In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load.
{"ubuntucve": [{"lastseen": "2021-11-22T21:32:32", "description": "In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf\ncfs_rq's, which allows attackers to cause a denial of service (infinite\nloop in update_blocked_averages) or possibly have unspecified other impact\nby inducing a high load.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-02-22T00:00:00", "type": "ubuntucve", "title": "CVE-2018-20784", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20784"], "modified": "2019-02-22T00:00:00", "id": "UB:CVE-2018-20784", "href": "https://ubuntu.com/security/CVE-2018-20784", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "f5": [{"lastseen": "2020-04-06T22:40:53", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability, and no F5 products were found to be vulnerable.\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of AskF5 Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-03-12T18:53:00", "type": "f5", "title": "Linux kernel vulnerability CVE-2018-20784", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20784"], "modified": "2019-03-12T18:53:00", "id": "F5:K65260085", "href": "https://support.f5.com/csp/article/K65260085", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T15:59:01", "description": "In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-02-22T15:29:00", "type": "cve", "title": "CVE-2018-20784", "cwe": ["CWE-835"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20784"], "modified": "2021-06-02T15:28:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:linux:linux_kernel:5.0", "cpe:/o:redhat:enterprise_linux:8.0", "cpe:/o:redhat:enterprise_linux_for_real_time:8"], "id": "CVE-2018-20784", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20784", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_for_real_time:8:*:*:*:*:*:*:*", "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "cpe:2.3:o:linux:linux_kernel:5.0:rc1:*:*:*:*:*:*"]}], "redhatcve": [{"lastseen": "2022-06-08T08:14:35", "description": "The CFS Linux kernel scheduler mishandles handling of leaf cfs_rq's in the kernel/sched/fair.c code, which allows a local unprivileged attacker to cause a denial of service (DoS) by entering an infinite loop in update_blocked_averages() function by inducing a high load on a system. Due to the nature of the flaw, a remote network attack (by initiating a magnitude of remote requests) cannot be fully ruled out.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-12-24T09:52:09", "type": "redhatcve", "title": "CVE-2018-20784", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20784"], "modified": "2022-06-08T05:23:01", "id": "RH:CVE-2018-20784", "href": "https://access.redhat.com/security/cve/cve-2018-20784", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntu": [{"lastseen": "2022-01-04T11:32:50", "description": "Zhipeng Xie discovered that an infinite loop could be triggered in the CFS \nLinux kernel process scheduler. A local attacker could possibly use this to \ncause a denial of service. (CVE-2018-20784)\n\nNicolas Waisman discovered that the WiFi driver stack in the Linux kernel \ndid not properly validate SSID lengths. A physically proximate attacker \ncould use this to cause a denial of service (system crash). \n(CVE-2019-17133)\n\nNicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux \nkernel performed DMA from a kernel stack. A local attacker could use this \nto cause a denial of service (system crash). (CVE-2019-17075)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-12-03T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17075", "CVE-2019-17133", "CVE-2018-20784"], "modified": "2019-12-03T00:00:00", "id": "USN-4211-1", "href": "https://ubuntu.com/security/notices/USN-4211-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-04T11:32:44", "description": "USN-4211-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu \n14.04 ESM.