h\n (bnc#1073311).\n\n - CVE-2017-13215: A elevation of privilege vulnerability\n in the Upstream kernel skcipher. (bnc#1075908).\n\n - CVE-2018-1000004: In the Linux kernel a race condition\n vulnerability exists in the sound system, this can lead\n to a deadlock and denial of service condition\n (bnc#1076017).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054305\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1060279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1068032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1068984\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1070781\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1073311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074488\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074621\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075091\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075617\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075621\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077560\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13215/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17741/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18017/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18079/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5715/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1000004/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5332/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5333/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180660-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?06ffca41\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP3-LTSS:zypper in -t patch\nslessp3-kernel-20180212-13505=1\n\nSUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch\nslexsp3-kernel-20180212-13505=1\n\nSUSE Linux Enterprise Point of Sale 11-SP3:zypper in -t patch\nsleposp3-kernel-20180212-13505=1\n\nSUSE Linux Enterprise Debuginfo 11-SP3:zypper in -t patch\ndbgsp3-kernel-20180212-13505=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigsmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigsmp-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-bigsmp-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/13\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-ec2-3.0.101-0.47.106.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.0.101-0.47.106.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.0.101-0.47.106.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-0.47.106.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-0.47.106.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-0.47.106.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-bigsmp-3.0.101-0.47.106.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-bigsmp-base-3.0.101-0.47.106.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-bigsmp-devel-3.0.101-0.47.106.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-3.0.101-0.47.106.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.0.101-0.47.106.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.0.101-0.47.106.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-man-3.0.101-0.47.106.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-default-3.0.101-0.47.106.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-default-base-3.0.101-0.47.106.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-default-devel-3.0.101-0.47.106.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-source-3.0.101-0.47.106.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-syms-3.0.101-0.47.106.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-trace-3.0.101-0.47.106.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-trace-base-3.0.101-0.47.106.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"kernel-trace-devel-3.0.101-0.47.106.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-ec2-3.0.101-0.47.106.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-ec2-base-3.0.101-0.47.106.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-ec2-devel-3.0.101-0.47.106.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-3.0.101-0.47.106.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-0.47.106.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-0.47.106.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-3.0.101-0.47.106.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-0.47.106.19.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"3\", cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-0.47.106.19.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T16:13:31", "description": "The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed :\n\n - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka 'retpolines'.\n\n - CVE-2017-18079: drivers/input/serio/i8042.c allowed attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated (bnc#1077922).\n\n - CVE-2015-1142857: Prevent guests from sending ethernet flow control pause frames via the PF (bnc#1077355).\n\n - CVE-2017-17741: KVM allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read (bnc#1073311).\n\n - CVE-2017-13215: Prevent elevation of privilege (bnc#1075908).\n\n - CVE-2018-1000004: Prevent race condition in the sound system, this could have lead a deadlock and denial of service condition (bnc#1076017).\n\n - CVE-2017-17806: The HMAC implementation did not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack-based buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization (bnc#1073874).\n\n - CVE-2017-17805: The Salsa20 encryption algorithm did not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable (bnc#1073792).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"}, "published": "2018-02-23T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0525-1) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1142857", "CVE-2017-13215", "CVE-2017-17741", "CVE-2017-17805", "CVE-2017-17806", "CVE-2017-18079", "CVE-2017-5715", "CVE-2018-1000004"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_82-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_82-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-0525-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106967", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0525-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106967);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2019/09/10 13:51:47\");\n\n script_cve_id(\"CVE-2015-1142857\", \"CVE-2017-13215\", \"CVE-2017-17741\", \"CVE-2017-17805\", \"CVE-2017-17806\", \"CVE-2017-18079\", \"CVE-2017-5715\", \"CVE-2018-1000004\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0525-1) (Spectre)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive\nvarious security and bugfixes. The following security bugs were \nfixed :\n\n - CVE-2017-5715: Systems with microprocessors utilizing\n speculative execution and indirect branch prediction may\n allow unauthorized disclosure of information to an\n attacker with local user access via a side-channel\n analysis (bnc#1068032). The previous fix using CPU\n Microcode has been complemented by building the Linux\n Kernel with return trampolines aka 'retpolines'.\n\n - CVE-2017-18079: drivers/input/serio/i8042.c allowed\n attackers to cause a denial of service (NULL pointer\n dereference and system crash) or possibly have\n unspecified other impact because the port->exists value\n can change after it is validated (bnc#1077922).\n\n - CVE-2015-1142857: Prevent guests from sending ethernet\n flow control pause frames via the PF (bnc#1077355).\n\n - CVE-2017-17741: KVM allowed attackers to obtain\n potentially sensitive information from kernel memory,\n aka a write_mmio stack-based out-of-bounds read\n (bnc#1073311).\n\n - CVE-2017-13215: Prevent elevation of privilege\n (bnc#1075908).\n\n - CVE-2018-1000004: Prevent race condition in the sound\n system, this could have lead a deadlock and denial of\n service condition (bnc#1076017).\n\n - CVE-2017-17806: The HMAC implementation did not validate\n that the underlying cryptographic hash algorithm is\n unkeyed, allowing a local attacker able to use the\n AF_ALG-based hash interface\n (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash\n algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel\n stack-based buffer overflow by executing a crafted\n sequence of system calls that encounter a missing SHA-3\n initialization (bnc#1073874).\n\n - CVE-2017-17805: The Salsa20 encryption algorithm did not\n correctly handle zero-length inputs, allowing a local\n attacker able to use the AF_ALG-based skcipher interface\n (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of\n service (uninitialized-memory free and kernel crash) or\n have unspecified other impact by executing a crafted\n sequence of system calls that use the blkcipher_walk\n API. Both the generic implementation\n (crypto/salsa20_generic.c) and x86 implementation\n (arch/x86/crypto/salsa20_glue.c) of Salsa20 were\n vulnerable (bnc#1073792).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047118\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047626\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1068032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1070623\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1073246\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1073311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1073792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1073874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075091\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075411\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077355\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077560\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1081317\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=893777\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=893949\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=902893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=951638\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1142857/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13215/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17741/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17805/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17806/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18079/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5715/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1000004/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180525-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?89189945\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 6:zypper in -t patch\nSUSE-OpenStack-Cloud-6-2018-348=1\n\nSUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch\nSUSE-SLE-SAP-12-SP1-2018-348=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2018-348=1\n\nSUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch\nSUSE-SLE-Module-Public-Cloud-12-2018-348=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_82-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_74-60_64_82-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/23\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.74-60.64.82.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.74-60.64.82.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.74-60.64.82.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.74-60.64.82.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.74-60.64.82.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.74-60.64.82.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_74-60_64_82-default-1-2.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_74-60_64_82-xen-1-2.9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.74-60.64.82.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-3.12.74-60.64.82.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-base-3.12.74-60.64.82.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-base-debuginfo-3.12.74-60.64.82.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-debuginfo-3.12.74-60.64.82.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-debugsource-3.12.74-60.64.82.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-default-devel-3.12.74-60.64.82.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"kernel-syms-3.12.74-60.64.82.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T16:12:33", "description": "The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed :\n\n - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka 'retpolines'.\n\n - CVE-2017-18079: drivers/input/serio/i8042.c allowed attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated (bnc#1077922)\n\n - CVE-2015-1142857: Prevent guests from sending ethernet flow control pause frames via the PF (bnc#1077355)\n\n - CVE-2017-17741: KVM allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read (bnc#1073311)\n\n - CVE-2017-13215: Prevent elevation of privilege (bnc#1075908)\n\n - CVE-2018-1000004: Prevent race condition in the sound system, this could have lead a deadlock and denial of service condition (bnc#1076017)\n\n - CVE-2017-17806: The HMAC implementation did not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack-based buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization (bnc#1073874)\n\n - CVE-2017-17805: The Salsa20 encryption algorithm did not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable (bnc#1073792)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.6, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"}, "published": "2018-02-14T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0437-1) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1142857", "CVE-2017-13215", "CVE-2017-17741", "CVE-2017-17805", "CVE-2017-17806", "CVE-2017-18079", "CVE-2017-5715", "CVE-2018-1000004"], "modified": "2019-09-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-xen-debugsource", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_119-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_119-xen", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-0437-1.NASL", "href": "https://www.tenable.com/plugins/nessus/106815", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0437-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106815);\n script_version(\"3.8\");\n script_cvs_date(\"Date: 2019/09/10 13:51:46\");\n\n script_cve_id(\"CVE-2015-1142857\", \"CVE-2017-13215\", \"CVE-2017-17741\", \"CVE-2017-17805\", \"CVE-2017-17806\", \"CVE-2017-18079\", \"CVE-2017-5715\", \"CVE-2018-1000004\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0437-1) (Spectre)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive\nvarious security and bugfixes. The following security bugs were \nfixed :\n\n - CVE-2017-5715: Systems with microprocessors utilizing\n speculative execution and indirect branch prediction may\n allow unauthorized disclosure of information to an\n attacker with local user access via a side-channel\n analysis (bnc#1068032). The previous fix using CPU\n Microcode has been complemented by building the Linux\n Kernel with return trampolines aka 'retpolines'.\n\n - CVE-2017-18079: drivers/input/serio/i8042.c allowed\n attackers to cause a denial of service (NULL pointer\n dereference and system crash) or possibly have\n unspecified other impact because the port->exists value\n can change after it is validated (bnc#1077922)\n\n - CVE-2015-1142857: Prevent guests from sending ethernet\n flow control pause frames via the PF (bnc#1077355)\n\n - CVE-2017-17741: KVM allowed attackers to obtain\n potentially sensitive information from kernel memory,\n aka a write_mmio stack-based out-of-bounds read\n (bnc#1073311)\n\n - CVE-2017-13215: Prevent elevation of privilege\n (bnc#1075908)\n\n - CVE-2018-1000004: Prevent race condition in the sound\n system, this could have lead a deadlock and denial of\n service condition (bnc#1076017)\n\n - CVE-2017-17806: The HMAC implementation did not validate\n that the underlying cryptographic hash algorithm is\n unkeyed, allowing a local attacker able to use the\n AF_ALG-based hash interface\n (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash\n algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel\n stack-based buffer overflow by executing a crafted\n sequence of system calls that encounter a missing SHA-3\n initialization (bnc#1073874)\n\n - CVE-2017-17805: The Salsa20 encryption algorithm did not\n correctly handle zero-length inputs, allowing a local\n attacker able to use the AF_ALG-based skcipher interface\n (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of\n service (uninitialized-memory free and kernel crash) or\n have unspecified other impact by executing a crafted\n sequence of system calls that use the blkcipher_walk\n API. Both the generic implementation\n (crypto/salsa20_generic.c) and x86 implementation\n (arch/x86/crypto/salsa20_glue.c) of Salsa20 were\n vulnerable (bnc#1073792)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1047626\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1068032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1070623\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1073311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1073792\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1073874\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075091\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076110\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077355\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077560\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=893777\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=893949\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=902893\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=951638\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1142857/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13215/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17741/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17805/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17806/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18079/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5715/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1000004/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180437-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?09339c08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2018-301=1\n\nSUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch\nSUSE-SLE-Module-Public-Cloud-12-2018-301=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_119-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-3_12_61-52_119-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/14\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-3.12.61-52.119.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.12.61-52.119.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-base-debuginfo-3.12.61-52.119.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debuginfo-3.12.61-52.119.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-debugsource-3.12.61-52.119.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.12.61-52.119.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_61-52_119-default-1-1.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"x86_64\", reference:\"kgraft-patch-3_12_61-52_119-xen-1-1.7.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-3.12.61-52.119.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-3.12.61-52.119.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-3.12.61-52.119.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-base-debuginfo-3.12.61-52.119.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debuginfo-3.12.61-52.119.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-debugsource-3.12.61-52.119.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-default-devel-3.12.61-52.119.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"kernel-syms-3.12.61-52.119.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-25T17:19:30", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4315 advisory. - In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail. (CVE-2017-9725) - The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image. (CVE-2018-1092) - drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated. (CVE-2017-18079) - In the Linux kernel before 4.7, the amd_gpio_remove function in drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free. (CVE-2017-18174) - The __munlock_pagevec function in mm/mlock.c in the Linux kernel before 4.11.4 allows local users to cause a denial of service (NR_MLOCK accounting corruption) via crafted use of mlockall and munlockall system calls.\n(CVE-2017-18221) - The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation. (CVE-2017-18255) - ** DISPUTED ** Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck directory. NOTE: a third party has indicated that this report is not security relevant. (CVE-2018-7995) - In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588 References: Upstream kernel. (CVE-2018-9363) - In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:\nAndroid kernel Android ID: A-71361580. (CVE-2018-9516) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-07T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4315)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18079", "CVE-2017-18174", "CVE-2017-18221", "CVE-2017-18255", "CVE-2017-9725", "CVE-2018-1092", "CVE-2018-7995", "CVE-2018-9363", "CVE-2018-9516"], "modified": "2022-05-24T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2019-4315.NASL", "href": "https://www.tenable.com/plugins/nessus/120976", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4315.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120976);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/24\");\n\n script_cve_id(\n \"CVE-2017-9725\",\n \"CVE-2017-18079\",\n \"CVE-2017-18174\",\n \"CVE-2017-18221\",\n \"CVE-2017-18255\",\n \"CVE-2018-1092\",\n \"CVE-2018-7995\",\n \"CVE-2018-9363\",\n \"CVE-2018-9516\"\n );\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4315)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2019-4315 advisory. - In all Qualcomm products with Android releases from CAF using the Linux kernel, during\nDMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when\nit should fail. (CVE-2017-9725) - The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15\nmishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of\nservice (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image. (CVE-2018-1092) -\ndrivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL\npointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can\nchange after it is validated. (CVE-2017-18079) - In the Linux kernel before 4.7, the amd_gpio_remove function in\ndrivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function, leading to a double free. (CVE-2017-18174) -\nThe __munlock_pagevec function in mm/mlock.c in the Linux kernel before 4.11.4 allows local users to cause a denial\nof service (NR_MLOCK accounting corruption) via crafted use of mlockall and munlockall system calls.