\n\nZhipeng Xie discovered that an infinite loop could be triggered in the CFS \nLinux kernel process scheduler. A local attacker could possibly use this to \ncause a denial of service. (CVE-2018-20784)\n\nNicolas Waisman discovered that the WiFi driver stack in the Linux kernel \ndid not properly validate SSID lengths. A physically proximate attacker \ncould use this to cause a denial of service (system crash). \n(CVE-2019-17133)\n\nNicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux \nkernel performed DMA from a kernel stack. A local attacker could use this \nto cause a denial of service (system crash). (CVE-2019-17075)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-12-03T00:00:00", "type": "ubuntu", "title": "Linux kernel (Xenial HWE) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17075", "CVE-2019-17133", "CVE-2018-20784"], "modified": "2019-12-03T00:00:00", "id": "USN-4211-2", "href": "https://ubuntu.com/security/notices/USN-4211-2", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-04T11:37:43", "description": "USN 4115-1 fixed vulnerabilities in the Linux 4.15 kernel for Ubuntu \n18.04 LTS and Ubuntu 16.04 LTS. Unfortunately, as part of the update, \na regression was introduced that caused a kernel crash when handling \nfragmented packets in some situations. This update addresses the issue.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nHui Peng and Mathias Payer discovered that the Option USB High Speed driver \nin the Linux kernel did not properly validate metadata received from the \ndevice. A physically proximate attacker could use this to cause a denial of \nservice (system crash). (CVE-2018-19985)\n\nZhipeng Xie discovered that an infinite loop could triggered in the CFS \nLinux kernel process scheduler. A local attacker could possibly use this to \ncause a denial of service. (CVE-2018-20784)\n\nIt was discovered that the Intel Wi-Fi device driver in the Linux kernel did \nnot properly validate certain Tunneled Direct Link Setup (TDLS). A \nphysically proximate attacker could use this to cause a denial of service \n(Wi-Fi disconnect). (CVE-2019-0136)\n\nIt was discovered that the Bluetooth UART implementation in the Linux \nkernel did not properly check for missing tty operations. A local attacker \ncould use this to cause a denial of service. (CVE-2019-10207)\n\nAmit Klein and Benny Pinkas discovered that the Linux kernel did not \nsufficiently randomize IP ID values generated for connectionless networking \nprotocols. A remote attacker could use this to track particular Linux \ndevices. (CVE-2019-10638)\n\nAmit Klein and Benny Pinkas discovered that the location of kernel \naddresses could be exposed by the implementation of connection-less network \nprotocols in the Linux kernel. A remote attacker could possibly use this to \nassist in the exploitation of another vulnerability in the Linux kernel. \n(CVE-2019-10639)\n\nIt was discovered that an integer overflow existed in the Linux kernel when \nreference counting pages, leading to potential use-after-free issues. A \nlocal attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2019-11487)\n\nJann Horn discovered that a race condition existed in the Linux kernel when \nperforming core dumps. A local attacker could use this to cause a denial of \nservice (system crash) or expose sensitive information. (CVE-2019-11599)\n\nIt was discovered that a null pointer dereference vulnerability existed in \nthe LSI Logic MegaRAID driver in the Linux kernel. A local attacker could \nuse this to cause a denial of service (system crash). (CVE-2019-11810)\n\nIt was discovered that the GTCO tablet input driver in the Linux kernel did \nnot properly bounds check the initial HID report sent by the device. A \nphysically proximate attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2019-13631)\n\nPraveen Pandey discovered that the Linux kernel did not properly validate \nsent signals in some situations on PowerPC systems with transactional \nmemory disabled. A local attacker could use this to cause a denial of \nservice. (CVE-2019-13648)\n\nIt was discovered that the floppy driver in the Linux kernel did not \nproperly validate meta data, leading to a buffer overread. A local attacker \ncould use this to cause a denial of service (system crash). \n(CVE-2019-14283)\n\nIt was discovered that the floppy driver in the Linux kernel did not \nproperly validate ioctl() calls, leading to a division-by-zero. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2019-14284)\n\nTuba Yavuz discovered that a race condition existed in the DesignWare USB3 \nDRD Controller device driver in the Linux kernel. A physically proximate \nattacker could use this to cause a denial of service. (CVE-2019-14763)\n\nIt was discovered that an out-of-bounds read existed in the QLogic QEDI \niSCSI Initiator Driver in the Linux kernel. A local attacker could possibly \nuse this to expose sensitive information (kernel memory). (CVE-2019-15090)\n\nIt was discovered that the Raremono AM/FM/SW radio device driver in the \nLinux kernel did not properly allocate memory, leading to a use-after-free. \nA physically proximate attacker could use this to cause a denial of service \nor possibly execute arbitrary code. (CVE-2019-15211)\n\nIt was discovered at a double-free error existed in the USB Rio 500 device \ndriver for the Linux kernel. A physically proximate attacker could use this \nto cause a denial of service. (CVE-2019-15212)\n\nIt was discovered that a race condition existed in the Advanced Linux Sound \nArchitecture (ALSA) subsystem of the Linux kernel, leading to a potential \nuse-after-free. A physically proximate attacker could use this to cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2019-15214)\n\nIt was discovered that a race condition existed in the CPiA2 video4linux \ndevice driver for the Linux kernel, leading to a use-after-free. A \nphysically proximate attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2019-15215)\n\nIt was discovered that a race condition existed in the Softmac USB Prism54 \ndevice driver in the Linux kernel. A physically proximate attacker could \nuse this to cause a denial of service (system crash). (CVE-2019-15220)\n\nIt was discovered that a use-after-free vulnerability existed in the \nAppleTalk implementation in the Linux kernel if an error occurs during \ninitialization. A local attacker could use this to cause a denial of \nservice (system crash). (CVE-2019-15292)\n\nJason Wang discovered that an infinite loop vulnerability existed in the \nvirtio net driver in the Linux kernel. A local attacker in a guest VM could \npossibly use this to cause a denial of service in the host system. \n(CVE-2019-3900)\n\nDaniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered \nthat the Bluetooth protocol BR/EDR specification did not properly require \nsufficiently strong encryption key lengths. A physically proximate attacker \ncould use this to expose sensitive information. (CVE-2019-9506)\n\nIt was discovered that a race condition existed in the USB YUREX device \ndriver in the Linux kernel. A physically proximate attacker could use this \nto cause a denial of service (system crash). (CVE-2019-15216)\n\nIt was discovered that the Siano USB MDTV receiver device driver in the \nLinux kernel made improper assumptions about the device characteristics. A \nphysically proximate attacker could use this cause a denial of service \n(system crash). (CVE-2019-15218)\n\nIt was discovered that the Line 6 POD USB device driver in the Linux kernel \ndid not properly validate data size information from the device. A \nphysically proximate attacker could use this to cause a denial of service \n(system crash). (CVE-2019-15221)\n\nMuyu Yu discovered that the CAN implementation in the Linux kernel in some \nsituations did not properly restrict the field size when processing \noutgoing frames. A local attacker with CAP_NET_ADMIN privileges could use \nthis to execute arbitrary code. (CVE-2019-3701)\n\nVladis Dronov discovered that the debug interface for the Linux kernel's \nHID subsystem did not properly validate passed parameters in some \nsituations. A local privileged attacker could use this to cause a denial of \nservice (infinite loop). (CVE-2019-3819)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-09-11T00:00:00", "type": "ubuntu", "title": "Linux kernel regression", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-3900", "CVE-2019-10207", "CVE-2019-15090", "CVE-2019-14284", "CVE-2019-14763", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-3819", "CVE-2019-0136", "CVE-2019-10639", "CVE-2019-11810", "CVE-2019-15218", "CVE-2019-15292", "CVE-2019-15211", "CVE-2019-15215", "CVE-2019-11487", "CVE-2019-11599", "CVE-2019-10638", "CVE-2019-13648", "CVE-2019-14283", "CVE-2018-19985", "CVE-2018-20784", "CVE-2019-3701", "CVE-2019-15214", "CVE-2019-13631", "CVE-2019-15212", "CVE-2019-15216", "CVE-2019-9506"], "modified": "2019-09-11T00:00:00", "id": "USN-4115-2", "href": "https://ubuntu.com/security/notices/USN-4115-2", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-01-04T11:38:17", "description": "Hui Peng and Mathias Payer discovered that the Option USB High Speed driver \nin the Linux kernel did not properly validate metadata received from the \ndevice. A physically proximate attacker could use this