\n(CVE-2017-18221) - The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before\n4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other\nimpact via a large value, as demonstrated by an incorrect sample-rate calculation. (CVE-2017-18255) - ** DISPUTED **\nRace condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel\nthrough 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the\ncheck_interval file in a /sys/devices/system/machinecheck/machinecheck directory. NOTE: a third party has indicated that\nthis report is not security relevant. (CVE-2018-7995) - In the hidp_process_report in bluetooth, there is an\ninteger overflow. This could lead to an out of bounds write with no additional execution privileges needed. User\ninteraction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588\nReferences: Upstream kernel. (CVE-2018-9363) - In hid_debug_events_read of drivers/hid/hid-debug.c, there is a\npossible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with\nSystem execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:\nAndroid kernel Android ID: A-71361580. (CVE-2018-9516) Note that Nessus has not tested for this issue but has\ninstead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-4315.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-9725\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2017-18174\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.24.1.el6uek', '4.1.12-124.24.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-4315');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.24.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.24.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.24.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.24.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.24.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.24.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.24.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.24.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.24.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.24.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.24.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.24.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T16:12:10", "description": "The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed :\n\n - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka 'retpolines'.\n\n - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621).\n\n - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617).\n\n - CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action (bnc#1074488).\n\n - CVE-2017-18079: drivers/input/serio/i8042.c in the Linux kernel allowed attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated (bnc#1077922).\n\n - CVE-2015-1142857: On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. (bnc#1077355).\n\n - CVE-2017-17741: The KVM implementation in the Linux kernel allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311).\n\n - CVE-2017-13215: A elevation of privilege vulnerability in the Upstream kernel skcipher. (bnc#1075908).\n\n - CVE-2018-1000004: In the Linux kernel a race condition vulnerability existed in the sound system, this can lead to a deadlock and denial of service condition (bnc#1076017).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-02-28T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : kernel (SUSE-SU-2018:0555-1) (Meltdown) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1142857", "CVE-2017-13215", "CVE-2017-17741", "CVE-2017-18017", "CVE-2017-18079", "CVE-2017-5715", "CVE-2017-5754", "CVE-2018-1000004", "CVE-2018-5332", "CVE-2018-5333"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-ec2", "p-cpe:/a:novell:suse_linux:kernel-ec2-base", "p-cpe:/a:novell:suse_linux:kernel-ec2-devel", "p-cpe:/a:novell:suse_linux:kernel-pae", "p-cpe:/a:novell:suse_linux:kernel-pae-base", "p-cpe:/a:novell:suse_linux:kernel-pae-devel", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-trace", "p-cpe:/a:novell:suse_linux:kernel-trace-base", "p-cpe:/a:novell:suse_linux:kernel-trace-devel", "p-cpe:/a:novell:suse_linux:kernel-xen", "p-cpe:/a:novell:suse_linux:kernel-xen-base", "p-cpe:/a:novell:suse_linux:kernel-xen-devel", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2018-0555-1.NASL", "href": "https://www.tenable.com/plugins/nessus/107055", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:0555-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(107055);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2015-1142857\", \"CVE-2017-13215\", \"CVE-2017-17741\", \"CVE-2017-18017\", \"CVE-2017-18079\", \"CVE-2017-5715\", \"CVE-2017-5754\", \"CVE-2018-1000004\", \"CVE-2018-5332\", \"CVE-2018-5333\");\n script_xref(name:\"IAVA\", value:\"2018-A-0019\");\n script_xref(name:\"IAVA\", value:\"2018-A-0020\");\n\n script_name(english:\"SUSE SLES11 Security Update : kernel (SUSE-SU-2018:0555-1) (Meltdown) (Spectre)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various\nsecurity and bugfixes. The following security bugs were fixed :\n\n - CVE-2017-5715: Systems with microprocessors utilizing\n speculative execution and indirect branch prediction may\n allow unauthorized disclosure of information to an\n attacker with local user access via a side-channel\n analysis (bnc#1068032). The previous fix using CPU\n Microcode has been complemented by building the Linux\n Kernel with return trampolines aka 'retpolines'.\n\n - CVE-2018-5332: In the Linux kernel the\n rds_message_alloc_sgs() function did not validate a\n value that is used during DMA page allocation, leading\n to a heap-based out-of-bounds write (related to the\n rds_rdma_extra_size function in net/rds/rdma.c)\n (bnc#1075621).\n\n - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic\n function in net/rds/rdma.c mishandled cases where page\n pinning fails or an invalid address is supplied, leading\n to an rds_atomic_free_op NULL pointer dereference\n (bnc#1075617).\n\n - CVE-2017-18017: The tcpmss_mangle_packet function in\n net/netfilter/xt_TCPMSS.c in the Linux kernel allowed\n remote attackers to cause a denial of service\n (use-after-free and memory corruption) or possibly have\n unspecified other impact by leveraging the presence of\n xt_TCPMSS in an iptables action (bnc#1074488).\n\n - CVE-2017-18079: drivers/input/serio/i8042.c in the Linux\n kernel allowed attackers to cause a denial of service\n (NULL pointer dereference and system crash) or possibly\n have unspecified other impact because the port->exists\n value can change after it is validated (bnc#1077922).\n\n - CVE-2015-1142857: On multiple SR-IOV cars it is possible\n for VF's assigned to guests to send ethernet flow\n control pause frames via the PF. (bnc#1077355).\n\n - CVE-2017-17741: The KVM implementation in the Linux\n kernel allowed attackers to obtain potentially sensitive\n information from kernel memory, aka a write_mmio\n stack-based out-of-bounds read, related to\n arch/x86/kvm/x86.c and include/trace/events/kvm.h\n (bnc#1073311).\n\n - CVE-2017-13215: A elevation of privilege vulnerability\n in the Upstream kernel skcipher. (bnc#1075908).\n\n - CVE-2018-1000004: In the Linux kernel a race condition\n vulnerability existed in the sound system, this can lead\n to a deadlock and denial of service condition\n (bnc#1076017).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1045538\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1048585\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1054305\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1059174\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1060279\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1060682\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1063544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1068032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1068984\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1069508\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1070623\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1070781\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1073311\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074488\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074621\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1074880\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075088\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075091\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075410\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075617\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075621\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075908\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1075994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076017\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076154\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076278\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076437\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1076849\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077191\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077355\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077487\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077560\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077922\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078875\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1079917\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1080133\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1080359\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1080363\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1080372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1080579\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1080685\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1080774\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1081500\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=936530\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=962257\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2015-1142857/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-13215/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-17741/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18017/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-18079/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-5715/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-1000004/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5332/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-5333/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20180555-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?be83bfc0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 11-SP4:zypper in -t\npatch sdksp4-kernel-20180207-13491=1\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-kernel-20180207-13491=1\n\nSUSE Linux Enterprise Server 11-EXTRA:zypper in -t patch\nslexsp3-kernel-20180207-13491=1\n\nSUSE Linux Enterprise Real Time Extension 11-SP4:zypper in -t patch\nslertesp4-kernel-20180207-13491=1\n\nSUSE Linux Enterprise High Availability Extension 11-SP4:zypper in -t\npatch slehasp4-kernel-20180207-13491=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-kernel-20180207-13491=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Reliable Datagram Sockets (RDS) rds_atomic_free_op NULL pointer dereference Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-ec2-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-pae-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/02/28\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-3.0.101-108.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-base-3.0.101-108.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-ec2-devel-3.0.101-108.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-3.0.101-108.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-base-3.0.101-108.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-xen-devel-3.0.101-108.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-3.0.101-108.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-base-3.0.101-108.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-pae-devel-3.0.101-108.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-default-man-3.0.101-108.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-3.0.101-108.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-base-3.0.101-108.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-default-devel-3.0.101-108.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-source-3.0.101-108.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-syms-3.0.101-108.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-3.0.101-108.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-base-3.0.101-108.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"kernel-trace-devel-3.0.101-108.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-3.0.101-108.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-base-3.0.101-108.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-ec2-devel-3.0.101-108.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-3.0.101-108.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-base-3.0.101-108.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-xen-devel-3.0.101-108.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-3.0.101-108.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-base-3.0.101-108.35.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", cpu:\"i586\", reference:\"kernel-pae-devel-3.0.101-108.35.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-30T18:00:38", "description": "Jann Horn and Ken Johnson discovered that microprocessors utilizing speculative execution of a memory read may allow unauthorized memory reads via a sidechannel attack. This flaw is known as Spectre Variant 4. A local attacker could use this to expose sensitive information, including kernel memory. (CVE-2018-3639)\n\nJan H. Schonherr discovered that the Xen subsystem did not properly handle block IO merges correctly in some situations. An attacker in a guest vm could use this to cause a denial of service (host crash) or possibly gain administrative privileges in the host. (CVE-2017-12134)\n\nIt was discovered that the Bluetooth HIP Protocol implementation in the Linux kernel did not properly validate HID connection setup information. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-13220)\n\nIt was discovered that a buffer overread vulnerability existed in the keyring subsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory).\n(CVE-2017-13305)\n\nIt was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. A local attacker could use this to expose sensitive information (kernel netlink traffic). (CVE-2017-17449)\n\nIt was discovered that a race condition existed in the i8042 serial device driver implementation in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18079)\n\nIt was discovered that a race condition existed in the Device Mapper component of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18203)\n\nIt was discovered that a race condition existed in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18204)\n\nIt was discovered that an infinite loop could occur in the madvise(2) implementation in the Linux kernel in certain circumstances. A local attacker could use this to cause a denial of service (system hang).\n(CVE-2017-18208)\n\nKefeng Wang discovered that a race condition existed in the memory locking implementation in the Linux kernel. A local attacker could use this to cause a denial of service. (CVE-2017-18221)\n\nSilvio Cesare discovered a buffer overwrite existed in the NCPFS implementation in the Linux kernel. A remote attacker controlling a malicious NCPFS server could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-8822).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2018-05-23T00:00:00", "type": "nessus", "title": "Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3655-1) (Spectre)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-12134", "CVE-2017-13220", "CVE-2017-13305", "CVE-2017-17449", "CVE-2017-18079", "CVE-2017-18203", "CVE-2017-18204", "CVE-2017-18208", "CVE-2017-18221", "CVE-2018-3639", "CVE-2018-8822"], "modified": "2020-09-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-3655-1.NASL", "href": "https://www.tenable.com/plugins/nessus/110050", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-3655-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(110050);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2017-12134\", \"CVE-2017-13220\", \"CVE-2017-13305\", \"CVE-2017-17449\", \"CVE-2017-18079\", \"CVE-2017-18203\", \"CVE-2017-18204\", \"CVE-2017-18208\", \"CVE-2017-18221\", \"CVE-2018-3639\", \"CVE-2018-8822\");\n script_xref(name:\"USN\", value:\"3655-1\");\n\n script_name(english:\"Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3655-1) (Spectre)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Jann Horn and Ken Johnson discovered that microprocessors utilizing\nspeculative execution of a memory read may allow unauthorized memory\nreads via a sidechannel attack. This flaw is known as Spectre Variant\n4. A local attacker could use this to expose sensitive information,\nincluding kernel memory. (CVE-2018-3639)\n\nJan H. Schonherr discovered that the Xen subsystem did not properly\nhandle block IO merges correctly in some situations. An attacker in a\nguest vm could use this to cause a denial of service (host crash) or\npossibly gain administrative privileges in the host. (CVE-2017-12134)\n\nIt was discovered that the Bluetooth HIP Protocol implementation in\nthe Linux kernel did not properly validate HID connection setup\ninformation. An attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2017-13220)\n\nIt was discovered that a buffer overread vulnerability existed in the\nkeyring subsystem of the Linux kernel. A local attacker could possibly\nuse this to expose sensitive information (kernel memory).\n(CVE-2017-13305)\n\nIt was discovered that the netlink subsystem in the Linux kernel did\nnot properly restrict observations of netlink messages to the\nappropriate net namespace. A local attacker could use this to expose\nsensitive information (kernel netlink traffic). (CVE-2017-17449)\n\nIt was discovered that a race condition existed in the i8042 serial\ndevice driver implementation in the Linux kernel. A physically\nproximate attacker could use this to cause a denial of service (system\ncrash) or possibly execute arbitrary code. (CVE-2017-18079)\n\nIt was discovered that a race condition existed in the Device Mapper\ncomponent of the Linux kernel. A local attacker could use this to\ncause a denial of service (system crash). (CVE-2017-18203)\n\nIt was discovered that a race condition existed in the OCFS2 file\nsystem implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service (kernel deadlock). (CVE-2017-18204)\n\nIt was discovered that an infinite loop could occur in the madvise(2)\nimplementation in the Linux kernel in certain circumstances. A local\nattacker could use this to cause a denial of service (system hang).\n(CVE-2017-18208)\n\nKefeng Wang discovered that a race condition existed in the memory\nlocking implementation in the Linux kernel. A local attacker could use\nthis to cause a denial of service. (CVE-2017-18221)\n\nSilvio Cesare discovered a buffer overwrite existed in the NCPFS\nimplementation in the Linux kernel. A remote attacker controlling a\nmalicious NCPFS server could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2018-8822).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/3655-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-3.13-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/05/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/05/23\");\n script_set_attribute(attribute:\"in_the_news\", value:\"true\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2018-2020 Canonical, Inc. / NASL script (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(14\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 14.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-12134\", \"CVE-2017-13220\", \"CVE-2017-13305\", \"CVE-2017-17449\", \"CVE-2017-18079\", \"CVE-2017-18203\", \"CVE-2017-18204\", \"CVE-2017-18208\", \"CVE-2017-18221\", \"CVE-2018-3639\", \"CVE-2018-8822\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-3655-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-149-generic\", pkgver:\"3.13.0-149.199\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-149-generic-lpae\", pkgver:\"3.13.0-149.199\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-3.13.0-149-lowlatency\", pkgver:\"3.13.0-149.199\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic\", pkgver:\"3.13.0.149.159\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"3.13.0.149.159\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"3.13.0.149.159\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-3.13-generic / linux-image-3.13-generic-lpae / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T16:15:33", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - rds: congestion updates can be missed when kernel low on memory (Mukesh Kacker) [Orabug: 28425811]\n\n - net/rds: ib: Fix endless RNR Retries caused by memory allocation failures (Venkat Venkatsubra) [Orabug:\n 28127993]\n\n - net: rds: fix excess initialization of the recv SGEs (Zhu Yanjun) [Orabug: 29004503]\n\n - xhci: fix usb2 resume timing and races. (Mathias Nyman) [Orabug: 29028940]\n\n - xhci: Fix a race in usb2 LPM resume, blocking U3 for usb2 devices (Mathias Nyman) [Orabug: 29028940]\n\n - userfaultfd: check VM_MAYWRITE was set after verifying the uffd is registered (Andrea Arcangeli) [Orabug:\n 29163750] (CVE-2018-18397)\n\n - userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas (Andrea Arcangeli) [Orabug: 29163750] (CVE-2018-18397)\n\n - x86/apic/x2apic: set affinity of a single interrupt to one cpu (Jianchao Wang) [Orabug: 29196396]\n\n - xen/blkback: rework validate_io_op (Dongli Zhang) [Orabug: 29199843]\n\n - xen/blkback: optimize validate_io_op to filter BLKIF_OP_RESERVED_1 operation (Dongli Zhang) [Orabug:\n 29199843]\n\n - xen/blkback: do not BUG for invalid blkif_request from frontend (Dongli Zhang) [Orabug: 29199843]\n\n - net/rds: WARNING: at net/rds/recv.c:222 rds_recv_hs_exthdrs+0xf8/0x1e0 (Venkat Venkatsubra) [Orabug: 29201779]\n\n - xen-netback: wake up xenvif_dealloc_kthread when it should stop (Dongli Zhang) [Orabug: 29217927]\n\n - Revert 'xfs: remove nonblocking mode from xfs_vm_writepage' (Wengang Wang) [Orabug: 29279692]\n\n - Revert 'xfs: remove xfs_cancel_ioend' (Wengang Wang) [Orabug: 29279692]\n\n - Revert 'xfs: Introduce writeback context for writepages' (Wengang Wang) [Orabug: 29279692]\n\n - Revert 'xfs: xfs_cluster_write is redundant' (Wengang Wang) [Orabug: 29279692]\n\n - Revert 'xfs: factor mapping out of xfs_do_writepage' (Wengang Wang) [Orabug: 29279692]\n\n - Revert 'xfs: don't chain ioends during writepage submission' (Wengang Wang) [Orabug: 29279692]\n\n - mstflint: Fix coding style issues - left with LINUX_VERSION_CODE (Idan Mehalel) [Orabug: 28878697]\n\n - mstflint: Fix coding-style issues (Idan Mehalel) [Orabug: 28878697]\n\n - mstflint: Fix errors found with checkpatch script (Idan Mehalel) [Orabug: 28878697]\n\n - Added support for 5th Gen devices in Secure Boot module and mtcr (Adham Masarwah) [Orabug: 28878697]\n\n - Fix typos in mst_kernel (Adham Masarwah) [Orabug:\n 28878697]\n\n - bnxt_en: Report PCIe link properties with pcie_print_link_status (Brian Maly) [Orabug: 28942099]\n\n - selinux: Perform both commoncap and selinux xattr checks (Eric W. Biederman) [Orabug: 28951521]\n\n - Introduce v3 namespaced file capabilities (Serge E.\n Hallyn) [Orabug: 28951521]\n\n - rds: ib: Use a delay when reconnecting to the very same IP address (H&aring kon Bugge) [Orabug: 29138813]\n\n - Change mincore to count 'mapped' pages rather than 'cached' pages (Linus Torvalds) [Orabug: 29187415] (CVE-2019-5489)\n\n - NFSD: Set the attributes used to store the verifier for EXCLUSIVE4_1 (Kinglong Mee) [Orabug: 29204157]\n\n - ext4: update i_disksize when new eof exceeds it (Shan Hai) [Orabug: 28940828]\n\n - ext4: update i_disksize if direct write past ondisk size (Eryu Guan) [Orabug: 28940828]\n\n - ext4: protect i_disksize update by i_data_sem in direct write path (Eryu Guan) [Orabug: 28940828]\n\n - ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c (Hui Peng) [Orabug: 29042981] (CVE-2018-19824)\n\n - ALSA: usb-audio: Replace probing flag with active refcount (Takashi Iwai) [Orabug: 29042981] (CVE-2018-19824)\n\n - ALSA: usb-audio: Avoid nested autoresume calls (Takashi Iwai) [Orabug: 29042981] (CVE-2018-19824)\n\n - ext4: validate that metadata blocks do not overlap superblock (Theodore Ts'o) [Orabug: 29114440] (CVE-2018-1094)\n\n - ext4: update inline int ext4_has_metadata_csum(struct super_block *sb) (John Donnelly) [Orabug: 29114440] (CVE-2018-1094)\n\n - ext4: always initialize the crc32c checksum driver (Theodore Ts'o) [Orabug: 29114440] (CVE-2018-1094) (CVE-2018-1094)\n\n - Revert 'bnxt_en: Reduce default rings on multi-port cards.' (Brian Maly) [Orabug: 28687746]\n\n - mlx4_core: Disable P_Key Violation Traps (H&aring kon Bugge) [Orabug: 27693633]\n\n - rds: RDS connection does not reconnect after CQ access violation error (Venkat Venkatsubra) [Orabug: 28733324]\n\n - KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL (KarimAllah Ahmed) [Orabug: 28069548]\n\n - KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL - reloaded (Mihai Carabas) [Orabug: 28069548]\n\n - KVM/x86: Add IBPB support (Ashok Raj) [Orabug: 28069548]\n\n - KVM: x86: pass host_initiated to functions that read MSRs (Paolo Bonzini) [Orabug: 28069548]\n\n - KVM: VMX: make MSR bitmaps per-VCPU (Paolo Bonzini) [Orabug: 28069548]\n\n - KVM: VMX: introduce alloc_loaded_vmcs (Paolo Bonzini) [Orabug: 28069548]\n\n - KVM: nVMX: Eliminate vmcs02 pool (Jim Mattson) [Orabug:\n 28069548]\n\n - KVM: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC (Radim Kr&#x10D m&aacute &#x159 ) [Orabug:\n 28069548]\n\n - ocfs2: don't clear bh uptodate for block read (Junxiao Bi) [Orabug: 28762940]\n\n - ocfs2: clear journal dirty flag after shutdown journal (Junxiao Bi) [Orabug: 28924775]\n\n - ocfs2: fix panic due to unrecovered local alloc (Junxiao Bi) [Orabug: 28924775]\n\n - net: rds: fix rds_ib_sysctl_max_recv_allocation error (Zhu Yanjun) [Orabug: 28947481]\n\n - x86/speculation: Always disable IBRS in disable_ibrs_and_friends (Alejandro Jimenez) [Orabug:\n 29139710]\n\n - pinctrl: amd: Use devm_pinctrl_register for pinctrl registration (Laxman Dewangan) [Orabug: 27539246] (CVE-2017-18174)\n\n - mlock: fix mlock count can not decrease in race condition (Yisheng Xie) [Orabug: 27677611] (CVE-2017-18221)\n\n - perf/core: Fix the perf_cpu_time_max_percent check (Tan Xiaojun) [Orabug: 27823815] (CVE-2017-18255)\n\n - x86/microcode/intel: Fix a wrong assignment of revision in _save_mc (Zhenzhong Duan) [Orabug: 28190263]\n\n - mm: cma: fix incorrect type conversion for size during dma allocation (Rohit Vaswani) [Orabug: 28407826] (CVE-2017-9725)\n\n - x86/speculation: Make enhanced IBRS the default spectre v2 mitigation (Alejandro Jimenez) [Orabug: 28474851]\n\n - x86/speculation: Enable enhanced IBRS usage (Alejandro Jimenez) [Orabug: 28474851]\n\n - x86/speculation: functions for supporting enhanced IBRS (Alejandro Jimenez) [Orabug: 28474851]\n\n - xen/blkback: fix disconnect while I/Os in flight (Juergen Gross) [Orabug: 28744234]\n\n - mlx4_vnic: use the mlid while calling ib_detach_mcast (aru kolappan) [Orabug: 29029705]\n\n - ext4: fail ext4_iget for root directory if unallocated (Theodore Ts'o) [Orabug: 29048557] (CVE-2018-1092) (CVE-2018-1092)\n\n - Bluetooth: hidp: buffer overflow in hidp_process_report (Mark Salyzyn) [Orabug: 29121215] (CVE-2018-9363) (CVE-2018-9363)\n\n - HID: debug: check length before copy_to_user (Daniel Rosenberg) [Orabug: 29128165] (CVE-2018-9516)\n\n - x86/MCE: Serialize sysfs changes (Seunghun Han) [Orabug:\n 29149888] (CVE-2018-7995)\n\n - Input: i8042 - fix crash at boot time (Chen Hong) [Orabug: 29152328] (CVE-2017-18079)\n\n - base/memory, hotplug: fix a kernel oops in show_valid_zones (Toshi Kani) [Orabug: 29050538]\n\n - mm/memory_hotplug.c: check start_pfn in test_pages_in_a_zone (Toshi Kani) [Orabug: 29050538]\n\n - drivers/base/memory.c: prohibit offlining of memory blocks with missing sections (Seth Jennings) [Orabug:\n 29050538]\n\n - mm: Check if section present during memory block (un)registering (Yinghai Lu) [Orabug: 29050538]\n\n - hugetlb: take PMD sharing into account when flushing tlb/caches (Mike Kravetz) [Orabug: 28951854]\n\n - mm: migration: fix migration of huge PMD shared pages (Mike Kravetz) [Orabug: 28951854]\n\n - hugetlbfs: use truncate mutex to prevent pmd sharing race (Mike Kravetz) [Orabug: 28896255]\n\n - rds: ib: Improve tracing during failover/back (H&aring kon Bugge) [Orabug: 28860366]\n\n - rds: ib: Remove superfluous add of address on fail-back device (H&aring kon Bugge) [Orabug: 28860366]\n\n - libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset (Fred Herard) [Orabug: 28946207]\n\n - wil6210: missing length check in wmi_set_ie (Lior David) [Orabug: 28951265] (CVE-2018-5848)\n\n - netfilter: xt_osf: Add missing permission checks (Kevin Cernekee) [Orabug: 29037831] (CVE-2017-17450)\n\n - x86/speculation: Fix bad argument to rdmsrl in cpu_set_bug_bits (Alejandro Jimenez) [Orabug: 29044805]", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-02-06T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0002)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-17450", "CVE-2017-18079", "CVE-2017-18174", "CVE-2017-18221", "CVE-2017-18255", "CVE-2017-9725", "CVE-2018-1092", "CVE-2018-1094", "CVE-2018-18397", "CVE-2018-19824", "CVE-2018-5848", "CVE-2018-7995", "CVE-2018-9363", "CVE-2018-9516", "CVE-2019-5489"], "modified": "2022-05-25T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2019-0002.NASL", "href": "https://www.tenable.com/plugins/nessus/121605", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2019-0002.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(121605);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\"CVE-2017-17450\", \"CVE-2017-18079\", \"CVE-2017-18174\", \"CVE-2017-18221\", \"CVE-2017-18255\", \"CVE-2017-9725\", \"CVE-2018-1092\", \"CVE-2018-1094\", \"CVE-2018-18397\", \"CVE-2018-19824\", \"CVE-2018-5848\", \"CVE-2018-7995\", \"CVE-2018-9363\", \"CVE-2018-9516\", \"CVE-2019-5489\");\n\n script_name(english:\"OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0002)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - rds: congestion updates can be missed when kernel low on\n memory (Mukesh Kacker) [Orabug: 28425811]\n\n - net/rds: ib: Fix endless RNR Retries caused by memory\n allocation failures (Venkat Venkatsubra) [Orabug:\n 28127993]\n\n - net: rds: fix excess initialization of the recv SGEs\n (Zhu Yanjun) [Orabug: 29004503]\n\n - xhci: fix usb2 resume timing and races. (Mathias Nyman)\n [Orabug: 29028940]\n\n - xhci: Fix a race in usb2 LPM resume, blocking U3 for\n usb2 devices (Mathias Nyman) [Orabug: 29028940]\n\n - userfaultfd: check VM_MAYWRITE was set after verifying\n the uffd is registered (Andrea Arcangeli) [Orabug:\n 29163750] (CVE-2018-18397)\n\n - userfaultfd: shmem/hugetlbfs: only allow to register\n VM_MAYWRITE vmas (Andrea Arcangeli) [Orabug: 29163750]\n (CVE-2018-18397)\n\n - x86/apic/x2apic: set affinity of a single interrupt to\n one cpu (Jianchao Wang) [Orabug: 29196396]\n\n - xen/blkback: rework validate_io_op (Dongli Zhang)\n [Orabug: 29199843]\n\n - xen/blkback: optimize validate_io_op to filter\n BLKIF_OP_RESERVED_1 operation (Dongli Zhang) [Orabug:\n 29199843]\n\n - xen/blkback: do not BUG for invalid blkif_request from\n frontend (Dongli Zhang) [Orabug: 29199843]\n\n - net/rds: WARNING: at net/rds/recv.c:222\n rds_recv_hs_exthdrs+0xf8/0x1e0 (Venkat Venkatsubra)\n [Orabug: 29201779]\n\n - xen-netback: wake up xenvif_dealloc_kthread when it\n should stop (Dongli Zhang) [Orabug: 29217927]\n\n - Revert 'xfs: remove nonblocking mode from\n xfs_vm_writepage' (Wengang Wang) [Orabug: 29279692]\n\n - Revert 'xfs: remove xfs_cancel_ioend' (Wengang Wang)\n [Orabug: 29279692]\n\n - Revert 'xfs: Introduce writeback context for writepages'\n (Wengang Wang) [Orabug: 29279692]\n\n - Revert 'xfs: xfs_cluster_write is redundant' (Wengang\n Wang) [Orabug: 29279692]\n\n - Revert 'xfs: factor mapping out of xfs_do_writepage'\n (Wengang Wang) [Orabug: 29279692]\n\n - Revert 'xfs: don't chain ioends during writepage\n submission' (Wengang Wang) [Orabug: 29279692]\n\n - mstflint: Fix coding style issues - left with\n LINUX_VERSION_CODE (Idan Mehalel) [Orabug: 28878697]\n\n - mstflint: Fix coding-style issues (Idan Mehalel)\n [Orabug: 28878697]\n\n - mstflint: Fix errors found with checkpatch script (Idan\n Mehalel) [Orabug: 28878697]\n\n - Added support for 5th Gen devices in Secure Boot module\n and mtcr (Adham Masarwah) [Orabug: 28878697]\n\n - Fix typos in mst_kernel (Adham Masarwah) [Orabug:\n 28878697]\n\n - bnxt_en: Report PCIe link properties with\n pcie_print_link_status (Brian Maly) [Orabug: 28942099]\n\n - selinux: Perform both commoncap and selinux xattr checks\n (Eric W. Biederman) [Orabug: 28951521]\n\n - Introduce v3 namespaced file capabilities (Serge E.\n Hallyn) [Orabug: 28951521]\n\n - rds: ib: Use a delay when reconnecting to the very same\n IP address (H&aring kon Bugge) [Orabug: 29138813]\n\n - Change mincore to count 'mapped' pages rather than\n 'cached' pages (Linus Torvalds) [Orabug: 29187415]\n (CVE-2019-5489)\n\n - NFSD: Set the attributes used to store the verifier for\n EXCLUSIVE4_1 (Kinglong Mee) [Orabug: 29204157]\n\n - ext4: update i_disksize when new eof exceeds it (Shan\n Hai) [Orabug: 28940828]\n\n - ext4: update i_disksize if direct write past ondisk size\n (Eryu Guan) [Orabug: 28940828]\n\n - ext4: protect i_disksize update by i_data_sem in direct\n write path (Eryu Guan) [Orabug: 28940828]\n\n - ALSA: usb-audio: Fix UAF decrement if card has no live\n interfaces in card.c (Hui Peng) [Orabug: 29042981]\n (CVE-2018-19824)\n\n - ALSA: usb-audio: Replace probing flag with active\n refcount (Takashi Iwai) [Orabug: 29042981]\n (CVE-2018-19824)\n\n - ALSA: usb-audio: Avoid nested autoresume calls (Takashi\n Iwai) [Orabug: 29042981] (CVE-2018-19824)\n\n - ext4: validate that metadata blocks do not overlap\n superblock (Theodore Ts'o) [Orabug: 29114440]\n (CVE-2018-1094)\n\n - ext4: update inline int ext4_has_metadata_csum(struct\n super_block *sb) (John Donnelly) [Orabug: 29114440]\n (CVE-2018-1094)\n\n - ext4: always initialize the crc32c checksum driver\n (Theodore Ts'o) [Orabug: 29114440] (CVE-2018-1094)\n (CVE-2018-1094)\n\n - Revert 'bnxt_en: Reduce default rings on multi-port\n cards.' (Brian Maly) [Orabug: 28687746]\n\n - mlx4_core: Disable P_Key Violation Traps (H&aring kon\n Bugge) [Orabug: 27693633]\n\n - rds: RDS connection does not reconnect after CQ access\n violation error (Venkat Venkatsubra) [Orabug: 28733324]\n\n - KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL\n (KarimAllah Ahmed) [Orabug: 28069548]\n\n - KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL -\n reloaded (Mihai Carabas) [Orabug: 28069548]\n\n - KVM/x86: Add IBPB support (Ashok Raj) [Orabug: 28069548]\n\n - KVM: x86: pass host_initiated to functions that read\n MSRs (Paolo Bonzini) [Orabug: 28069548]\n\n - KVM: VMX: make MSR bitmaps per-VCPU (Paolo Bonzini)\n [Orabug: 28069548]\n\n - KVM: VMX: introduce alloc_loaded_vmcs (Paolo Bonzini)\n [Orabug: 28069548]\n\n - KVM: nVMX: Eliminate vmcs02 pool (Jim Mattson) [Orabug:\n 28069548]\n\n - KVM: nVMX: fix msr bitmaps to prevent L2 from accessing\n L0 x2APIC (Radim Kr&#x10D m&aacute &#x159 ) [Orabug:\n 28069548]\n\n - ocfs2: don't clear bh uptodate for block read (Junxiao\n Bi) [Orabug: 28762940]\n\n - ocfs2: clear journal dirty flag after shutdown journal\n (Junxiao Bi) [Orabug: 28924775]\n\n - ocfs2: fix panic due to unrecovered local alloc (Junxiao\n Bi) [Orabug: 28924775]\n\n - net: rds: fix rds_ib_sysctl_max_recv_allocation error\n (Zhu Yanjun) [Orabug: 28947481]\n\n - x86/speculation: Always disable IBRS in\n disable_ibrs_and_friends (Alejandro Jimenez) [Orabug:\n 29139710]\n\n - pinctrl: amd: Use devm_pinctrl_register for pinctrl\n registration (Laxman Dewangan) [Orabug: 27539246]\n (CVE-2017-18174)\n\n - mlock: fix mlock count can not decrease in race\n condition (Yisheng Xie) [Orabug: 27677611]\n (CVE-2017-18221)\n\n - perf/core: Fix the perf_cpu_time_max_percent check (Tan\n Xiaojun) [Orabug: 27823815] (CVE-2017-18255)\n\n - x86/microcode/intel: Fix a wrong assignment of revision\n in _save_mc (Zhenzhong Duan) [Orabug: 28190263]\n\n - mm: cma: fix incorrect type conversion for size during\n dma allocation (Rohit Vaswani) [Orabug: 28407826]\n (CVE-2017-9725)\n\n - x86/speculation: Make enhanced IBRS the default spectre\n v2 mitigation (Alejandro Jimenez) [Orabug: 28474851]\n\n - x86/speculation: Enable enhanced IBRS usage (Alejandro\n Jimenez) [Orabug: 28474851]\n\n - x86/speculation: functions for supporting enhanced IBRS\n (Alejandro Jimenez) [Orabug: 28474851]\n\n - xen/blkback: fix disconnect while I/Os in flight\n (Juergen Gross) [Orabug: 28744234]\n\n - mlx4_vnic: use the mlid while calling ib_detach_mcast\n (aru kolappan) [Orabug: 29029705]\n\n - ext4: fail ext4_iget for root directory if unallocated\n (Theodore Ts'o) [Orabug: 29048557] (CVE-2018-1092)\n (CVE-2018-1092)\n\n - Bluetooth: hidp: buffer overflow in hidp_process_report\n (Mark Salyzyn) [Orabug: 29121215] (CVE-2018-9363)\n (CVE-2018-9363)\n\n - HID: debug: check length before copy_to_user (Daniel\n Rosenberg) [Orabug: 29128165] (CVE-2018-9516)\n\n - x86/MCE: Serialize sysfs changes (Seunghun Han) [Orabug:\n 29149888] (CVE-2018-7995)\n\n - Input: i8042 - fix crash at boot time (Chen Hong)\n [Orabug: 29152328] (CVE-2017-18079)\n\n - base/memory, hotplug: fix a kernel oops in\n show_valid_zones (Toshi Kani) [Orabug: 29050538]\n\n - mm/memory_hotplug.c: check start_pfn in\n test_pages_in_a_zone (Toshi Kani) [Orabug: 29050538]\n\n - drivers/base/memory.c: prohibit offlining of memory\n blocks with missing sections (Seth Jennings) [Orabug:\n 29050538]\n\n - mm: Check if section present during memory block\n (un)registering (Yinghai Lu) [Orabug: 29050538]\n\n - hugetlb: take PMD sharing into account when flushing\n tlb/caches (Mike Kravetz) [Orabug: 28951854]\n\n - mm: migration: fix migration of huge PMD shared pages\n (Mike Kravetz) [Orabug: 28951854]\n\n - hugetlbfs: use truncate mutex to prevent pmd sharing\n race (Mike Kravetz) [Orabug: 28896255]\n\n - rds: ib: Improve tracing during failover/back\n (H&aring kon Bugge) [Orabug: 28860366]\n\n - rds: ib: Remove superfluous add of address on fail-back\n device (H&aring kon Bugge) [Orabug: 28860366]\n\n - libiscsi: Fix NULL pointer dereference in\n iscsi_eh_session_reset (Fred Herard) [Orabug: 28946207]\n\n - wil6210: missing length check in wmi_set_ie (Lior David)\n [Orabug: 28951265] (CVE-2018-5848)\n\n - netfilter: xt_osf: Add missing permission checks (Kevin\n Cernekee) [Orabug: 29037831] (CVE-2017-17450)\n\n - x86/speculation: Fix bad argument to rdmsrl in\n cpu_set_bug_bits (Alejandro Jimenez) [Orabug: 29044805]\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2019-February/000927.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e632fc23\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-9725\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/09/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-4.1.12-124.24.5.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-firmware-4.1.12-124.24.5.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-09T00:26:07", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - The hid_input_field() function in 'drivers/hid/hid-core.c' in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device.(CVE-2016-7915i1/4%0\n\n - The Linux kernel, before version 4.14.2, is vulnerable to a deadlock caused by fs/ocfs2/file.c:ocfs2_setattr(), as the function does not wait for DIO requests before locking the inode.\n This can be exploited by local users to cause a subsequent denial of service.(CVE-2017-18204i1/4%0\n\n - The vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.11.4 defines a backup_handle variable but does not give it an initial value. If one attempts to create a GB surface, with a previously allocated DMA buffer to be used as a backup buffer, the backup_handle variable does not get written to and is then later returned to user space, allowing local users to obtain sensitive information from uninitialized kernel memory via a crafted ioctl call.(CVE-2017-9605i1/4%0\n\n - Use-after-free vulnerability in the nfqnl_zcopy function in net/netfilter/nfnetlink_queue_core.c in the Linux kernel through 3.13.6 allows attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation. NOTE: the affected code was moved to the skb_zerocopy function in net/core/skbuff.c before the vulnerability was announced.(CVE-2014-2568i1/4%0\n\n - It was found that the Linux kernel's ISO file system implementation did not correctly limit the traversal of Rock Ridge extension Continuation Entries (CE). An attacker with physical access to the system could use this flaw to trigger an infinite loop in the kernel, resulting in a denial of service.(CVE-2014-9420i1/4%0\n\n - An integer overflow vulnerability was found in the ring_buffer_resize() calculations in which a privileged user can adjust the size of the ringbuffer message size. These calculations can create an issue where the kernel memory allocator will not allocate the correct count of pages yet expect them to be usable. This can lead to the ftrace() output to appear to corrupt kernel memory and possibly be used for privileged escalation or more likely kernel panic.(CVE-2016-9754i1/4%0\n\n - A symlink size validation was missing in Linux kernels built with UDF file system (CONFIG_UDF_FS) support, allowing the corruption of kernel memory. An attacker able to mount a corrupted/malicious UDF file system image could cause the kernel to crash.(CVE-2014-9730i1/4%0\n\n - In was found that in the Linux kernel, in vmw_surface_define_ioctl() function in 'drivers/gpu/drm/vmwgfx/vmwgfx_surface.c' file, a 'num_sizes' parameter is assigned a user-controlled value which is not checked if it is zero. This is used in a call to kmalloc() and later leads to dereferencing ZERO_SIZE_PTR, which in turn leads to a GPF and possibly to a kernel panic.(CVE-2017-7261i1/4%0\n\n - A race condition flaw was found in the way the Linux kernel keys management subsystem performed key garbage collection. A local attacker could attempt accessing a key while it was being garbage collected, which would cause the system to crash.(CVE-2014-9529i1/4%0\n\n - A flaw was found in the Linux kernel's implementation of i8042 serial ports. An attacker could cause a kernel panic if they are able to add and remove devices as the module is loaded.(CVE-2017-18079i1/4%0\n\n - drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device.(CVE-2013-2892i1/4%0\n\n - The __clear_user function in arch/arm64/lib/clear_user.S in the Linux kernel before 3.17.4 on the ARM64 platform allows local users to cause a denial of service (system crash) by reading one byte beyond a /dev/zero page boundary.(CVE-2014-7843i1/4%0\n\n - A divide-by-zero vulnerability was found in a way the kernel processes TCP connections. The error can occur if a connection starts another cwnd reduction phase by setting tp-i1/4zprior_cwnd to the current cwnd (0) in tcp_init_cwnd_reduction(). A remote, unauthenticated attacker could use this flaw to crash the kernel (denial of service).(CVE-2016-2070i1/4%0\n\n - The adjust_branches function in kernel/bpf/verifier.c in the Linux kernel before 4.5 does not consider the delta in the backward-jump case, which allows local users to obtain sensitive information from kernel memory by creating a packet filter and then loading crafted BPF instructions.(CVE-2016-2383i1/4%0\n\n - System using the infiniband support module ib_srpt were vulnerable to a denial of service by system crash by a local attacker who is able to abort writes to a device using this initiator.