to cause a denial of \nservice (system crash). (CVE-2018-19985)\n\nZhipeng Xie discovered that an infinite loop could be triggered in the CFS \nLinux kernel process scheduler. A local attacker could possibly use this to \ncause a denial of service. (CVE-2018-20784)\n\nIt was discovered that the Intel Wi-Fi device driver in the Linux kernel did \nnot properly validate certain Tunneled Direct Link Setup (TDLS). A \nphysically proximate attacker could use this to cause a denial of service \n(Wi-Fi disconnect). (CVE-2019-0136)\n\nIt was discovered that the Bluetooth UART implementation in the Linux \nkernel did not properly check for missing tty operations. A local attacker \ncould use this to cause a denial of service. (CVE-2019-10207)\n\nAmit Klein and Benny Pinkas discovered that the Linux kernel did not \nsufficiently randomize IP ID values generated for connectionless networking \nprotocols. A remote attacker could use this to track particular Linux \ndevices. (CVE-2019-10638)\n\nAmit Klein and Benny Pinkas discovered that the location of kernel \naddresses could be exposed by the implementation of connection-less network \nprotocols in the Linux kernel. A remote attacker could possibly use this to \nassist in the exploitation of another vulnerability in the Linux kernel. \n(CVE-2019-10639)\n\nIt was discovered that an integer overflow existed in the Linux kernel when \nreference counting pages, leading to potential use-after-free issues. A \nlocal attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2019-11487)\n\nJann Horn discovered that a race condition existed in the Linux kernel when \nperforming core dumps. A local attacker could use this to cause a denial of \nservice (system crash) or expose sensitive information. (CVE-2019-11599)\n\nIt was discovered that a null pointer dereference vulnerability existed in \nthe LSI Logic MegaRAID driver in the Linux kernel. A local attacker could \nuse this to cause a denial of service (system crash). (CVE-2019-11810)\n\nIt was discovered that the GTCO tablet input driver in the Linux kernel did \nnot properly bounds check the initial HID report sent by the device. A \nphysically proximate attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2019-13631)\n\nPraveen Pandey discovered that the Linux kernel did not properly validate \nsent signals in some situations on PowerPC systems with transactional \nmemory disabled. A local attacker could use this to cause a denial of \nservice. (CVE-2019-13648)\n\nIt was discovered that the floppy driver in the Linux kernel did not \nproperly validate meta data, leading to a buffer overread. A local attacker \ncould use this to cause a denial of service (system crash). \n(CVE-2019-14283)\n\nIt was discovered that the floppy driver in the Linux kernel did not \nproperly validate ioctl() calls, leading to a division-by-zero. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2019-14284)\n\nTuba Yavuz discovered that a race condition existed in the DesignWare USB3 \nDRD Controller device driver in the Linux kernel. A physically proximate \nattacker could use this to cause a denial of service. (CVE-2019-14763)\n\nIt was discovered that an out-of-bounds read existed in the QLogic QEDI \niSCSI Initiator Driver in the Linux kernel. A local attacker could possibly \nuse this to expose sensitive information (kernel memory). (CVE-2019-15090)\n\nIt was discovered that the Raremono AM/FM/SW radio device driver in the \nLinux kernel did not properly allocate memory, leading to a use-after-free. \nA physically proximate attacker could use this to cause a denial of service \nor possibly execute arbitrary code. (CVE-2019-15211)\n\nIt was discovered at a double-free error existed in the USB Rio 500 device \ndriver for the Linux kernel. A physically proximate attacker could use this \nto cause a denial of service. (CVE-2019-15212)\n\nIt was discovered that a race condition existed in the Advanced Linux Sound \nArchitecture (ALSA) subsystem of the Linux kernel, leading to a potential \nuse-after-free. A physically proximate attacker could use this to cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2019-15214)\n\nIt was discovered that a race condition existed in the CPiA2 video4linux \ndevice driver for the Linux kernel, leading to a use-after-free. A \nphysically proximate attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2019-15215)\n\nIt was discovered that a race