(CVE-2016-6327i1/4%0\n\n - A security flaw was found in the Linux kernel in the mark_source_chains() function in 'net/ipv4/netfilter/ip_tables.c'. It is possible for a user-supplied 'ipt_entry' structure to have a large 'next_offset' field. This field is not bounds checked prior to writing to a counter value at the supplied offset.(CVE-2016-3134i1/4%0\n\n - An out-of-bounds access issue was discovered in yurex_read() in drivers/usb/misc/yurex.c in the Linux kernel. A local attacker could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges.(CVE-2018-16276i1/4%0\n\n - drivers/media/v4l2-core/videobuf2-v4l2.c in the Linux kernel before 4.5.3 allows local users to cause a denial of service (kernel memory write operation) or possibly have unspecified other impact via a crafted number of planes in a VIDIOC_DQBUF ioctl call.(CVE-2016-4568i1/4%0\n\n - The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel, before 4.13.8, allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup.(CVE-2017-16525i1/4%0\n\n - The Linux kernel is vulnerable to a NULL pointer dereference in the ext4/xattr.c:ext4_xattr_inode_hash() function. An attacker could trick a legitimate user or a privileged attacker could exploit this to cause a NULL pointer dereference with a crafted ext4 image.\n (CVE-2018-1094)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1472)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-2892", "CVE-2014-2568", "CVE-2014-7843", "CVE-2014-9420", "CVE-2014-9529", "CVE-2014-9730", "CVE-2016-2070", "CVE-2016-2383", "CVE-2016-3134", "CVE-2016-4568", "CVE-2016-6327", "CVE-2016-7915", "CVE-2016-9754", "CVE-2017-16525", "CVE-2017-18079", "CVE-2017-18204", "CVE-2017-7261", "CVE-2017-9605", "CVE-2018-1094", "CVE-2018-16276"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1472.NASL", "href": "https://www.tenable.com/plugins/nessus/124796", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124796);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2013-2892\",\n \"CVE-2014-2568\",\n \"CVE-2014-7843\",\n \"CVE-2014-9420\",\n \"CVE-2014-9529\",\n \"CVE-2014-9730\",\n \"CVE-2016-2070\",\n \"CVE-2016-2383\",\n \"CVE-2016-3134\",\n \"CVE-2016-4568\",\n \"CVE-2016-6327\",\n \"CVE-2016-7915\",\n \"CVE-2016-9754\",\n \"CVE-2017-16525\",\n \"CVE-2017-18079\",\n \"CVE-2017-18204\",\n \"CVE-2017-7261\",\n \"CVE-2017-9605\",\n \"CVE-2018-1094\",\n \"CVE-2018-16276\"\n );\n script_bugtraq_id(\n 62049,\n 66348,\n 71082,\n 71717,\n 71880,\n 74964\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1472)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - The hid_input_field() function in\n 'drivers/hid/hid-core.c' in the Linux kernel before 4.6\n allows physically proximate attackers to obtain\n sensitive information from kernel memory or cause a\n denial of service (out-of-bounds read) by connecting a\n device.(CVE-2016-7915i1/4%0\n\n - The Linux kernel, before version 4.14.2, is vulnerable\n to a deadlock caused by\n fs/ocfs2/file.c:ocfs2_setattr(), as the function does\n not wait for DIO requests before locking the inode.\n This can be exploited by local users to cause a\n subsequent denial of service.(CVE-2017-18204i1/4%0\n\n - The vmw_gb_surface_define_ioctl function (accessible\n via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in\n drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux\n kernel through 4.11.4 defines a backup_handle variable\n but does not give it an initial value. If one attempts\n to create a GB surface, with a previously allocated DMA\n buffer to be used as a backup buffer, the backup_handle\n variable does not get written to and is then later\n returned to user space, allowing local users to obtain\n sensitive information from uninitialized kernel memory\n via a crafted ioctl call.(CVE-2017-9605i1/4%0\n\n - Use-after-free vulnerability in the nfqnl_zcopy\n function in net/netfilter/nfnetlink_queue_core.c in the\n Linux kernel through 3.13.6 allows attackers to obtain\n sensitive information from kernel memory by leveraging\n the absence of a certain orphaning operation. NOTE: the\n affected code was moved to the skb_zerocopy function in\n net/core/skbuff.c before the vulnerability was\n announced.(CVE-2014-2568i1/4%0\n\n - It was found that the Linux kernel's ISO file system\n implementation did not correctly limit the traversal of\n Rock Ridge extension Continuation Entries (CE). An\n attacker with physical access to the system could use\n this flaw to trigger an infinite loop in the kernel,\n resulting in a denial of service.(CVE-2014-9420i1/4%0\n\n - An integer overflow vulnerability was found in the\n ring_buffer_resize() calculations in which a privileged\n user can adjust the size of the ringbuffer message\n size. These calculations can create an issue where the\n kernel memory allocator will not allocate the correct\n count of pages yet expect them to be usable. This can\n lead to the ftrace() output to appear to corrupt kernel\n memory and possibly be used for privileged escalation\n or more likely kernel panic.(CVE-2016-9754i1/4%0\n\n - A symlink size validation was missing in Linux kernels\n built with UDF file system (CONFIG_UDF_FS) support,\n allowing the corruption of kernel memory. An attacker\n able to mount a corrupted/malicious UDF file system\n image could cause the kernel to crash.(CVE-2014-9730i1/4%0\n\n - In was found that in the Linux kernel, in\n vmw_surface_define_ioctl() function in\n 'drivers/gpu/drm/vmwgfx/vmwgfx_surface.c' file, a\n 'num_sizes' parameter is assigned a user-controlled\n value which is not checked if it is zero. This is used\n in a call to kmalloc() and later leads to dereferencing\n ZERO_SIZE_PTR, which in turn leads to a GPF and\n possibly to a kernel panic.(CVE-2017-7261i1/4%0\n\n - A race condition flaw was found in the way the Linux\n kernel keys management subsystem performed key garbage\n collection. A local attacker could attempt accessing a\n key while it was being garbage collected, which would\n cause the system to crash.(CVE-2014-9529i1/4%0\n\n - A flaw was found in the Linux kernel's implementation\n of i8042 serial ports. An attacker could cause a kernel\n panic if they are able to add and remove devices as the\n module is loaded.(CVE-2017-18079i1/4%0\n\n - drivers/hid/hid-pl.c in the Human Interface Device\n (HID) subsystem in the Linux kernel through 3.11, when\n CONFIG_HID_PANTHERLORD is enabled, allows physically\n proximate attackers to cause a denial of service\n (heap-based out-of-bounds write) via a crafted\n device.(CVE-2013-2892i1/4%0\n\n - The __clear_user function in\n arch/arm64/lib/clear_user.S in the Linux kernel before\n 3.17.4 on the ARM64 platform allows local users to\n cause a denial of service (system crash) by reading one\n byte beyond a /dev/zero page boundary.(CVE-2014-7843i1/4%0\n\n - A divide-by-zero vulnerability was found in a way the\n kernel processes TCP connections. The error can occur\n if a connection starts another cwnd reduction phase by\n setting tp-i1/4zprior_cwnd to the current cwnd (0) in\n tcp_init_cwnd_reduction(). A remote, unauthenticated\n attacker could use this flaw to crash the kernel\n (denial of service).(CVE-2016-2070i1/4%0\n\n - The adjust_branches function in kernel/bpf/verifier.c\n in the Linux kernel before 4.5 does not consider the\n delta in the backward-jump case, which allows local\n users to obtain sensitive information from kernel\n memory by creating a packet filter and then loading\n crafted BPF instructions.(CVE-2016-2383i1/4%0\n\n - System using the infiniband support module ib_srpt were\n vulnerable to a denial of service by system crash by a\n local attacker who is able to abort writes to a device\n using this initiator.(CVE-2016-6327i1/4%0\n\n - A security flaw was found in the Linux kernel in the\n mark_source_chains() function in\n 'net/ipv4/netfilter/ip_tables.c'. It is possible for a\n user-supplied 'ipt_entry' structure to have a large\n 'next_offset' field. This field is not bounds checked\n prior to writing to a counter value at the supplied\n offset.(CVE-2016-3134i1/4%0\n\n - An out-of-bounds access issue was discovered in\n yurex_read() in drivers/usb/misc/yurex.c in the Linux\n kernel. A local attacker could use user access\n read/writes with incorrect bounds checking in the yurex\n USB driver to crash the kernel or potentially escalate\n privileges.(CVE-2018-16276i1/4%0\n\n - drivers/media/v4l2-core/videobuf2-v4l2.c in the Linux\n kernel before 4.5.3 allows local users to cause a\n denial of service (kernel memory write operation) or\n possibly have unspecified other impact via a crafted\n number of planes in a VIDIOC_DQBUF ioctl\n call.(CVE-2016-4568i1/4%0\n\n - The usb_serial_console_disconnect function in\n drivers/usb/serial/console.c in the Linux kernel,\n before 4.13.8, allows local users to cause a denial of\n service (use-after-free and system crash) or possibly\n have unspecified other impact via a crafted USB device,\n related to disconnection and failed\n setup.(CVE-2017-16525i1/4%0\n\n - The Linux kernel is vulnerable to a NULL pointer\n dereference in the ext4/xattr.c:ext4_xattr_inode_hash()\n function. An attacker could trick a legitimate user or\n a privileged attacker could exploit this to cause a\n NULL pointer dereference with a crafted ext4 image.\n (CVE-2018-1094)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1472\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?349d271e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-16276\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.28-1.2.117\",\n \"kernel-devel-4.19.28-1.2.117\",\n \"kernel-headers-4.19.28-1.2.117\",\n \"kernel-tools-4.19.28-1.2.117\",\n \"kernel-tools-libs-4.19.28-1.2.117\",\n \"kernel-tools-libs-devel-4.19.28-1.2.117\",\n \"perf-4.19.28-1.2.117\",\n \"python-perf-4.19.28-1.2.117\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:22:31", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel, before 4.13.8, allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16533)\n\n - The cdc_parse_cdc_header() function in 'drivers/usb/core/message.c' in the Linux kernel, before 4.13.6, allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2017-16534)\n\n - The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel can allow a local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16535)\n\n - The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16536)\n\n - The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16537)\n\n - The drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel, through 4.13.11, allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner).(CVE-2017-16538)\n\n - The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16643)\n\n - The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16644)\n\n - The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel, through 4.13.11, allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16645)\n\n - The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16649)\n\n - The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.(CVE-2017-16650)\n\n - The Linux kernel is vulerable to a use-after-free flaw when Transformation User configuration interface(CONFIG_XFRM_USER) compile-time configuration were enabled. This vulnerability occurs while closing a xfrm netlink socket in xfrm_dump_policy_done. A user/process could abuse this flaw to potentially escalate their privileges on a system.(CVE-2017-16939)\n\n - The net/netfilter/nfnetlink_cthelper.c function in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations. This allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces.(CVE-2017-17448)\n\n - The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel, through 4.14.4, does not restrict observations of Netlink messages to a single net namespace, when CONFIG_NLMON is enabled. This allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system.(CVE-2017-17449)\n\n - net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations. This allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all network namespaces.(CVE-2017-17450)\n\n - The usb_destroy_configuration() function, in 'drivers/usb/core/config.c' in the USB core subsystem, in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources. This allows local users to cause a denial of service, due to out-of-bounds write access, or possibly have unspecified other impact via a crafted USB device. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2017-17558)\n\n - The Salsa20 encryption algorithm in the Linux kernel, before 4.14.8, does not correctly handle zero-length inputs. This allows a local attacker the ability to use the AF_ALG-based skcipher interface to cause a denial of service (uninitialized-memory free and kernel crash) or have an unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 are vulnerable.(CVE-2017-17805)\n\n - The HMAC implementation (crypto/hmac.c) in the Linux kernel, before 4.14.8, does not validate that the underlying cryptographic hash algorithm is unkeyed.\n This allows a local attacker, able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3), to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization.(CVE-2017-17806)\n\n - The KEYS subsystem in the Linux kernel omitted an access-control check when writing a key to the current task's default keyring, allowing a local user to bypass security checks to the keyring. This compromises the validity of the keyring for those who rely on it.(CVE-2017-17807)\n\n - A flaw was found in the Linux kernel's implementation of i8042 serial ports. An attacker could cause a kernel panic if they are able to add and remove devices as the module is loaded.(CVE-2017-18079)\n\n - The Linux kernel, before version 4.14.3, is vulnerable to a denial of service in drivers/md/dm.c:dm_get_from_kobject() which can be caused by local users leveraging a race condition with\n __dm_destroy() during creation and removal of DM devices. Only privileged local users (with CAP_SYS_ADMIN capability) can directly perform the ioctl operations for dm device creation and removal and this would typically be outside the direct control of the unprivileged attacker.(CVE-2017-18203)\n\n - The madvise_willneed function in the Linux kernel allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.(CVE-2017-18208)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1501)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-16533", "CVE-2017-16534", "CVE-2017-16535", "CVE-2017-16536", "CVE-2017-16537", "CVE-2017-16538", "CVE-2017-16643", "CVE-2017-16644", "CVE-2017-16645", "CVE-2017-16649", "CVE-2017-16650", "CVE-2017-16939", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17558", "CVE-2017-17805", "CVE-2017-17806", "CVE-2017-17807", "CVE-2017-18079", "CVE-2017-18203", "CVE-2017-18208"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1501.NASL", "href": "https://www.tenable.com/plugins/nessus/124824", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124824);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-16533\",\n \"CVE-2017-16534\",\n \"CVE-2017-16535\",\n \"CVE-2017-16536\",\n \"CVE-2017-16537\",\n \"CVE-2017-16538\",\n \"CVE-2017-16643\",\n \"CVE-2017-16644\",\n \"CVE-2017-16645\",\n \"CVE-2017-16649\",\n \"CVE-2017-16650\",\n \"CVE-2017-16939\",\n \"CVE-2017-17448\",\n \"CVE-2017-17449\",\n \"CVE-2017-17450\",\n \"CVE-2017-17558\",\n \"CVE-2017-17805\",\n \"CVE-2017-17806\",\n \"CVE-2017-17807\",\n \"CVE-2017-18079\",\n \"CVE-2017-18203\",\n \"CVE-2017-18208\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1501)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - The usbhid_parse function in\n drivers/hid/usbhid/hid-core.c in the Linux kernel,\n before 4.13.8, allows local users to cause a denial of\n service (out-of-bounds read and system crash) or\n possibly have unspecified other impact via a crafted\n USB device.(CVE-2017-16533)\n\n - The cdc_parse_cdc_header() function in\n 'drivers/usb/core/message.c' in the Linux kernel,\n before 4.13.6, allows local users to cause a denial of\n service (out-of-bounds read and system crash) or\n possibly have unspecified other impact via a crafted\n USB device. Due to the nature of the flaw, privilege\n escalation cannot be fully ruled out, although we\n believe it is unlikely.(CVE-2017-16534)\n\n - The usb_get_bos_descriptor function in\n drivers/usb/core/config.c in the Linux kernel can allow\n a local users to cause a denial of service\n (out-of-bounds read and system crash) or possibly have\n unspecified other impact via a crafted USB\n device.(CVE-2017-16535)\n\n - The cx231xx_usb_probe function in\n drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux\n kernel through 4.13.11 allows local users to cause a\n denial of service (NULL pointer dereference and system\n crash) or possibly have unspecified other impact via a\n crafted USB device.(CVE-2017-16536)\n\n - The imon_probe function in drivers/media/rc/imon.c in\n the Linux kernel through 4.13.11 allows local users to\n cause a denial of service (NULL pointer dereference and\n system crash) or possibly have unspecified other impact\n via a crafted USB device.(CVE-2017-16537)\n\n - The drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux\n kernel, through 4.13.11, allows local users to cause a\n denial of service (general protection fault and system\n crash) or possibly have unspecified other impact via a\n crafted USB device, related to a missing warm-start\n check and incorrect attach timing\n (dm04_lme2510_frontend_attach versus\n dm04_lme2510_tuner).(CVE-2017-16538)\n\n - The parse_hid_report_descriptor function in\n drivers/input/tablet/gtco.c in the Linux kernel before\n 4.13.11 allows local users to cause a denial of service\n (out-of-bounds read and system crash) or possibly have\n unspecified other impact via a crafted USB\n device.(CVE-2017-16643)\n\n - The hdpvr_probe function in\n drivers/media/usb/hdpvr/hdpvr-core.c in the Linux\n kernel through 4.13.11 allows local users to cause a\n denial of service (improper error handling and system\n crash) or possibly have unspecified other impact via a\n crafted USB device.(CVE-2017-16644)\n\n - The ims_pcu_get_cdc_union_desc function in\n drivers/input/misc/ims-pcu.c in the Linux kernel,\n through 4.13.11, allows local users to cause a denial\n of service (ims_pcu_parse_cdc_data out-of-bounds read\n and system crash) or possibly have unspecified other\n impact via a crafted USB device.(CVE-2017-16645)\n\n - The usbnet_generic_cdc_bind function in\n drivers/net/usb/cdc_ether.c in the Linux kernel through\n 4.13.11 allows local users to cause a denial of service\n (divide-by-zero error and system crash) or possibly\n have unspecified other impact via a crafted USB\n device.(CVE-2017-16649)\n\n - The qmi_wwan_bind function in\n drivers/net/usb/qmi_wwan.c in the Linux kernel through\n 4.13.11 allows local users to cause a denial of service\n (divide-by-zero error and system crash) or possibly\n have unspecified other impact via a crafted USB\n device.(CVE-2017-16650)\n\n - The Linux kernel is vulerable to a use-after-free flaw\n when Transformation User configuration\n interface(CONFIG_XFRM_USER) compile-time configuration\n were enabled. This vulnerability occurs while closing a\n xfrm netlink socket in xfrm_dump_policy_done. A\n user/process could abuse this flaw to potentially\n escalate their privileges on a system.(CVE-2017-16939)\n\n - The net/netfilter/nfnetlink_cthelper.c function in the\n Linux kernel through 4.14.4 does not require the\n CAP_NET_ADMIN capability for new, get, and del\n operations. This allows local users to bypass intended\n access restrictions because the nfnl_cthelper_list data\n structure is shared across all net\n namespaces.(CVE-2017-17448)\n\n - The __netlink_deliver_tap_skb function in\n net/netlink/af_netlink.c in the Linux kernel, through\n 4.14.4, does not restrict observations of Netlink\n messages to a single net namespace, when CONFIG_NLMON\n is enabled. This allows local users to obtain sensitive\n information by leveraging the CAP_NET_ADMIN capability\n to sniff an nlmon interface for all Netlink activity on\n the system.(CVE-2017-17449)\n\n - net/netfilter/xt_osf.c in the Linux kernel through\n 4.14.4 does not require the CAP_NET_ADMIN capability\n for add_callback and remove_callback operations. This\n allows local users to bypass intended access\n restrictions because the xt_osf_fingers data structure\n is shared across all network\n namespaces.(CVE-2017-17450)\n\n - The usb_destroy_configuration() function, in\n 'drivers/usb/core/config.c' in the USB core subsystem,\n in the Linux kernel through 4.14.5 does not consider\n the maximum number of configurations and interfaces\n before attempting to release resources. This allows\n local users to cause a denial of service, due to\n out-of-bounds write access, or possibly have\n unspecified other impact via a crafted USB device. Due\n to the nature of the flaw, privilege escalation cannot\n be fully ruled out, although we believe it is\n unlikely.(CVE-2017-17558)\n\n - The Salsa20 encryption algorithm in the Linux kernel,\n before 4.14.8, does not correctly handle zero-length\n inputs. This allows a local attacker the ability to use\n the AF_ALG-based skcipher interface to cause a denial\n of service (uninitialized-memory free and kernel crash)\n or have an unspecified other impact by executing a\n crafted sequence of system calls that use the\n blkcipher_walk API. Both the generic implementation\n (crypto/salsa20_generic.c) and x86 implementation\n (arch/x86/crypto/salsa20_glue.c) of Salsa20 are\n vulnerable.(CVE-2017-17805)\n\n - The HMAC implementation (crypto/hmac.c) in the Linux\n kernel, before 4.14.8, does not validate that the\n underlying cryptographic hash algorithm is unkeyed.\n This allows a local attacker, able to use the\n AF_ALG-based hash interface\n (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash\n algorithm (CONFIG_CRYPTO_SHA3), to cause a kernel stack\n buffer overflow by executing a crafted sequence of\n system calls that encounter a missing SHA-3\n initialization.(CVE-2017-17806)\n\n - The KEYS subsystem in the Linux kernel omitted an\n access-control check when writing a key to the current\n task's default keyring, allowing a local user to bypass\n security checks to the keyring. This compromises the\n validity of the keyring for those who rely on\n it.(CVE-2017-17807)\n\n - A flaw was found in the Linux kernel's implementation\n of i8042 serial ports. An attacker could cause a kernel\n panic if they are able to add and remove devices as the\n module is loaded.(CVE-2017-18079)\n\n - The Linux kernel, before version 4.14.3, is vulnerable\n to a denial of service in\n drivers/md/dm.c:dm_get_from_kobject() which can be\n caused by local users leveraging a race condition with\n __dm_destroy() during creation and removal of DM\n devices. Only privileged local users (with\n CAP_SYS_ADMIN capability) can directly perform the\n ioctl operations for dm device creation and removal and\n this would typically be outside the direct control of\n the unprivileged attacker.(CVE-2017-18203)\n\n - The madvise_willneed function in the Linux kernel\n allows local users to cause a denial of service\n (infinite loop) by triggering use of MADVISE_WILLNEED\n for a DAX mapping.(CVE-2017-18208)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1501\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4cf08299\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-18079\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.6_42\",\n \"kernel-devel-3.10.0-862.14.1.6_42\",\n \"kernel-headers-3.10.0-862.14.1.6_42\",\n \"kernel-tools-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-3.10.0-862.14.1.6_42\",\n \"kernel-tools-libs-devel-3.10.0-862.14.1.6_42\",\n \"perf-3.10.0-862.14.1.6_42\",\n \"python-perf-3.10.0-862.14.1.6_42\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T16:11:50", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4316 advisory. - The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot. (CVE-2015-7837) - The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call. (CVE-2016-3841) - The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. (CVE-2017-18017) - In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition. (CVE-2018-1000004) - The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable. (CVE-2017-17805) - The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image. (CVE-2018-1092) - In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. (CVE-2018-5848) - Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file. (CVE-2018-7757) - It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation. (CVE-2018-10902) - An elevation of privilege vulnerability in the kernel scsi driver. Product: Android. Versions: Android kernel.\nAndroid ID A-65023233. (CVE-2017-13168) - ** DISPUTED ** Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream in http://www.nessus.org/u?5d4e77b1 already. The problem has limited scope, as users don't usually have permissions to access SCSI devices. On the other hand, e.g. the Nero user manual suggests doing `chmod o+r+w /dev/sg*` to make the devices accessible. NOTE: third parties dispute the relevance of this report, noting that the requirement for an attacker to have both the CAP_SYS_ADMIN and CAP_SYS_RAWIO capabilities makes it virtually impossible to exploit. (CVE-2018-1000204) - An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658. (CVE-2018-18710) - The UDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows local users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related to fs/udf/inode.c and fs/udf/symlink.c. (CVE-2014-9728) - The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in the Linux kernel before 4.6.1 supports MSR 0x2f8, which allows guest OS users to read or write to the kvm_arch_vcpu data structure, and consequently obtain sensitive information or cause a denial of service (system crash), via a crafted ioctl call. (CVE-2016-3713) - The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization. (CVE-2017-17806) - An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR. (CVE-2018-7755) - ** DISPUTED\n** drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel before 4.16 allows local users to cause a denial of service (ata qc leak) by triggering certain failure conditions. NOTE: a third party disputes the relevance of this report because the failure can only occur for physically proximate attackers who unplug SAS Host Bus Adapter cables.\n(CVE-2018-10021) - drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated. (CVE-2017-18079) - An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.\n(CVE-2017-14051) - net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces. (CVE-2017-17450) - ** DISPUTED ** Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to the check_interval file in a /sys/devices/system/machinecheck/machinecheck directory. NOTE: a third party has indicated that this report is not security relevant. (CVE-2018-7995) - In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-71361580. (CVE-2018-9516) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-01-07T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4316)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9728", "CVE-2015-7837", "CVE-2016-3713", "CVE-2016-3841", "CVE-2017-13168", "CVE-2017-14051", "CVE-2017-17450", "CVE-2017-17805", "CVE-2017-17806", "CVE-2017-18017", "CVE-2017-18079", "CVE-2018-1000004", "CVE-2018-1000204", "CVE-2018-10021", "CVE-2018-10902", "CVE-2018-1092", "CVE-2018-10940", "CVE-2018-16658", "CVE-2018-18710", "CVE-2018-5848", "CVE-2018-7755", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-9516"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.29.1.el6uek", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.29.1.el7uek", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2019-4316.NASL", "href": "https://www.tenable.com/plugins/nessus/120977", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-4316.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120977);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2015-7837\",\n \"CVE-2016-3841\",\n \"CVE-2017-14051\",\n \"CVE-2017-17450\",\n \"CVE-2017-18079\",\n \"CVE-2018-1092\",\n \"CVE-2018-5848\",\n \"CVE-2018-7995\",\n \"CVE-2018-9516\",\n \"CVE-2018-1000004\"\n );\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4316)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2019-4316 advisory. - The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG\n2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot\nrestrictions by leveraging improper handling of secure_boot flag across kexec reboot. (CVE-2015-7837) - The IPv6\nstack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause\na denial of service (use-after-free and system crash) via a crafted sendmsg system call. (CVE-2016-3841) - The\ntcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36,\nallows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have\nunspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. (CVE-2017-18017) - In the\nLinux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound\nsystem, this can lead to a deadlock and denial of service condition. (CVE-2018-1000004) - The Salsa20 encryption\nalgorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker\nable to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service\n(uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of\nsystem calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86\nimplementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable. (CVE-2017-17805) - The ext4_iget\nfunction in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero\ni_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference\nand OOPS) via a crafted ext4 image. (CVE-2018-1092) - In the function wmi_set_ie(), the length validation code does\nnot handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a\nbuffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux\nKernel. (CVE-2018-5848) - Memory leak in the sas_smp_get_phy_events function in\ndrivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of\nservice (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by\nthe /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file. (CVE-2018-7757) - It was found that the raw midi\nkernel driver does not protect against concurrent access which leads to a double realloc (double free) in\nsnd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in\nrawmidi.c file. A malicious local attacker could possibly use this for privilege escalation. (CVE-2018-10902) -\nAn elevation of privilege vulnerability in the kernel scsi driver. Product: Android. Versions: Android kernel.\nAndroid ID A-65023233. (CVE-2017-13168) - ** DISPUTED ** Linux Kernel version 3.18 to 4.16 incorrectly handles an\nSG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up\nto 1000 kernel heap pages to the userspace. This has been fixed upstream in http://www.nessus.org/u?5d4e77b1\nalready. The problem has limited scope, as users don't usually have permissions to access SCSI devices. On the other\nhand, e.g. the Nero user manual suggests doing `chmod o+r+w /dev/sg*` to make the devices accessible. NOTE: third\nparties dispute the relevance of this report, noting that the requirement for an attacker to have both the\nCAP_SYS_ADMIN and CAP_SYS_RAWIO capabilities makes it virtually impossible to exploit. (CVE-2018-1000204) - An\nissue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in\ndrivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to\nint interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658. (CVE-2018-18710) - The\nUDF filesystem implementation in the Linux kernel before 3.18.2 does not validate certain lengths, which allows\nlocal users to cause a denial of service (buffer over-read and system crash) via a crafted filesystem image, related\nto fs/udf/inode.c and fs/udf/symlink.c. (CVE-2014-9728) - The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in the\nLinux kernel before 4.6.1 supports MSR 0x2f8, which allows guest OS users to read or write to the kvm_arch_vcpu data\nstructure, and consequently obtain sensitive information or cause a denial of service (system crash), via a crafted\nioctl call. (CVE-2016-3713) - The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not\nvalidate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the\nAF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause\na kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3\ninitialization. (CVE-2017-17806) - An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c\nin the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the\nFDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the\nlocation of kernel code and data and bypass kernel security protections such as KASLR. (CVE-2018-7755) - ** DISPUTED\n** drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel before 4.16 allows local users to cause a denial of\nservice (ata qc leak) by triggering certain failure conditions. NOTE: a third party disputes the relevance of this\nreport because the failure can only occur for physically proximate attackers who unplug SAS Host Bus Adapter cables.\n(CVE-2018-10021) - drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial\nof service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the\nport->exists value can change after it is validated. (CVE-2017-18079) - An integer overflow in the\nqla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10\nallows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.\n(CVE-2017-14051) - net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN\ncapability for add_callback and remove_callback operations, which allows local users to bypass intended access\nrestrictions because the xt_osf_fingers data structure is shared across all net namespaces. (CVE-2017-17450) - **\nDISPUTED ** Race condition in the store_int_with_restart() function in arch/x86/kernel/cpu/mcheck/mce.c in the Linux\nkernel through 4.15.7 allows local users to cause a denial of service (panic) by leveraging root access to write to\nthe check_interval file in a /sys/devices/system/machinecheck/machinecheck directory. NOTE: a third party has indicated\nthat this report is not security relevant. (CVE-2018-7995) - In hid_debug_events_read of drivers/hid/hid-debug.c,\nthere is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of\nprivilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android\nVersions: Android kernel Android ID: A-71361580. (CVE-2018-9516) Note that Nessus has not tested for this issue but\nhas instead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-4316.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-18017\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.29.1.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.29.1.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.8.13-118.29.1.el6uek', '3.8.13-118.29.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-4316');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.8';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'dtrace-modules-3.8.13-118.29.1.el6uek-0.4.5-3.el6', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.29.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.29.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.29.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.29.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.29.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.29.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'},\n {'reference':'dtrace-modules-3.8.13-118.29.1.el7uek-0.4.5-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-3.8.13-118.29.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-3.8.13'},\n {'reference':'kernel-uek-debug-3.8.13-118.29.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-3.8.13'},\n {'reference':'kernel-uek-debug-devel-3.8.13-118.29.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-3.8.13'},\n {'reference':'kernel-uek-devel-3.8.13-118.29.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-3.8.13'},\n {'reference':'kernel-uek-doc-3.8.13-118.29.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-3.8.13'},\n {'reference':'kernel-uek-firmware-3.8.13-118.29.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-3.8.13'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'dtrace-modules-3.8.13-118.29.1.el6uek / dtrace-modules-3.8.13-118.29.1.el7uek / kernel-uek / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2021-07-30T06:24:20", "description": "[2.6.39-400.305.1]\n- ipv6: tcp: add rcu locking in tcp_v6_send_synack() (Eric Dumazet) [Orabug: 25059185] {CVE-2016-3841}\n- ipv6: add complete rcu protection around np->opt (Eric Dumazet) [Orabug: 25059185] {CVE-2016-3841}\n- scsi: qla2xxx: Fix an integer overflow in sysfs code (Dan Carpenter) [Orabug: 28220492] {CVE-2017-14051}\n- ext4: fail ext4_iget for root directory if unallocated (Theodore Ts'o) [Orabug: 28220543] {CVE-2018-1092} {CVE-2018-1092}\n- ALSA: seq: Fix regression by incorrect ioctl_mutex usages (Takashi Iwai) [Orabug: 29005191] {CVE-2018-1000004}\n- netfilter: xt_osf: Add missing permission checks (Kevin Cernekee) [Orabug: 29037833] {CVE-2017-17450}\n- HID: debug: check length before copy_to_user() (Daniel Rosenberg) [Orabug: 29128174] {CVE-2018-9516}\n- Input: i8042 - fix crash at boot time (Chen Hong) [Orabug: 29152330] {CVE-2017-18079}", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-01-04T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3841", "CVE-2017-14051", "CVE-2017-17450", "CVE-2017-18079", "CVE-2018-1000004", "CVE-2018-1092", "CVE-2018-9516"], "modified": "2019-01-04T00:00:00", "id": "ELSA-2019-4317", "href": "http://linux.oracle.com/errata/ELSA-2019-4317.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-30T06:24:33", "description": "[4.1.12-124.24.1]\n- pinctrl: amd: Use devm_pinctrl_register() for pinctrl registration (Laxman Dewangan) [Orabug: 27539246] {CVE-2017-18174}\n- mlock: fix mlock count can not decrease in race condition (Yisheng Xie) [Orabug: 27677611] {CVE-2017-18221}\n- perf/core: Fix the perf_cpu_time_max_percent check (Tan Xiaojun) [Orabug: 27823815] {CVE-2017-18255}\n- x86/microcode/intel: Fix a wrong assignment of revision in _save_mc (Zhenzhong Duan) [Orabug: 28190263] \n- mm: cma: fix incorrect type conversion for size during dma allocation (Rohit Vaswani) [Orabug: 28407826] {CVE-2017-9725}\n- x86/speculation: Make enhanced IBRS the default spectre v2 mitigation (Alejandro Jimenez) [Orabug: 28474851] \n- x86/speculation: Enable enhanced IBRS usage (Alejandro Jimenez) [Orabug: 28474851] \n- x86/speculation: functions for supporting enhanced IBRS (Alejandro Jimenez) [Orabug: 28474851] \n- xen/blkback: fix disconnect while I/Os in flight (Juergen Gross) [Orabug: 28744234] \n- mlx4_vnic: use the mlid while calling ib_detach_mcast (aru kolappan) [Orabug: 29029705] \n- ext4: fail ext4_iget for root directory if unallocated (Theodore Ts'o) [Orabug: 29048557] {CVE-2018-1092} {CVE-2018-1092}\n- Bluetooth: hidp: buffer overflow in hidp_process_report (Mark Salyzyn) [Orabug: 29121215] {CVE-2018-9363} {CVE-2018-9363}\n- HID: debug: check length before copy_to_user() (Daniel Rosenberg) [Orabug: 29128165] {CVE-2018-9516}\n- x86/MCE: Serialize sysfs changes (Seunghun Han) [Orabug: 29149888] {CVE-2018-7995}\n- Input: i8042 - fix crash at boot time (Chen Hong) [Orabug: 29152328] {CVE-2017-18079}", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-01-03T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18079", "CVE-2017-18174", "CVE-2017-18221", "CVE-2017-18255", "CVE-2017-9725", "CVE-2018-1092", "CVE-2018-7995", "CVE-2018-9363", "CVE-2018-9516"], "modified": "2019-01-03T00:00:00", "id": "ELSA-2019-4315", "href": "http://linux.oracle.com/errata/ELSA-2019-4315.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:25:10", "description": "kernel-uek\n[3.8.13-118.29.1]\n- Copy secure_boot flag in boot params across kexec reboot (Dave Young) [Orabug: 22066352] {CVE-2015-7837}\n- ipv6: tcp: add rcu locking in tcp_v6_send_synack() (Eric Dumazet) [Orabug: 25059183] {CVE-2016-3841}\n- ipv6: add complete rcu protection around np->opt (Eric Dumazet) [Orabug: 25059183] {CVE-2016-3841}\n- scsi: qla2xxx: Fix an integer overflow in sysfs code (Dan Carpenter) [Orabug: 28220420] {CVE-2017-14051}\n- ext4: fail ext4_iget for root directory if unallocated (Theodore Ts'o) [Orabug: 28220433] {CVE-2018-1092} {CVE-2018-1092}\n- certs: Add Oracle's new X509 cert into the kernel keyring (Eric Snowberg) [Orabug: 28926205] \n- ALSA: seq: Fix regression by incorrect ioctl_mutex usages (Takashi Iwai) [Orabug: 29005190] {CVE-2018-1000004}\n- netfilter: xt_osf: Add missing permission checks (Kevin Cernekee) [Orabug: 29037832] {CVE-2017-17450}\n- wil6210: missing length check in wmi_set_ie (Lior David) [Orabug: 29060697] {CVE-2018-5848}\n- HID: debug: check length before copy_to_user() (Daniel Rosenberg) [Orabug: 29128167] {CVE-2018-9516}\n- x86/MCE: Serialize sysfs changes (Seunghun Han) [Orabug: 29152249] {CVE-2018-7995}\n- Input: i8042 - fix crash at boot time (Chen Hong) [Orabug: 29152329] {CVE-2017-18079}", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2019-01-04T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9728", "CVE-2015-7837", "CVE-2016-3713", "CVE-2016-3841", "CVE-2017-13168", "CVE-2017-14051", "CVE-2017-17450", "CVE-2017-17805", "CVE-2017-17806", "CVE-2017-18017", "CVE-2017-18079", "CVE-2018-1000004", "CVE-2018-1000204", "CVE-2018-10021", "CVE-2018-10902", "CVE-2018-1092", "CVE-2018-18710", "CVE-2018-5848", "CVE-2018-7755", "CVE-2018-7757", "CVE-2018-7995", "CVE-2018-9516"], "modified": "2019-01-04T00:00:00", "id": "ELSA-2019-4316", "href": "http://linux.oracle.com/errata/ELSA-2019-4316.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2018-03-12T15:38:07", "description": "The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive\n various security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-5715: Systems with microprocessors utilizing speculative\n execution and indirect branch prediction may allow unauthorized\n disclosure of information to an attacker with local user access via a\n side-channel analysis (bnc#1068032).\n\n The previous fix using CPU Microcode has been complemented by building\n the Linux Kernel with return trampolines aka &quot;retpolines&quot;.\n\n - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function\n did not validate a value that is used during DMA page allocation,\n leading to a heap-based out-of-bounds write (related to the\n rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621).\n - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in\n net/rds/rdma.c mishandled cases where page pinning fails or an invalid\n address is supplied, leading to an rds_atomic_free_op NULL pointer\n dereference (bnc#1075617).\n - CVE-2017-18017: The tcpmss_mangle_packet function in\n net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers\n to cause a denial of service (use-after-free and memory corruption) or\n possibly have unspecified other impact by leveraging the presence of\n xt_TCPMSS in an iptables action (bnc#1074488).\n - CVE-2017-18079: drivers/input/serio/i8042.c in the Linux kernel allowed\n attackers to cause a denial of service (NULL pointer dereference and\n system crash) or possibly have unspecified other impact because the\n port-&gt;exists value can change after it is validated (bnc#1077922).\n - CVE-2017-17741: The KVM implementation in the Linux kernel allowed\n attackers to obtain potentially sensitive information from kernel\n memory, aka a write_mmio stack-based out-of-bounds read, related to\n arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311).\n - CVE-2017-13215: A elevation of privilege vulnerability in the Upstream\n kernel skcipher. (bnc#1075908).\n - CVE-2018-1000004: In the Linux kernel a race condition vulnerability\n exists in the sound system, this can lead to a deadlock and denial of\n service condition (bnc#1076017).\n\n The following non-security bugs were fixed:\n\n - cdc-acm: apply quirk for card reader (bsc#1060279).\n - Enable CPU vulnerabilities reporting via sysfs\n - fork: clear thread stack upon allocation (bsc#1077560).\n - kaiser: Set _PAGE_NX only if supported (bnc#1012382, bnc#1076278).\n - kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621\n bsc#1068032).\n - Move kABI fixup for retpolines to proper place.\n - powerpc/vdso64: Use double word compare on pointers (bsc#1070781).\n - s390: add ppa to the idle loop (bnc#1077406, LTC#163910).\n - s390/cpuinfo: show facilities as reported by stfle (bnc#1076849,\n LTC#163741).\n - storvsc: do not assume SG list is continuous when doing bounce buffers\n (bsc#1075410).\n - sysfs/cpu: Add vulnerability folder (bnc#1012382).\n - sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382).\n - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091).