condition existed in the Softmac USB Prism54 \ndevice driver in the Linux kernel. A physically proximate attacker could \nuse this to cause a denial of service (system crash). (CVE-2019-15220)\n\nIt was discovered that a use-after-free vulnerability existed in the \nAppleTalk implementation in the Linux kernel if an error occurs during \ninitialization. A local attacker could use this to cause a denial of \nservice (system crash). (CVE-2019-15292)\n\nJason Wang discovered that an infinite loop vulnerability existed in the \nvirtio net driver in the Linux kernel. A local attacker in a guest VM could \npossibly use this to cause a denial of service in the host system. \n(CVE-2019-3900)\n\nDaniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered \nthat the Bluetooth protocol BR/EDR specification did not properly require \nsufficiently strong encryption key lengths. A physically proximate attacker \ncould use this to expose sensitive information. (CVE-2019-9506)\n\nIt was discovered that a race condition existed in the USB YUREX device \ndriver in the Linux kernel. A physically proximate attacker could use this \nto cause a denial of service (system crash). (CVE-2019-15216)\n\nIt was discovered that the Siano USB MDTV receiver device driver in the \nLinux kernel made improper assumptions about the device characteristics. A \nphysically proximate attacker could use this cause a denial of service \n(system crash). (CVE-2019-15218)\n\nIt was discovered that the Line 6 POD USB device driver in the Linux kernel \ndid not properly validate data size information from the device. A \nphysically proximate attacker could use this to cause a denial of service \n(system crash). (CVE-2019-15221)\n\nMuyu Yu discovered that the CAN implementation in the Linux kernel in some \nsituations did not properly restrict the field size when processing \noutgoing frames. A local attacker with CAP_NET_ADMIN privileges could use \nthis to execute arbitrary code. (CVE-2019-3701)\n\nVladis Dronov discovered that the debug interface for the Linux kernel's \nHID subsystem did not properly validate passed parameters in some \nsituations. A local privileged attacker could use this to cause a denial of \nservice (infinite loop). (CVE-2019-3819)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-09-02T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-3900", "CVE-2019-10207", "CVE-2019-15090", "CVE-2019-14284", "CVE-2019-14763", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-3819", "CVE-2019-0136", "CVE-2019-10639", "CVE-2019-11810", "CVE-2019-15218", "CVE-2019-15292", "CVE-2019-15211", "CVE-2019-15215", "CVE-2019-11487", "CVE-2019-11599", "CVE-2019-10638", "CVE-2019-13648", "CVE-2019-14283", "CVE-2018-19985", "CVE-2018-20784", "CVE-2019-3701", "CVE-2019-15214", "CVE-2019-13631", "CVE-2019-15212", "CVE-2019-15216", "CVE-2019-9506"], "modified": "2019-09-02T00:00:00", "id": "USN-4115-1", "href": "https://ubuntu.com/security/notices/USN-4115-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-26T02:19:58", "description": "It was discovered that the alarmtimer implementation in the Linux kernel \ncontained an integer overflow vulnerability. A local attacker could use \nthis to cause a denial of service. (CVE-2018-13053)\n\nWen Xu discovered that the XFS filesystem implementation in the Linux \nkernel did not properly track inode validations. An attacker could use this \nto construct a malicious XFS image that, when mounted, could cause a denial \nof service (system crash). (CVE-2018-13093)\n\nWen Xu discovered that the f2fs file system implementation in the Linux \nkernel did not properly validate metadata. An attacker could use this to \nconstruct a malicious f2fs image that, when mounted, could cause a denial \nof service (system crash). (CVE-2018-13096, CVE-2018-13097, CVE-2018-13098, \nCVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14615, \nCVE-2018-14616)\n\nWen Xu and Po-Ning Tseng discovered that btrfs file system implementation \nin the Linux kernel did not properly validate metadata. An attacker could \nuse this to construct a malicious btrfs image that, when mounted, could \ncause a denial of service (system crash). (CVE-2018-14609, CVE-2018-14610, \nCVE-2018-14611, CVE-2018-14612, CVE-2018-14613)\n\nWen Xu discovered that the HFS+ filesystem implementation in the Linux \nkernel did not properly handle malformed catalog data in some situations. \nAn attacker could