\n - x86/acpi: Handle SCI interrupts above legacy space gracefully\n (bsc#1068984).\n - x86/acpi: Reduce code duplication in mp_override_legacy_irq()\n (bsc#1068984).\n - x86/boot: Fix early command-line parsing when matching at end\n (bsc#1068032).\n - x86/cpu: Factor out application of forced CPU caps (bsc#1075994\n bsc#1075091).\n - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382).\n - x86/CPU: Sync CPU feature flags late (bsc#1075994 bsc#1075091).\n - x86/kaiser: Populate shadow PGD with NX bit only if supported by\n platform (bsc#1076154 bsc#1076278).\n - x86/kaiser: use trampoline stack for kernel entry.\n - x86/microcode/intel: Disable late loading on model 79 (bsc#1054305).\n - x86/microcode/intel: Extend BDW late-loading further with LLC size check\n (bsc#1054305).\n - x86/microcode/intel: Extend BDW late-loading with a revision check\n (bsc#1054305).\n - x86/microcode: Rescan feature flags upon late loading (bsc#1075994\n bsc#1075091).\n - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active\n (bsc#1068032).\n - x86/spec_ctrl: handle late setting of X86_FEATURE_SPEC_CTRL properly\n (bsc#1075994 bsc#1075091).\n - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994\n bsc#1075091).\n - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091).\n\n", "cvss3": {}, "published": "2018-03-12T12:08:22", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-18079", "CVE-2017-13215", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2017-5715", "CVE-2018-5332", "CVE-2017-18017"], "modified": "2018-03-12T12:08:22", "id": "SUSE-SU-2018:0660-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00030.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-02-23T00:10:16", "description": "The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive\n various security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-5715: Systems with microprocessors utilizing speculative\n execution and indirect branch prediction may allow unauthorized\n disclosure\n of information to an attacker with local user access via a side-channel\n analysis (bnc#1068032).\n\n The previous fix using CPU Microcode has been complemented by building\n the Linux Kernel with return trampolines aka &quot;retpolines&quot;.\n\n - CVE-2017-18079: drivers/input/serio/i8042.c allowed attackers to cause a\n denial of service (NULL pointer dereference and system crash) or\n possibly have unspecified other impact because the port-&gt;exists value\n can change after it is validated (bnc#1077922).\n - CVE-2015-1142857: Prevent guests from sending ethernet flow control\n pause frames via the PF (bnc#1077355).\n - CVE-2017-17741: KVM allowed attackers to obtain potentially sensitive\n information from kernel memory, aka a write_mmio stack-based\n out-of-bounds read (bnc#1073311).\n - CVE-2017-13215: Prevent elevation of privilege (bnc#1075908).\n - CVE-2018-1000004: Prevent race condition in the sound system, this could\n have lead a deadlock and denial of service condition (bnc#1076017).\n - CVE-2017-17806: The HMAC implementation did not validate that the\n underlying cryptographic hash algorithm is unkeyed, allowing a local\n attacker able to use the AF_ALG-based hash interface\n (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm\n (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by\n executing a crafted sequence of system calls that encounter a missing\n SHA-3 initialization (bnc#1073874).\n - CVE-2017-17805: The Salsa20 encryption algorithm did not correctly\n handle zero-length inputs, allowing a local attacker able to use the\n AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to\n cause a denial of service (uninitialized-memory free and kernel crash)\n or have unspecified other impact by executing a crafted sequence of\n system calls that use the blkcipher_walk API. Both the generic\n implementation (crypto/salsa20_generic.c) and x86 implementation\n (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable\n (bnc#1073792).\n\n The following non-security bugs were fixed:\n\n - NFS: only invalidate dentrys that are clearly invalid (bsc#1047118).\n - bcache.txt: standardize document format (bsc#1076110).\n - bcache: Abstract out stuff needed for sorting (bsc#1076110).\n - bcache: Add a cond_resched() call to gc (bsc#1076110).\n - bcache: Add a real GC_MARK_RECLAIMABLE (bsc#1076110).\n - bcache: Add bch_bkey_equal_header() (bsc#1076110).\n - bcache: Add bch_btree_keys_u64s_remaining() (bsc#1076110).\n - bcache: Add bch_keylist_init_single() (bsc#1047626).\n - bcache: Add btree_insert_node() (bnc#951638).\n - bcache: Add btree_map() functions (bsc#1047626).\n - bcache: Add btree_node_write_sync() (bsc#1076110).\n - bcache: Add explicit keylist arg to btree_insert() (bnc#951638).\n - bcache: Add make_btree_freeing_key() (bsc#1076110).\n - bcache: Add on error panic/unregister setting (bsc#1047626).\n - bcache: Add struct bset_sort_state (bsc#1076110).\n - bcache: Add struct btree_keys (bsc#1076110).\n - bcache: Allocate bounce buffers with GFP_NOWAIT (bsc#1076110).\n - bcache: Avoid deadlocking in garbage collection (bsc#1076110).\n - bcache: Avoid nested function definition (bsc#1076110).\n - bcache: Better alloc tracepoints (bsc#1076110).\n - bcache: Better full stripe scanning (bsc#1076110).\n - bcache: Bkey indexing renaming (bsc#1076110).\n - bcache: Break up struct search (bsc#1076110).\n - bcache: Btree verify code improvements (bsc#1076110).\n - bcache: Bypass torture test (bsc#1076110).\n - bcache: Change refill_dirty() to always scan entire disk if necessary\n (bsc#1076110).\n - bcache: Clean up cache_lookup_fn (bsc#1076110).\n - bcache: Clean up keylist code (bnc#951638).\n - bcache: Convert bch_btree_insert() to bch_btree_map_leaf_nodes()\n (bsc#1076110).\n - bcache: Convert bch_btree_read_async() to bch_btree_map_keys()\n (bsc#1076110).\n - bcache: Convert btree_insert_check_key() to btree_insert_node()\n (bnc#951638).\n - bcache: Convert btree_iter to struct btree_keys (bsc#1076110).\n - bcache: Convert bucket_wait to wait_queue_head_t (bnc#951638).\n - bcache: Convert debug code to btree_keys (bsc#1076110).\n - bcache: Convert gc to a kthread (bsc#1047626).\n - bcache: Convert sorting to btree_keys (bsc#1076110).\n - bcache: Convert try_wait to wait_queue_head_t (bnc#951638).\n - bcache: Convert writeback to a kthread (bsc#1076110).\n - bcache: Correct return value for sysfs attach errors (bsc#1076110).\n - bcache: Debug code improvements (bsc#1076110).\n - bcache: Delete some slower inline asm (bsc#1047626).\n - bcache: Do bkey_put() in btree_split() error path (bsc#1076110).\n - bcache: Do not bother with bucket refcount for btree node allocations\n (bsc#1076110).\n - bcache: Do not reinvent the wheel but use existing llist API\n (bsc#1076110).\n - bcache: Do not return -EINTR when insert finished (bsc#1076110).\n - bcache: Do not touch bucket gen for dirty ptrs (bsc#1076110).\n - bcache: Do not use op-&gt;insert_collision (bsc#1076110).\n - bcache: Drop some closure stuff (bsc#1076110).\n - bcache: Drop unneeded blk_sync_queue() calls (bsc#1047626).\n - bcache: Explicitly track btree node's parent (bnc#951638).\n - bcache: Fix a bug recovering from unclean shutdown (bsc#1047626).\n - bcache: Fix a bug when detaching (bsc#951638).\n - bcache: Fix a journal replay bug (bsc#1076110).\n - bcache: Fix a journalling performance bug (bnc#893777).\n - bcache: Fix a journalling reclaim after recovery bug (bsc#1047626).\n - bcache: Fix a lockdep splat (bnc#893777).\n - bcache: Fix a lockdep splat in an error path (bnc#951638).\n - bcache: Fix a null ptr deref in journal replay (bsc#1047626).\n - bcache: Fix a race when freeing btree nodes (bsc#1076110).\n - bcache: Fix a shutdown bug (bsc#951638).\n - bcache: Fix an infinite loop in journal replay (bsc#1047626).\n - bcache: Fix another bug recovering from unclean shutdown (bsc#1076110).\n - bcache: Fix another compiler warning on m68k (bsc#1076110).\n - bcache: Fix auxiliary search trees for key size greater than cacheline\n size (bsc#1076110).\n - bcache: Fix bch_ptr_bad() (bsc#1047626).\n - bcache: Fix building error on MIPS (bsc#1076110).\n - bcache: Fix dirty_data accounting (bsc#1076110).\n - bcache: Fix discard granularity (bsc#1047626).\n - bcache: Fix flash_dev_cache_miss() for real this time (bsc#1076110).\n - bcache: Fix for can_attach_cache() (bsc#1047626).\n - bcache: Fix heap_peek() macro (bsc#1047626).\n - bcache: Fix leak of bdev reference (bsc#1076110).\n - bcache: Fix more early shutdown bugs (bsc#951638).\n - bcache: Fix moving_gc deadlocking with a foreground write (bsc#1076110).\n - bcache: Fix moving_pred() (bsc#1047626).\n - bcache: Fix sysfs splat on shutdown with flash only devs (bsc#951638).\n - bcache: Fix to remove the rcu_sched stalls (bsc#1047626).\n - bcache: Have btree_split() insert into parent directly (bsc#1076110).\n - bcache: Improve bucket_prio() calculation (bsc#1047626).\n - bcache: Improve priority_stats (bsc#1047626).\n - bcache: Incremental gc (bsc#1076110).\n - bcache: Insert multiple keys at a time (bnc#951638).\n - bcache: Kill bch_next_recurse_key() (bsc#1076110).\n - bcache: Kill btree_io_wq (bsc#1076110).\n - bcache: Kill bucket-&gt;gc_gen (bsc#1076110).\n - bcache: Kill dead cgroup code (bsc#1076110).\n - bcache: Kill op-&gt;cl (bsc#1076110).\n - bcache: Kill op-&gt;replace (bsc#1076110).\n - bcache: Kill sequential_merge option (bsc#1076110).\n - bcache: Kill unaligned bvec hack (bsc#1076110).\n - bcache: Kill unused freelist (bsc#1076110).\n - bcache: Make bch_keylist_realloc() take u64s, not nptrs (bsc#1076110).\n - bcache: Make gc wakeup sane, remove set_task_state() (bsc#1076110).\n - bcache: Minor btree cache fix (bsc#1047626).\n - bcache: Minor fixes from kbuild robot (bsc#1076110).\n - bcache: Move insert_fixup() to btree_keys_ops (bsc#1076110).\n - bcache: Move keylist out of btree_op (bsc#1047626).\n - bcache: Move sector allocator to alloc.c (bsc#1076110).\n - bcache: Move some stuff to btree.c (bsc#1076110).\n - bcache: Move spinlock into struct time_stats (bsc#1076110).\n - bcache: New writeback PD controller (bsc#1047626).\n - bcache: PRECEDING_KEY() (bsc#1047626).\n - bcache: Performance fix for when journal entry is full (bsc#1047626).\n - bcache: Prune struct btree_op (bsc#1076110).\n - bcache: Pull on disk data structures out into a separate header\n (bsc#1076110).\n - bcache: RESERVE_PRIO is too small by one when prio_buckets() is a power\n of two (bsc#1076110).\n - bcache: Really show state of work pending bit (bsc#1076110).\n - bcache: Refactor bset_tree sysfs stats (bsc#1076110).\n - bcache: Refactor journalling flow control (bnc#951638).\n - bcache: Refactor read request code a bit (bsc#1076110).\n - bcache: Refactor request_write() (bnc#951638).\n - bcache: Remove deprecated create_workqueue (bsc#1076110).\n - bcache: Remove redundant block_size assignment (bsc#1047626).\n - bcache: Remove redundant parameter for cache_alloc() (bsc#1047626).\n - bcache: Remove redundant set_capacity (bsc#1076110).\n - bcache: Remove unnecessary check in should_split() (bsc#1076110).\n - bcache: Remove/fix some header dependencies (bsc#1047626).\n - bcache: Rename/shuffle various code around (bsc#1076110).\n - bcache: Rework allocator reserves (bsc#1076110).\n - bcache: Rework btree cache reserve handling (bsc#1076110).\n - bcache: Split out sort_extent_cmp() (bsc#1076110).\n - bcache: Stripe size isn't necessarily a power of two (bnc#893949).\n - bcache: Trivial error handling fix (bsc#1047626).\n - bcache: Update continue_at() documentation (bsc#1076110).\n - bcache: Use a mempool for mergesort temporary space (bsc#1076110).\n - bcache: Use blkdev_issue_discard() (bnc#951638).\n - bcache: Use ida for bcache block dev minor (bsc#1047626).\n - bcache: Use uninterruptible sleep in writeback (bsc#1076110).\n - bcache: Zero less memory (bsc#1076110).\n - bcache: add a comment in journal bucket reading (bsc#1076110).\n - bcache: add mutex lock for bch_is_open (bnc#902893).\n - bcache: allows use of register in udev to avoid &quot;device_busy&quot; error\n (bsc#1047626).\n - bcache: bcache_write tracepoint was crashing (bsc#1076110).\n - bcache: bch_(btree|extent)_ptr_invalid() (bsc#1076110).\n - bcache: bch_allocator_thread() is not freezable (bsc#1047626).\n - bcache: bch_gc_thread() is not freezable (bsc#1047626).\n - bcache: bch_writeback_thread() is not freezable (bsc#1076110).\n - bcache: btree locking rework (bsc#1076110).\n - bcache: bugfix - gc thread now gets woken when cache is full\n (bsc#1047626).\n - bcache: bugfix - moving_gc now moves only correct buckets (bsc#1047626).\n - bcache: bugfix for race between moving_gc and bucket_invalidate\n (bsc#1076110).\n - bcache: check ca-&gt;alloc_thread initialized before wake up it\n (bsc#1076110).\n - bcache: check return value of register_shrinker (bsc#1076110).\n - bcache: cleaned up error handling around register_cache() (bsc#1047626).\n - bcache: clear BCACHE_DEV_UNLINK_DONE flag when attaching a backing\n device (bsc#1047626).\n - bcache: correct cache_dirty_target in __update_writeback_rate()\n (bsc#1076110).\n - bcache: defensively handle format strings (bsc#1047626).\n - bcache: do not embed 'return' statements in closure macros (bsc#1076110).\n - bcache: do not subtract sectors_to_gc for bypassed IO (bsc#1076110).\n - bcache: do not write back data if reading it failed (bsc#1076110).\n - bcache: documentation formatting, edited for clarity, stripe alignment\n notes (bsc#1076110).\n - bcache: documentation updates and corrections (bsc#1076110).\n - bcache: explicitly destroy mutex while exiting (bsc#1076110).\n - bcache: fix BUG_ON due to integer overflow with GC_SECTORS_USED\n (bsc#1047626).\n - bcache: fix a comments typo in bch_alloc_sectors() (bsc#1076110).\n - bcache: fix a livelock when we cause a huge number of cache misses\n (bsc#1047626).\n - bcache: fix bch_hprint crash and improve output (bsc#1076110).\n - bcache: fix crash in bcache_btree_node_alloc_fail tracepoint\n (bsc#1047626).\n - bcache: fix crash on shutdown in passthrough mode (bsc#1076110).\n - bcache: fix for gc and write-back race (bsc#1076110).\n - bcache: fix for gc and writeback race (bsc#1047626).\n - bcache: fix for gc crashing when no sectors are used (bsc#1047626).\n - bcache: fix race of writeback thread starting before complete\n initialization (bsc#1076110).\n - bcache: fix sequential large write IO bypass (bsc#1076110).\n - bcache: fix sparse non static symbol warning (bsc#1076110).\n - bcache: fix typo in bch_bkey_equal_header (bsc#1076110).\n - bcache: fix uninterruptible sleep in writeback thread (bsc#1076110).\n - bcache: fix use-after-free in btree_gc_coalesce() (bsc#1076110).\n - bcache: fix wrong cache_misses statistics (bsc#1076110).\n - bcache: gc does not work when triggering by manual command (bsc#1076110).\n - bcache: implement PI controller for writeback rate (bsc#1076110).\n - bcache: increase the number of open buckets (bsc#1076110).\n - bcache: initialize dirty stripes in flash_dev_run() (bsc#1076110).\n - bcache: kill closure locking code (bsc#1076110).\n - bcache: kill closure locking usage (bnc#951638).\n - bcache: kill index() (bsc#1047626).\n - bcache: kthread do not set writeback task to INTERUPTIBLE (bsc#1076110).\n - bcache: only permit to recovery read error when cache device is clean\n (bsc#1076110).\n - bcache: partition support: add 16 minors per bcacheN device\n (bsc#1076110).\n - bcache: pr_err: more meaningful error message when nr_stripes is invalid\n (bsc#1076110).\n - bcache: prevent crash on changing writeback_running (bsc#1076110).\n - bcache: rearrange writeback main thread ratelimit (bsc#1076110).\n - bcache: recover data from backing when data is clean (bsc#1076110).\n - bcache: register_bcache(): call blkdev_put() when cache_alloc() fails\n (bsc#1047626).\n - bcache: remove nested function usage (bsc#1076110).\n - bcache: remove unused parameter (bsc#1076110).\n - bcache: rewrite multiple partitions support (bsc#1076110).\n - bcache: safeguard a dangerous addressing in closure_queue (bsc#1076110).\n - bcache: silence static checker warning (bsc#1076110).\n - bcache: smooth writeback rate control (bsc#1076110).\n - bcache: stop moving_gc marking buckets that can't be moved (bsc#1047626).\n - bcache: try to set b-&gt;parent properly (bsc#1076110).\n - bcache: update bch_bkey_try_merge (bsc#1076110).\n - bcache: update bio-&gt;bi_opf bypass/writeback REQ_ flag hints\n (bsc#1076110).\n - bcache: update bucket_in_use in real time (bsc#1076110).\n - bcache: update document info (bsc#1076110).\n - bcache: use kmalloc to allocate bio in bch_data_verify() (bsc#1076110).\n - bcache: use kvfree() in various places (bsc#1076110).\n - bcache: use llist_for_each_entry_safe() in __closure_wake_up()\n (bsc#1076110).\n - bcache: wait for buckets when allocating new btree root (bsc#1076110).\n - bcache: writeback rate clamping: make 32 bit safe (bsc#1076110).\n - bcache: writeback rate shouldn't artifically clamp (bsc#1076110).\n - block: bump BLK_DEF_MAX_SECTORS to 2560 (bsc#1073246)\n - fork: clear thread stack upon allocation (bsc#1077560).\n - gcov: disable for COMPILE_TEST (bnc#1012382).\n - kaiser: Set _PAGE_NX only if supported (bnc#1012382, bnc#1076278).\n - md: more open-coded offset_in_page() (bsc#1076110).\n - nfsd: do not share group_info among threads (bsc@1070623).\n - powerpc/64: Add macros for annotating the destination of rfid/hrfid\n (bsc#1068032, bsc#1077182).\n - powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL\n (bsc#1068032, bsc#1077182).\n - powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL\n (bsc#1068032, bsc#1077182).\n - powerpc/64s: Add EX_SIZE definition for paca exception save areas\n (bsc#1068032, bsc#1077182).\n - powerpc/64s: Add support for RFI flush of L1-D cache (bsc#1068032,\n bsc#1077182).\n - powerpc/64s: Allow control of RFI flush via debugfs (bsc#1068032,\n bsc#1077182).\n - powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL\n (bsc#1068032, bsc#1077182).\n - powerpc/64s: Simple RFI macro conversions (bsc#1068032, bsc#1077182).\n - powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti\n (bsc#1068032, bsc#1077182).\n - powerpc/64s: Wire up cpu_show_meltdown() (bsc#1068032).\n - powerpc/asm: Allow including ppc_asm.h in asm files (bsc#1068032,\n bsc#1077182).\n - powerpc/powernv: Check device-tree for RFI flush settings (bsc#1068032,\n bsc#1077182).\n - powerpc/pseries: Add H_GET_CPU_CHARACTERISTICS flags &gt; wrapper\n (bsc#1068032, bsc#1077182).\n - powerpc/pseries: Query hypervisor for RFI flush settings (bsc#1068032,\n bsc#1077182).\n - powerpc/pseries: include linux/types.h in asm/hvcall.h (bsc#1068032,\n bsc#1077182).\n - powerpc/pseries: rfi-flush: Call setup_rfi_flush() after LPM migration\n (bsc#1068032, bsc#1077182).\n - powerpc/rfi-flush: Add DEBUG_RFI config option (bsc#1068032,\n bsc#1077182).\n - powerpc/rfi-flush: Move RFI flush fields out of the paca (unbreak kABI)\n (bsc#1068032, bsc#1077182).\n - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code\n (bsc#1068032, bsc#1077182).\n - storvsc: do not assume SG list is continuous when doing bounce buffers\n (bsc#1075411).\n - sysfs/cpu: Add vulnerability folder (bnc#1012382).\n - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091).\n - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382).\n - x86/cpufeatures: Add X86_BUG_CPU_INSECURE (bnc#1012382).\n - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (bnc#1012382).\n - x86/cpufeatures: Make CPU bugs sticky (bnc#1012382).\n - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN (bnc#1012382).\n - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active\n (bsc#1068032).\n - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994\n bsc#1075091).\n - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091).\n\n", "cvss3": {}, "published": "2018-02-22T21:07:21", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-18079", "CVE-2017-13215", "CVE-2018-1000004", "CVE-2017-17741", "CVE-2015-1142857", "CVE-2017-17805", "CVE-2017-5715", "CVE-2017-17806"], "modified": "2018-02-22T21:07:21", "id": "SUSE-SU-2018:0525-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00041.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-02-13T23:25:16", "description": "The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-5715: Systems with microprocessors utilizing speculative\n execution and indirect branch prediction may allow unauthorized\n disclosure\n of information to an attacker with local user access via a side-channel\n analysis (bnc#1068032).\n\n The previous fix using CPU Microcode has been complemented by building\n the Linux Kernel with return trampolines aka &quot;retpolines&quot;.\n\n - CVE-2017-18079: drivers/input/serio/i8042.c allowed attackers to cause a\n denial of service (NULL pointer dereference and system crash) or\n possibly have unspecified other impact because the port-&gt;exists value\n can change after it is validated (bnc#1077922)\n - CVE-2015-1142857: Prevent guests from sending ethernet flow control\n pause frames via the PF (bnc#1077355)\n - CVE-2017-17741: KVM allowed attackers to obtain potentially sensitive\n information from kernel memory, aka a write_mmio stack-based\n out-of-bounds read (bnc#1073311)\n - CVE-2017-13215: Prevent elevation of privilege (bnc#1075908)\n - CVE-2018-1000004: Prevent race condition in the sound system, this could\n have lead a deadlock and denial of service condition (bnc#1076017)\n - CVE-2017-17806: The HMAC implementation did not validate that the\n underlying cryptographic hash algorithm is unkeyed, allowing a local\n attacker able to use the AF_ALG-based hash interface\n (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm\n (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by\n executing a crafted sequence of system calls that encounter a missing\n SHA-3 initialization (bnc#1073874)\n - CVE-2017-17805: The Salsa20 encryption algorithm did not correctly\n handle zero-length inputs, allowing a local attacker able to use the\n AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to\n cause a denial of service (uninitialized-memory free and kernel crash)\n or have unspecified other impact by executing a crafted sequence of\n system calls that use the blkcipher_walk API. Both the generic\n implementation (crypto/salsa20_generic.c) and x86 implementation\n (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable (bnc#1073792)\n\n The following non-security bugs were fixed:\n\n - bcache allocator: send discards with correct size (bsc#1047626).\n - bcache.txt: standardize document format (bsc#1076110).\n - bcache: Abstract out stuff needed for sorting (bsc#1076110).\n - bcache: Add a cond_resched() call to gc (bsc#1076110).\n - bcache: Add a real GC_MARK_RECLAIMABLE (bsc#1076110).\n - bcache: Add bch_bkey_equal_header() (bsc#1076110).\n - bcache: Add bch_btree_keys_u64s_remaining() (bsc#1076110).\n - bcache: Add bch_keylist_init_single() (bsc#1047626).\n - bcache: Add btree_insert_node() (bnc#951638).\n - bcache: Add btree_map() functions (bsc#1047626).\n - bcache: Add btree_node_write_sync() (bsc#1076110).\n - bcache: Add explicit keylist arg to btree_insert() (bnc#951638).\n - bcache: Add make_btree_freeing_key() (bsc#1076110).\n - bcache: Add on error panic/unregister setting (bsc#1047626).\n - bcache: Add struct bset_sort_state (bsc#1076110).\n - bcache: Add struct btree_keys (bsc#1076110).\n - bcache: Allocate bounce buffers with GFP_NOWAIT (bsc#1076110).\n - bcache: Avoid deadlocking in garbage collection (bsc#1076110).\n - bcache: Avoid nested function definition (bsc#1076110).\n - bcache: Better alloc tracepoints (bsc#1076110).\n - bcache: Better full stripe scanning (bsc#1076110).\n - bcache: Bkey indexing renaming (bsc#1076110).\n - bcache: Break up struct search (bsc#1076110).\n - bcache: Btree verify code improvements (bsc#1076110).\n - bcache: Bypass torture test (bsc#1076110).\n - bcache: Change refill_dirty() to always scan entire disk if necessary\n (bsc#1076110).\n - bcache: Clean up cache_lookup_fn (bsc#1076110).\n - bcache: Clean up keylist code (bnc#951638).\n - bcache: Convert bch_btree_insert() to bch_btree_map_leaf_nodes()\n (bsc#1076110).\n - bcache: Convert bch_btree_read_async() to bch_btree_map_keys()\n (bsc#1076110).\n - bcache: Convert btree_insert_check_key() to btree_insert_node()\n (bnc#951638).\n - bcache: Convert btree_iter to struct btree_keys (bsc#1076110).\n - bcache: Convert bucket_wait to wait_queue_head_t (bnc#951638).\n - bcache: Convert debug code to btree_keys (bsc#1076110).\n - bcache: Convert gc to a kthread (bsc#1047626).\n - bcache: Convert sorting to btree_keys (bsc#1076110).\n - bcache: Convert try_wait to wait_queue_head_t (bnc#951638).\n - bcache: Convert writeback to a kthread (bsc#1076110).\n - bcache: Correct return value for sysfs attach errors (bsc#1076110).\n - bcache: Debug code improvements (bsc#1076110).\n - bcache: Delete some slower inline asm (bsc#1047626).\n - bcache: Do bkey_put() in btree_split() error path (bsc#1076110).\n - bcache: Do not bother with bucket refcount for btree node allocations\n (bsc#1076110).\n - bcache: Do not reinvent the wheel but use existing llist API\n (bsc#1076110).\n - bcache: Do not return -EINTR when insert finished (bsc#1076110).\n - bcache: Do not touch bucket gen for dirty ptrs (bsc#1076110).\n - bcache: Do not use op-&gt;insert_collision (bsc#1076110).\n - bcache: Drop some closure stuff (bsc#1076110).\n - bcache: Drop unneeded blk_sync_queue() calls (bsc#1047626).\n - bcache: Explicitly track btree node's parent (bnc#951638).\n - bcache: Fix a bug recovering from unclean shutdown (bsc#1047626).\n - bcache: Fix a bug when detaching (bsc#951638).\n - bcache: Fix a journal replay bug (bsc#1076110).\n - bcache: Fix a journalling performance bug (bnc#893777).\n - bcache: Fix a journalling reclaim after recovery bug (bsc#1047626).\n - bcache: Fix a lockdep splat (bnc#893777).\n - bcache: Fix a lockdep splat in an error path (bnc#951638).\n - bcache: Fix a null ptr deref in journal replay (bsc#1047626).\n - bcache: Fix a race when freeing btree nodes (bsc#1076110).\n - bcache: Fix a shutdown bug (bsc#951638).\n - bcache: Fix an infinite loop in journal replay (bsc#1047626).\n - bcache: Fix another bug recovering from unclean shutdown (bsc#1076110).\n - bcache: Fix another compiler warning on m68k (bsc#1076110).\n - bcache: Fix auxiliary search trees for key size &gt; cacheline size\n (bsc#1076110).\n - bcache: Fix bch_ptr_bad() (bsc#1047626).\n - bcache: Fix building error on MIPS (bsc#1076110).\n - bcache: Fix dirty_data accounting (bsc#1076110).\n - bcache: Fix discard granularity (bsc#1047626).\n - bcache: Fix flash_dev_cache_miss() for real this time (bsc#1076110).\n - bcache: Fix for can_attach_cache() (bsc#1047626).\n - bcache: Fix heap_peek() macro (bsc#1047626).\n - bcache: Fix leak of bdev reference (bsc#1076110).\n - bcache: Fix more early shutdown bugs (bsc#951638).\n - bcache: Fix moving_gc deadlocking with a foreground write (bsc#1076110).\n - bcache: Fix moving_pred() (bsc#1047626).\n - bcache: Fix sysfs splat on shutdown with flash only devs (bsc#951638).\n - bcache: Fix to remove the rcu_sched stalls (bsc#1047626).\n - bcache: Have btree_split() insert into parent directly (bsc#1076110).\n - bcache: Improve bucket_prio() calculation (bsc#1047626).\n - bcache: Improve priority_stats (bsc#1047626).\n - bcache: Incremental gc (bsc#1076110).\n - bcache: Insert multiple keys at a time (bnc#951638).\n - bcache: Kill bch_next_recurse_key() (bsc#1076110).\n - bcache: Kill btree_io_wq (bsc#1076110).\n - bcache: Kill bucket-&gt;gc_gen (bsc#1076110).\n - bcache: Kill dead cgroup code (bsc#1076110).\n - bcache: Kill op-&gt;cl (bsc#1076110).\n - bcache: Kill op-&gt;replace (bsc#1076110).\n - bcache: Kill sequential_merge option (bsc#1076110).\n - bcache: Kill unaligned bvec hack (bsc#1076110).\n - bcache: Kill unused freelist (bsc#1076110).\n - bcache: Make bch_keylist_realloc() take u64s, not nptrs (bsc#1076110).\n - bcache: Make gc wakeup sane, remove set_task_state() (bsc#1076110).\n - bcache: Minor btree cache fix (bsc#1047626).\n - bcache: Minor fixes from kbuild robot (bsc#1076110).\n - bcache: Move insert_fixup() to btree_keys_ops (bsc#1076110).\n - bcache: Move keylist out of btree_op (bsc#1047626).\n - bcache: Move sector allocator to alloc.c (bsc#1076110).\n - bcache: Move some stuff to btree.c (bsc#1076110).\n - bcache: Move spinlock into struct time_stats (bsc#1076110).\n - bcache: New writeback PD controller (bsc#1047626).\n - bcache: PRECEDING_KEY() (bsc#1047626).\n - bcache: Performance fix for when journal entry is full (bsc#1047626).\n - bcache: Prune struct btree_op (bsc#1076110).\n - bcache: Pull on disk data structures out into a separate header\n (bsc#1076110).\n - bcache: RESERVE_PRIO is too small by one when prio_buckets() is a power\n of two (bsc#1076110).\n - bcache: Really show state of work pending bit (bsc#1076110).\n - bcache: Refactor bset_tree sysfs stats (bsc#1076110).\n - bcache: Refactor journalling flow control (bnc#951638).\n - bcache: Refactor read request code a bit (bsc#1076110).\n - bcache: Refactor request_write() (bnc#951638).\n - bcache: Remove deprecated create_workqueue (bsc#1076110).\n - bcache: Remove redundant block_size assignment (bsc#1047626).\n - bcache: Remove redundant parameter for cache_alloc() (bsc#1047626).\n - bcache: Remove redundant set_capacity (bsc#1076110).\n - bcache: Remove unnecessary check in should_split() (bsc#1076110).\n - bcache: Remove/fix some header dependencies (bsc#1047626).\n - bcache: Rename/shuffle various code around (bsc#1076110).\n - bcache: Rework allocator reserves (bsc#1076110).\n - bcache: Rework btree cache reserve handling (bsc#1076110).\n - bcache: Split out sort_extent_cmp() (bsc#1076110).\n - bcache: Stripe size isn't necessarily a power of two (bnc#893949).\n - bcache: Trivial error handling fix (bsc#1047626).\n - bcache: Update continue_at() documentation (bsc#1076110).\n - bcache: Use a mempool for mergesort temporary space (bsc#1076110).\n - bcache: Use blkdev_issue_discard() (bnc#951638).\n - bcache: Use ida for bcache block dev minor (bsc#1047626).\n - bcache: Use uninterruptible sleep in writeback (bsc#1076110).\n - bcache: Zero less memory (bsc#1076110).\n - bcache: add a comment in journal bucket reading (bsc#1076110).\n - bcache: add mutex lock for bch_is_open (bnc#902893).\n - bcache: allows use of register in udev to avoid &quot;device_busy&quot; error\n (bsc#1047626).\n - bcache: bcache_write tracepoint was crashing (bsc#1076110).\n - bcache: bch_(btree|extent)_ptr_invalid() (bsc#1076110).\n - bcache: bch_allocator_thread() is not freezable (bsc#1047626).\n - bcache: bch_gc_thread() is not freezable (bsc#1047626).\n - bcache: bch_writeback_thread() is not freezable (bsc#1076110).\n - bcache: btree locking rework (bsc#1076110).\n - bcache: bugfix - gc thread now gets woken when cache is full\n (bsc#1047626).\n - bcache: bugfix - moving_gc now moves only correct buckets (bsc#1047626).\n - bcache: bugfix for race between moving_gc and bucket_invalidate\n (bsc#1076110).\n - bcache: check ca-&gt;alloc_thread initialized before wake up it\n (bsc#1076110).\n - bcache: check return value of register_shrinker (bsc#1076110).\n - bcache: cleaned up error handling around register_cache() (bsc#1047626).\n - bcache: clear BCACHE_DEV_UNLINK_DONE flag when attaching a backing\n device (bsc#1047626).\n - bcache: correct cache_dirty_target in __update_writeback_rate()\n (bsc#1076110).\n - bcache: defensively handle format strings (bsc#1047626).\n - bcache: do not embed 'return' statements in closure macros (bsc#1076110).\n - bcache: do not subtract sectors_to_gc for bypassed IO (bsc#1076110).\n - bcache: do not write back data if reading it failed (bsc#1076110).\n - bcache: documentation formatting, edited for clarity, stripe alignment\n notes (bsc#1076110).\n - bcache: documentation updates and corrections (bsc#1076110).\n - bcache: explicitly destroy mutex while exiting (bsc#1076110).\n - bcache: fix BUG_ON due to integer overflow with GC_SECTORS_USED\n (bsc#1047626).\n - bcache: fix a comments typo in bch_alloc_sectors() (bsc#1076110).\n - bcache: fix a livelock when we cause a huge number of cache misses\n (bsc#1047626).\n - bcache: fix bch_hprint crash and improve output (bsc#1076110).\n - bcache: fix crash in bcache_btree_node_alloc_fail tracepoint\n (bsc#1047626).\n - bcache: fix crash on shutdown in passthrough mode (bsc#1076110).\n - bcache: fix for gc and write-back race (bsc#1076110).\n - bcache: fix for gc and writeback race (bsc#1047626).\n - bcache: fix for gc crashing when no sectors are used (bsc#1047626).\n - bcache: fix lockdep warnings on shutdown (bsc#1047626).\n - bcache: fix race of writeback thread starting before complete\n initialization (bsc#1076110).\n - bcache: fix sequential large write IO bypass (bsc#1076110).\n - bcache: fix sparse non static symbol warning (bsc#1076110).\n - bcache: fix typo in bch_bkey_equal_header (bsc#1076110).\n - bcache: fix uninterruptible sleep in writeback thread (bsc#1076110).\n - bcache: fix use-after-free in btree_gc_coalesce() (bsc#1076110).\n - bcache: fix wrong cache_misses statistics (bsc#1076110).\n - bcache: gc does not work when triggering by manual command (bsc#1076110).\n - bcache: implement PI controller for writeback rate (bsc#1076110).\n - bcache: increase the number of open buckets (bsc#1076110).\n - bcache: initialize dirty stripes in flash_dev_run() (bsc#1076110).\n - bcache: kill closure locking code (bsc#1076110).\n - bcache: kill closure locking usage (bnc#951638).\n - bcache: kill index() (bsc#1047626).\n - bcache: kthread do not set writeback task to INTERUPTIBLE (bsc#1076110).\n - bcache: only permit to recovery read error when cache device is clean\n (bsc#1076110).\n - bcache: partition support: add 16 minors per bcacheN device\n (bsc#1076110).\n - bcache: pr_err: more meaningful error message when nr_stripes is invalid\n (bsc#1076110).\n - bcache: prevent crash on changing writeback_running (bsc#1076110).\n - bcache: rearrange writeback main thread ratelimit (bsc#1076110).\n - bcache: recover data from backing when data is clean (bsc#1076110).\n - bcache: register_bcache(): call blkdev_put() when cache_alloc() fails\n (bsc#1047626).\n - bcache: remove nested function usage (bsc#1076110).\n - bcache: remove unused parameter (bsc#1076110).\n - bcache: rewrite multiple partitions support (bsc#1076110).\n - bcache: safeguard a dangerous addressing in closure_queue (bsc#1076110).\n - bcache: silence static checker warning (bsc#1076110).\n - bcache: smooth writeback rate control (bsc#1076110).\n - bcache: stop moving_gc marking buckets that can't be moved (bsc#1047626).\n - bcache: try to set b-&gt;parent properly (bsc#1076110).\n - bcache: update bch_bkey_try_merge (bsc#1076110).\n - bcache: update bio-&gt;bi_opf bypass/writeback REQ_ flag hints\n (bsc#1076110).\n - bcache: update bucket_in_use in real time (bsc#1076110).\n - bcache: update document info (bsc#1076110).\n - bcache: use kmalloc to allocate bio in bch_data_verify() (bsc#1076110).\n - bcache: use kvfree() in various places (bsc#1076110).\n - bcache: use llist_for_each_entry_safe() in __closure_wake_up()\n (bsc#1076110).\n - bcache: wait for buckets when allocating new btree root (bsc#1076110).\n - bcache: writeback rate clamping: make 32 bit safe (bsc#1076110).\n - bcache: writeback rate shouldn't artifically clamp (bsc#1076110).\n - fork: clear thread stack upon allocation (bsc#1077560).\n - gcov: disable for COMPILE_TEST (bnc#1012382).\n - kaiser: Set _PAGE_NX only if supported (bnc#1012382, bnc#1076154).\n - kaiser: Set _PAGE_NX only if supported (bnc#1012382, bnc#1076278).\n - md: more open-coded offset_in_page() (bsc#1076110).\n - nfsd: do not share group_info among threads (bsc@1070623).\n - sysfs/cpu: Add vulnerability folder (bnc#1012382).\n - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091).\n - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382).\n - x86/cpufeatures: Add X86_BUG_CPU_INSECURE (bnc#1012382).\n - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (bnc#1012382).\n - x86/cpufeatures: Make CPU bugs sticky (bnc#1012382).\n - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN (bnc#1012382).\n - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active\n (bsc#1068032).\n - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994\n bsc#1075091).\n - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091).\n\n", "cvss3": {}, "published": "2018-02-13T21:08:32", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-18079", "CVE-2017-13215", "CVE-2018-1000004", "CVE-2017-17741", "CVE-2015-1142857", "CVE-2017-17805", "CVE-2017-5715", "CVE-2017-17806"], "modified": "2018-02-13T21:08:32", "id": "SUSE-SU-2018:0437-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00022.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-03-29T16:46:58", "description": "The SUSE Linux Enterprise 11 SP4 Realtime kernel was updated to receive\n various security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-5715: Systems with microprocessors utilizing speculative\n execution and indirect branch prediction may allow unauthorized\n disclosure of information to an attacker with local user access via a\n side-channel analysis (bnc#1068032).\n\n The previous fix using CPU Microcode has been complemented by building\n the Linux Kernel with return trampolines aka &quot;retpolines&quot;.\n\n - CVE-2015-1142857: On multiple SR-IOV cars it is possible for VF's\n assigned to guests to send ethernet flow control pause frames via the\n PF. This includes Linux kernel ixgbe driver, i40e/i40evf driver and the\n DPDK, additionally multiple vendor NIC firmware is affected\n (bnc#1077355).\n - CVE-2017-13215: A elevation of privilege vulnerability in the Upstream\n kernel skcipher. (bnc#1075908).\n - CVE-2017-17741: The KVM implementation in the Linux kernel allowed\n attackers to obtain potentially sensitive information from kernel\n memory, aka a write_mmio stack-based out-of-bounds read, related to\n arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311).\n - CVE-2017-18017: The tcpmss_mangle_packet function in\n net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers\n to cause a denial of service (use-after-free and memory corruption) or\n possibly have unspecified other impact by leveraging the presence of\n xt_TCPMSS in an iptables action (bnc#1074488).\n - CVE-2017-18079: drivers/input/serio/i8042.c in the Linux kernel allowed\n attackers to cause a denial of service (NULL pointer dereference and\n system crash) or possibly have unspecified other impact because the\n port-&gt;exists value can change after it is validated (bnc#1077922).\n - CVE-2018-1000004: In the Linux kernel a race condition vulnerability\n exists in the sound system, this can lead to a deadlock and denial of\n service condition (bnc#1076017).\n - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function\n did not validate a value that is used during DMA page allocation,\n leading to a heap-based out-of-bounds write (related to the\n rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621).\n - CVE-2018-5333: In the Linux kernel rds_cmsg_atomic function in\n net/rds/rdma.c mishandled cases where page pinning fails or an invalid\n address is supplied, leading to an rds_atomic_free_op NULL pointer\n dereference (bnc#1075617).\n\n The following non-security bugs were fixed:\n\n - Add proper NX hadnling for !NX-capable systems also to\n kaiser_add_user_map(). (bsc#1076278).\n - alsa: aloop: Fix inconsistent format due to incomplete rule\n (bsc#1045538).\n - alsa: aloop: Fix racy hw constraints adjustment (bsc#1045538).\n - alsa: aloop: Release cable upon open error path (bsc#1045538).\n - alsa: pcm: Abort properly at pending signal in OSS read/write loops\n (bsc#1045538).\n - alsa: pcm: Add missing error checks in OSS emulation plugin builder\n (bsc#1045538).\n - alsa: pcm: Allow aborting mutex lock at OSS read/write loops\n (bsc#1045538).\n - alsa: pcm: Remove incorrect snd_BUG_ON() usages (bsc#1045538).\n - alsa: pcm: Remove yet superfluous WARN_ON() (bsc#1045538).\n - btrfs: cleanup unnecessary assignment when cleaning up all the residual\n transaction (FATE#325056).\n - btrfs: copy fsid to super_block s_uuid (bsc#1080774).\n - btrfs: do not wait for all the writers circularly during the transaction\n commit (FATE#325056).\n - btrfs: do not WARN() in btrfs_transaction_abort() for IO errors\n (bsc#1080363).\n - btrfs: fix two use-after-free bugs with transaction cleanup\n (FATE#325056).\n - btrfs: make the state of the transaction more readable (FATE#325056).\n - btrfs: qgroup: exit the rescan worker during umount (bsc#1080685).\n - btrfs: qgroup: Fix dead judgement on qgroup_rescan_leaf() return value\n (bsc#1080685).\n - btrfs: reset intwrite on transaction abort (FATE#325056).\n - btrfs: set qgroup_ulist to be null after calling ulist_free()\n (bsc#1080359).\n - btrfs: stop waiting on current trans if we aborted (FATE#325056).\n - cdc-acm: apply quirk for card reader (bsc#1060279).\n - cdrom: factor out common open_for_* code (bsc#1048585).\n - cdrom: wait for tray to close (bsc#1048585).\n - delay: add poll_event_interruptible (bsc#1048585).\n - dm flakey: add corrupt_bio_byte feature (bsc#1080372).\n - dm flakey: add drop_writes (bsc#1080372).\n - dm flakey: error READ bios during the down_interval (bsc#1080372).\n - dm flakey: fix crash on read when corrupt_bio_byte not set (bsc#1080372).\n - dm flakey: fix reads to be issued if drop_writes configured\n (bsc#1080372).\n - dm flakey: introduce &quot;error_writes&quot; feature (bsc#1080372).\n - dm flakey: support feature args (bsc#1080372).\n - dm flakey: use dm_target_offset and support discards (bsc#1080372).\n - ext2: free memory allocated and forget buffer head when io error happens\n (bnc#1069508).\n - ext2: use unlikely to improve the efficiency of the kernel (bnc#1069508).\n - ext3: add necessary check in case IO error happens (bnc#1069508).\n - ext3: use unlikely to improve the efficiency of the kernel (bnc#1069508).\n - fork: clear thread stack upon allocation (bsc#1077560).\n - kabi/severities ignore Cell-specific symbols\n - kaiser: do not clobber ZF by calling ENABLE_IBRS after test and before jz\n - kaiser: fix ia32 compat sysexit (bsc#1080579) sysexit_from_sys_call\n cannot make assumption of accessible stack after CR3 switch, and\n therefore should use the SWITCH_USER_CR3_NO_STACK method to flip the\n pagetable hierarchy.\n - kaiser: Fix trampoline stack loading issue on XEN PV\n - kaiser: handle non-accessible stack in sysretl_from_sys_call properly\n (bsc#bsc#1080579)\n - kaiser: make sure not to touch stack after CR3 switch in compat syscall\n return\n - kaiser: really do switch away from trampoline stack to kernel stack in\n ia32_syscall entry (bsc#1080579)\n - kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621\n bsc#1068032).\n - keys: trusted: fix writing past end of buffer in trusted_read()\n (bsc#1074880).\n - media: omap_vout: Fix a possible null pointer dereference in\n omap_vout_open() (bsc#1050431).\n - mISDN: fix a loop count (bsc#1077191).\n - mm: pin address_space before dereferencing it while isolating an LRU\n page (bnc#1081500).\n - nfsd: do not share group_info among threads (bsc@1070623).\n - ocfs2: avoid blocking in ocfs2_mark_lockres_freeing() in downconvert\n thread (bsc#1076437).\n - ocfs2: do not set OCFS2_LOCK_UPCONVERT_FINISHING if nonblocking lock can\n not be granted at once (bsc#1076437).\n - ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with\n ocfs2_unblock_lock (bsc#962257).\n - powerpc/64: Add macros for annotating the destination of rfid/hrfid\n (bsc#1068032, bsc#1075088).\n - powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL\n (bsc#1068032, bsc#1075088).\n - powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL\n (bsc#1068032, bsc#1075088).\n - powerpc/64s: Add EX_SIZE definition for paca exception save areas\n (bsc#1068032, bsc#1075088).\n - powerpc/64s: Add support for RFI flush of L1-D cache (bsc#1068032,\n bsc#1075088).\n - powerpc/64s: Allow control of RFI flush via debugfs (bsc#1068032,\n bsc#1075088).\n - powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL\n (bsc#1068032, bsc#1075088).\n - powerpc/64s: Simple RFI macro conversions (bsc#1068032, bsc#1075088).\n - powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti\n (bsc#1068032, bsc#1075088).\n - powerpc/64s: Wire up cpu_show_meltdown() (bsc#1068032).\n - powerpc/asm: Allow including ppc_asm.h in asm files (bsc#1068032,\n bsc#1075088).\n - powerpc: Fix register clobbering when accumulating stolen time\n (bsc#1059174).\n - powerpc: Fix up the kdump base cap to 128M (bsc#1079917, bsc#1077487).\n - powerpc: Mark CONFIG_PPC_DEBUG_RFI as BROKEN (bsc#1075088).\n - powerpc/perf: Dereference BHRB entries safely (bsc#1064861, FATE#317619,\n git-fixes).\n - powerpc/perf: Fix book3s kernel to userspace backtraces (bsc#1080133).\n - powerpc/pseries: Add H_GET_CPU_CHARACTERISTICS flags &amp; wrapper\n (bsc#1068032, bsc#1075088).\n - powerpc/pseries: include linux/types.h in asm/hvcall.h (bsc#1068032,\n bsc#1075088).\n - powerpc/pseries: Introduce H_GET_CPU_CHARACTERISTICS (bsc#1068032,\n bsc#1075088).\n - powerpc/pseries: Kill all prefetch streams on context switch\n (bsc#1068032, bsc#1075088).\n - powerpc/pseries: Query hypervisor for RFI flush settings (bsc#1068032,\n bsc#1075088).\n - powerpc/pseries: rfi-flush: Call setup_rfi_flush() after LPM migration\n (bsc#1068032, bsc#1075088).\n - powerpc/pseries/rfi-flush: Call setup_rfi_flush() after LPM migration\n (bsc#1075088).\n - powerpc/pseries/rfi-flush: Drop PVR-based selection (bsc#1075088).\n - powerpc/rfi-flush: Add DEBUG_RFI config option (bsc#1068032,\n bsc#1075088).\n - powerpc/rfi-flush: Factor out init_fallback_flush() (bsc#1075088).\n - powerpc/rfi-flush: Make setup_rfi_flush() not __init (bsc#1075088).\n - powerpc/rfi-flush: Move RFI flush fields out of the paca (unbreak kABI)\n (bsc#1068032, bsc#1075088).\n - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code\n (bsc#1068032, bsc#1075088).\n - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code\n (bsc#1075088).\n - powerpc/vdso64: Use double word compare on pointers (bsc#1070781).\n - rfi-flush: Make DEBUG_RFI a CONFIG option (bsc#1068032, bsc#1075088).\n - rfi-flush: Move rfi_flush_fallback_area to end of paca (bsc#1075088).\n - rfi-flush: Move RFI flush fields out of the paca (unbreak kABI)\n (bsc#1075088).\n - rfi-flush: Switch to new linear fallback flush (bsc#1068032,\n bsc#1075088).\n - s390: add ppa to the idle loop (bnc#1077406, LTC#163910).\n - s390/cpuinfo: show facilities as reported by stfle (bnc#1076849,\n LTC#163741).\n - scsi: libiscsi: fix shifting of DID_REQUEUE host byte (bsc#1078875).\n - scsi: sr: wait for the medium to become ready (bsc#1048585).\n - scsi: virtio_scsi: let host do exception handling\n (bsc#936530,bsc#1060682).\n - storvsc: do not assume SG list is continuous when doing bounce buffers\n (bsc#1075410).\n - sysfs/cpu: Add vulnerability folder (bnc#1012382).\n - sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382).\n - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091).\n - Update config files: enable CPU vulnerabilities reporting via sysfs\n - x86/acpi: Handle SCI interrupts above legacy space gracefully\n (bsc#1068984).\n - x86/acpi: Reduce code duplication in mp_override_legacy_irq()\n (bsc#1068984).\n - x86/boot: Fix early command-line parsing when matching at end\n (bsc#1068032).\n - x86/cpu: Factor out application of forced CPU caps (bsc#1075994\n bsc#1075091).\n - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382).\n - x86/CPU: Sync CPU feature flags late (bsc#1075994 bsc#1075091).\n - x86/kaiser: Populate shadow PGD with NX bit only if supported by\n platform (bsc#1076154 bsc#1076278).\n - x86/kaiser: use trampoline stack for kernel entry.\n - x86/microcode/intel: Extend BDW late-loading further with LLC size check\n (bsc#1054305).\n - x86/microcode/intel: Extend BDW late-loading with a revision check\n (bsc#1054305).\n - x86/microcode: Rescan feature flags upon late loading (bsc#1075994\n bsc#1075091).\n - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active\n (bsc#1068032).\n - x86/spec_ctrl: handle late setting of X86_FEATURE_SPEC_CTRL properly\n (bsc#1075994 bsc#1075091).\n - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994\n bsc#1075091).\n - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091).\n\n", "cvss3": {}, "published": "2018-03-29T15:07:44", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-18079", "CVE-2017-13215", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2015-1142857", "CVE-2017-5715", "CVE-2018-5332", "CVE-2017-18017"], "modified": "2018-03-29T15:07:44", "id": "SUSE-SU-2018:0841-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00070.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-02-27T23:20:52", "description": "The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-5715: Systems with microprocessors utilizing speculative\n execution and indirect branch prediction may allow unauthorized\n disclosure\n of information to an attacker with local user access via a side-channel\n analysis (bnc#1068032).\n\n The previous fix using CPU Microcode has been complemented by building\n the Linux Kernel with return trampolines aka &quot;retpolines&quot;.\n\n - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function\n did not validate a value that is used during DMA page allocation,\n leading to a heap-based out-of-bounds write (related to the\n rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621).\n - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in\n net/rds/rdma.c mishandled cases where page pinning fails or an invalid\n address is supplied, leading to an rds_atomic_free_op NULL pointer\n dereference (bnc#1075617).\n - CVE-2017-18017: The tcpmss_mangle_packet function in\n net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers\n to cause a denial of service (use-after-free and memory corruption)\n or possibly have unspecified other impact by leveraging the presence of\n xt_TCPMSS in an iptables action (bnc#1074488).\n - CVE-2017-18079: drivers/input/serio/i8042.c in the Linux kernel allowed\n attackers to cause a denial of service (NULL pointer dereference and\n system crash) or possibly have unspecified other impact because the\n port-&gt;exists value can change after it is validated (bnc#1077922).\n - CVE-2015-1142857: On multiple SR-IOV cars it is possible for VF's\n assigned to guests to send ethernet flow control pause frames via the\n PF. (bnc#1077355).\n - CVE-2017-17741: The KVM implementation in the Linux kernel allowed\n attackers to obtain potentially sensitive information from kernel\n memory, aka a write_mmio stack-based out-of-bounds read, related to\n arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311).\n - CVE-2017-13215: A elevation of privilege vulnerability in the Upstream\n kernel skcipher. (bnc#1075908).\n - CVE-2018-1000004: In the Linux kernel a race condition vulnerability\n existed in the sound system, this can lead to a deadlock and denial of\n service condition (bnc#1076017).\n\n The following non-security bugs were fixed:\n\n - alsa: aloop: Fix inconsistent format due to incomplete rule\n (bsc#1045538).\n - alsa: aloop: Fix racy hw constraints adjustment (bsc#1045538).\n - alsa: aloop: Release cable upon open error path (bsc#1045538).\n - alsa: pcm: Abort properly at pending signal in OSS read/write loops\n (bsc#1045538).\n - alsa: pcm: Add missing error checks in OSS emulation plugin builder\n (bsc#1045538).\n - alsa: pcm: Allow aborting mutex lock at OSS read/write loops\n (bsc#1045538).\n - alsa: pcm: Remove incorrect snd_BUG_ON() usages (bsc#1045538).\n - alsa: pcm: Remove yet superfluous WARN_ON() (bsc#1045538).\n - btrfs: cleanup unnecessary assignment when cleaning up all the residual\n transaction (FATE#325056).\n - btrfs: copy fsid to super_block s_uuid (bsc#1080774).\n - btrfs: do not wait for all the writers circularly during the transaction\n commit (FATE#325056).\n - btrfs: do not WARN() in btrfs_transaction_abort() for IO errors\n (bsc#1080363).\n - btrfs: fix two use-after-free bugs with transaction cleanup\n (FATE#325056).\n - btrfs: make the state of the transaction more readable (FATE#325056).\n - btrfs: qgroup: exit the rescan worker during umount (bsc#1080685).\n - btrfs: qgroup: Fix dead judgement on qgroup_rescan_leaf() return value\n (bsc#1080685).\n - btrfs: reset intwrite on transaction abort (FATE#325056).\n - btrfs: set qgroup_ulist to be null after calling ulist_free()\n (bsc#1080359).\n - btrfs: stop waiting on current trans if we aborted (FATE#325056).\n - cdc-acm: apply quirk for card reader (bsc#1060279).\n - cdrom: factor out common open_for_* code (bsc#1048585).\n - cdrom: wait for tray to close (bsc#1048585).\n - delay: add poll_event_interruptible (bsc#1048585).\n - dm flakey: add corrupt_bio_byte feature (bsc#1080372).\n - dm flakey: add drop_writes (bsc#1080372).\n - dm flakey: error READ bios during the down_interval (bsc#1080372).\n - dm flakey: fix crash on read when corrupt_bio_byte not set (bsc#1080372).\n - dm flakey: fix reads to be issued if drop_writes configured\n (bsc#1080372).\n - dm flakey: introduce &quot;error_writes&quot; feature (bsc#1080372).\n - dm flakey: support feature args (bsc#1080372).\n - dm flakey: use dm_target_offset and support discards (bsc#1080372).\n - ext2: free memory allocated and forget buffer head when io error happens\n (bnc#1069508).\n - ext2: use unlikely to improve the efficiency of the kernel (bnc#1069508).\n - ext3: add necessary check in case IO error happens (bnc#1069508).\n - ext3: use unlikely to improve the efficiency of the kernel (bnc#1069508).\n - fork: clear thread stack upon allocation (bsc#1077560).\n - kaiser: Add proper NX handling for !NX-capable systems also to\n kaiser_add_user_map(). (bsc#1076278).\n - kaiser: do not clobber ZF by calling ENABLE_IBRS after test and before jz\n - kaiser: fix ia32 compat sysexit (bsc#1080579) sysexit_from_sys_call\n cannot make assumption of accessible stack after CR3 switch, and\n therefore should use the SWITCH_USER_CR3_NO_STACK method to flip the\n pagetable hierarchy.\n - kaiser: Fix trampoline stack loading issue on XEN PV\n - kaiser: handle non-accessible stack in sysretl_from_sys_call properly\n (bsc#bsc#1080579)\n - kaiser: make sure not to touch stack after CR3 switch in compat syscall\n return\n - kaiser: really do switch away from trampoline stack to kernel stack in\n ia32_syscall entry (bsc#1080579)\n - kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621\n bsc#1068032).\n - keys: trusted: fix writing past end of buffer in trusted_read()\n (bsc#1074880).\n - media: omap_vout: Fix a possible null pointer dereference in\n omap_vout_open() (bsc#1050431).\n - mISDN: fix a loop count (bsc#1077191).\n - nfsd: do not share group_info among threads (bsc@1070623).\n - ocfs2: avoid blocking in ocfs2_mark_lockres_freeing() in downconvert\n thread (bsc#1076437).\n - ocfs2: do not set OCFS2_LOCK_UPCONVERT_FINISHING if nonblocking lock can\n not be granted at once (bsc#1076437).\n - ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with\n ocfs2_unblock_lock (bsc#962257).\n - powerpc/64: Add macros for annotating the destination of rfid/hrfid\n (bsc#1068032, bsc#1075088).\n - powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL\n (bsc#1068032, bsc#1075088).\n - powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL\n (bsc#1068032, bsc#1075088).\n - powerpc/64s: Add EX_SIZE definition for paca exception save areas\n (bsc#1068032, bsc#1075088).\n - powerpc/64s: Add support for RFI flush of L1-D cache (bsc#1068032,\n bsc#1075088).\n - powerpc/64s: Allow control of RFI flush via debugfs (bsc#1068032,\n bsc#1075088).\n - powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL\n (bsc#1068032, bsc#1075088).\n - powerpc/64s: Simple RFI macro conversions (bsc#1068032, bsc#1075088).\n - powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti\n (bsc#1068032, bsc#1075088).\n - powerpc/64s: Wire up cpu_show_meltdown() (bsc#1068032).\n - powerpc/asm: Allow including ppc_asm.h in asm files (bsc#1068032,\n bsc#1075088).\n - powerpc: Fix register clobbering when accumulating stolen time\n (bsc#1059174).\n - powerpc: Fix up the kdump base cap to 128M (bsc#1079917, bsc#1077487).\n - powerpc: Mark CONFIG_PPC_DEBUG_RFI as BROKEN (bsc#1075088).\n - powerpc/perf: Dereference BHRB entries safely (bsc#1064861, FATE#317619,\n git-fixes).\n - powerpc/perf: Fix book3s kernel to userspace backtraces (bsc#1080133).\n - powerpc/pseries: Add H_GET_CPU_CHARACTERISTICS flags &amp; wrapper\n (bsc#1068032, bsc#1075088).\n - powerpc/pseries: include linux/types.h in asm/hvcall.h (bsc#1068032,\n bsc#1075088).\n - powerpc/pseries: Introduce H_GET_CPU_CHARACTERISTICS (bsc#1068032,\n bsc#1075088).\n - powerpc/pseries: Kill all prefetch streams on context switch\n (bsc#1068032, bsc#1075088).\n - powerpc/pseries: Query hypervisor for RFI flush settings (bsc#1068032,\n bsc#1075088).\n - powerpc/pseries: rfi-flush: Call setup_rfi_flush() after LPM migration\n (bsc#1068032, bsc#1075088).\n - powerpc/pseries/rfi-flush: Call setup_rfi_flush() after LPM migration\n (bsc#1075088).\n - powerpc/pseries/rfi-flush: Drop PVR-based selection (bsc#1075088).\n - powerpc/rfi-flush: Add DEBUG_RFI config option (bsc#1068032,\n bsc#1075088).\n - powerpc/rfi-flush: Factor out init_fallback_flush() (bsc#1075088).\n - powerpc/rfi-flush: Make setup_rfi_flush() not __init (bsc#1075088).\n - powerpc/rfi-flush: Move RFI flush fields out of the paca (unbreak kABI)\n (bsc#1068032, bsc#1075088).\n - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code\n (bsc#1068032, bsc#1075088).\n - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code\n (bsc#1075088).\n - powerpc/vdso64: Use double word compare on pointers (bsc#1070781).\n - rfi-flush: Make DEBUG_RFI a CONFIG option (bsc#1068032, bsc#1075088).\n - rfi-flush: Move rfi_flush_fallback_area to end of paca (bsc#1075088).\n - rfi-flush: Move RFI flush fields out of the paca (unbreak kABI)\n (bsc#1075088).\n - rfi-flush: Switch to new linear fallback flush (bsc#1068032,bsc#1075088).\n - s390: add ppa to the idle loop (bnc#1077406, LTC#163910).\n - s390/cpuinfo: show facilities as reported by stfle (bnc#1076849,\n LTC#163741).\n - scsi: libiscsi: fix shifting of DID_REQUEUE host byte (bsc#1078875).\n - scsi: sr: wait for the medium to become ready (bsc#1048585).\n - scsi: virtio_scsi: let host do exception handling\n (bsc#936530,bsc#1060682).\n - storvsc: do not assume SG list is continuous when doing bounce buffers\n (bsc#1075410).\n - sysfs/cpu: Add vulnerability folder (bnc#1012382).\n - sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382).\n - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091).\n - x86/acpi: Handle SCI interrupts above legacy space gracefully\n (bsc#1068984).\n - x86/acpi: Reduce code duplication in mp_override_legacy_irq()\n (bsc#1068984).\n - x86, asm: Extend definitions of _ASM_* with a raw format (bsc#1068032\n CVE-2017-5754).\n - x86/boot: Fix early command-line parsing when matching at end\n (bsc#1068032).\n - x86/cpu: Factor out application of forced CPU caps (bsc#1075994\n bsc#1075091).\n - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382).\n - x86/CPU: Sync CPU feature flags late (bsc#1075994 bsc#1075091).\n - x86/kaiser: Populate shadow PGD with NX bit only if supported by\n platform (bsc#1076154 bsc#1076278).\n - x86/kaiser: use trampoline stack for kernel entry.\n - x86/microcode/intel: Extend BDW late-loading further with LLC size check\n (bsc#1054305).\n - x86/microcode/intel: Extend BDW late-loading with a revision check\n (bsc#1054305).\n - x86/microcode: Rescan feature flags upon late loading (bsc#1075994\n bsc#1075091).\n - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active\n (bsc#1068032).\n - x86/spec_ctrl: handle late setting of X86_FEATURE_SPEC_CTRL properly\n (bsc#1075994 bsc#1075091).\n - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994\n bsc#1075091).\n - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091).\n - x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL\n (bsc#1068032 CVE-2017-5715).\n - mm: pin address_space before dereferencing it while isolating an LRU\n page (bnc#1081500).\n\n", "cvss3": {}, "published": "2018-02-27T21:07:43", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-18079", "CVE-2017-5754", "CVE-2017-13215", "CVE-2018-1000004", "CVE-2018-5333", "CVE-2017-17741", "CVE-2015-1142857", "CVE-2017-5715", "CVE-2018-5332", "CVE-2017-18017"], "modified": "2018-02-27T21:07:43", "id": "SUSE-SU-2018:0555-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-02/msg00047.html", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2022-01-04T11:57:43", "description": "USN-3655-1 fixed vulnerabilities and added mitigations in the Linux \nkernel for Ubuntu 14.04 LTS. This update provides the corresponding \nupdates for the Linux Hardware Enablement (HWE) kernel from Ubuntu \n14.04 LTS for Ubuntu 12.04 ESM.\n\nJann Horn and Ken Johnson discovered that microprocessors utilizing \nspeculative execution of a memory read may allow unauthorized memory \nreads via a sidechannel attack. This flaw is known as Spectre \nVariant 4. A local attacker could use this to expose sensitive \ninformation, including kernel memory. (CVE-2018-3639)\n\nJan H. Sch\u00f6nherr discovered that the Xen subsystem did not properly handle \nblock IO merges correctly in some situations. An attacker in a guest vm \ncould use this to cause a denial of service (host crash) or possibly gain \nadministrative privileges in the host. (CVE-2017-12134)\n\nIt was discovered that the Bluetooth HIP Protocol implementation in the \nLinux kernel did not properly validate HID connection setup information. An \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2017-13220)\n\nIt was discovered that a buffer overread vulnerability existed in the \nkeyring subsystem of the Linux kernel. A local attacker could possibly use \nthis to expose sensitive information (kernel memory). (CVE-2017-13305)\n\nIt was discovered that the netlink subsystem in the Linux kernel did not \nproperly restrict observations of netlink messages to the appropriate net \nnamespace. A local attacker could use this to expose sensitive information \n(kernel netlink traffic). (CVE-2017-17449)\n\nIt was discovered that a race condition existed in the i8042 serial device \ndriver implementation in the Linux kernel. A physically proximate attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2017-18079)\n\nIt was discovered that a race condition existed in the Device Mapper \ncomponent of the Linux kernel. A local attacker could use this to cause a \ndenial of service (system crash). (CVE-2017-18203)\n\nIt was discovered that a race condition existed in the OCFS2 file system \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (kernel deadlock). (CVE-2017-18204)\n\nIt was discovered that an infinite loop could occur in the madvise(2) \nimplementation in the Linux kernel in certain circumstances. A local \nattacker could use this to cause a denial of service (system hang). \n(CVE-2017-18208)\n\nKefeng Wang discovered that a race condition existed in the memory locking \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service. (CVE-2017-18221)\n\nSilvio Cesare discovered a buffer overwrite existed in the NCPFS \nimplementation in the Linux kernel. A remote attacker controlling a \nmalicious NCPFS server could use this to cause a denial of service (system \ncrash) or possibly execute arbitrary code. (CVE-2018-8822)\n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-05-22T00:00:00", "type": "ubuntu", "title": "Linux kernel (Trusty HWE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18079", "CVE-2017-18204", "CVE-2017-17449", "CVE-2017-18221", "CVE-2018-8822", "CVE-2017-18203", "CVE-2017-18208", "CVE-2018-3639", "CVE-2017-13220", "CVE-2017-12134", "CVE-2017-13305"], "modified": "2018-05-22T00:00:00", "id": "USN-3655-2", "href": "https://ubuntu.com/security/notices/USN-3655-2", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T11:57:43", "description": "Jann Horn and Ken Johnson discovered that microprocessors utilizing \nspeculative execution of a memory read may allow unauthorized memory \nreads via a sidechannel attack. This flaw is known as Spectre \nVariant 4. A local attacker could use this to expose sensitive \ninformation, including kernel memory. (CVE-2018-3639)\n\nJan H. Sch\u00f6nherr discovered that the Xen subsystem did not properly handle \nblock IO merges correctly in some situations. An attacker in a guest vm \ncould use this to cause a denial of service (host crash) or possibly gain \nadministrative privileges in the host. (CVE-2017-12134)\n\nIt was discovered that the Bluetooth HIP Protocol implementation in the \nLinux kernel did not properly validate HID connection setup information. An \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2017-13220)\n\nIt was discovered that a buffer overread vulnerability existed in the \nkeyring subsystem of the Linux kernel. A local attacker could possibly use \nthis to expose sensitive information (kernel memory). (CVE-2017-13305)\n\nIt was discovered that the netlink subsystem in the Linux kernel did not \nproperly restrict observations of netlink messages to the appropriate net \nnamespace. A local attacker could use this to expose sensitive information \n(kernel netlink traffic). (CVE-2017-17449)\n\nIt was discovered that a race condition existed in the i8042 serial device \ndriver implementation in the Linux kernel. A physically proximate attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2017-18079)\n\nIt was discovered that a race condition existed in the Device Mapper \ncomponent of the Linux kernel. A local attacker could use this to cause a \ndenial of service (system crash). (CVE-2017-18203)\n\nIt was discovered that a race condition existed in the OCFS2 file system \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (kernel deadlock). (CVE-2017-18204)\n\nIt was discovered that an infinite loop could occur in the madvise(2) \nimplementation in the Linux kernel in certain circumstances. A local \nattacker could use this to cause a denial of service (system hang). \n(CVE-2017-18208)\n\nKefeng Wang discovered that a race condition existed in the memory locking \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service. (CVE-2017-18221)\n\nSilvio Cesare discovered a buffer overwrite existed in the NCPFS \nimplementation in the Linux kernel. A remote attacker controlling a \nmalicious NCPFS server could use this to cause a denial of service (system \ncrash) or possibly execute arbitrary code. (CVE-2018-8822)\n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 6.0}, "published": "2018-05-22T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18079", "CVE-2017-18204", "CVE-2017-17449", "CVE-2017-18221", "CVE-2018-8822", "CVE-2017-18203", "CVE-2017-18208", "CVE-2018-3639", "CVE-2017-13220", "CVE-2017-12134", "CVE-2017-13305"], "modified": "2018-05-22T00:00:00", "id": "USN-3655-1", "href": "https://ubuntu.com/security/notices/USN-3655-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}