use this to construct a malicious HFS+ image that, when \nmounted, could cause a denial of service (system crash). (CVE-2018-14617)\n\nVasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem \nof the Linux kernel did not properly initialize new files in some \nsituations. A local attacker could use this to expose sensitive \ninformation. (CVE-2018-16862)\n\nHui Peng and Mathias Payer discovered that the Option USB High Speed driver \nin the Linux kernel did not properly validate metadata received from the \ndevice. A physically proximate attacker could use this to cause a denial of \nservice (system crash). (CVE-2018-19985)\n\nHui Peng and Mathias Payer discovered that the USB subsystem in the Linux \nkernel did not properly handle size checks when handling an extra USB \ndescriptor. A physically proximate attacker could use this to cause a \ndenial of service (system crash). (CVE-2018-20169)\n\nZhipeng Xie discovered that an infinite loop could be triggered in the CFS \nLinux kernel process scheduler. A local attacker could possibly use this to \ncause a denial of service. (CVE-2018-20784)\n\nIt was discovered that a use-after-free error existed in the block layer \nsubsystem of the Linux kernel when certain failure conditions occurred. A \nlocal attacker could possibly use this to cause a denial of service (system \ncrash) or possibly execute arbitrary code. (CVE-2018-20856)\n\nEli Biham and Lior Neumann discovered that the Bluetooth implementation in \nthe Linux kernel did not properly validate elliptic curve parameters during \nDiffie-Hellman key exchange in some situations. An attacker could use this \nto expose sensitive information. (CVE-2018-5383)\n\nIt was discovered that the Intel Wi-Fi device driver in the Linux kernel did \nnot properly validate certain Tunneled Direct Link Setup (TDLS). A \nphysically proximate attacker could use this to cause a denial of service \n(Wi-Fi disconnect). (CVE-2019-0136)\n\nIt was discovered that a heap buffer overflow existed in the Marvell \nWireless LAN device driver for the Linux kernel. An attacker could use this \nto cause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2019-10126)\n\nIt was discovered that the Bluetooth UART implementation in the Linux \nkernel did not properly check for missing tty operations. A local attacker \ncould use this to cause a denial of service. (CVE-2019-10207)\n\nAmit Klein and Benny Pinkas discovered that the Linux kernel did not \nsufficiently randomize IP ID values generated for connectionless networking \nprotocols. A remote attacker could use this to track particular Linux \ndevices. (CVE-2019-10638)\n\nAmit Klein and Benny Pinkas discovered that the location of kernel \naddresses could be exposed by the implementation of connection-less network \nprotocols in the Linux kernel. A remote attacker could possibly use this to \nassist in the exploitation of another vulnerability in the Linux kernel. \n(CVE-2019-10639)\n\nAdam Zabrocki discovered that the Intel i915 kernel mode graphics driver in \nthe Linux kernel did not properly restrict mmap() ranges in some \nsituations. A local attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2019-11085)\n\nIt was discovered that an integer overflow existed in the Linux kernel when \nreference counting pages, leading to potential use-after-free issues. A \nlocal attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2019-11487)\n\nJann Horn discovered that a race condition existed in the Linux kernel when \nperforming core dumps. A local attacker could use this to cause a denial of \nservice (system crash) or expose sensitive information. (CVE-2019-11599)\n\nIt was discovered that a null pointer dereference vulnerability existed in \nthe LSI Logic MegaRAID driver in the Linux kernel. A local attacker could \nuse this to cause a denial of service (system crash). (CVE-2019-11810)\n\nIt was discovered that a race condition leading to a use-after-free existed \nin the Reliable Datagram Sockets (RDS) protocol implementation in the Linux \nkernel. The RDS protocol is disabled via blocklist by default in Ubuntu. \nIf enabled, a local attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2019-11815)\n\nIt was discovered that the ext4 file system implementation in the Linux \nkernel did not properly zero out memory in some situations. A local \nattacker could use this to expose sensitive information (kernel memory). \n(CVE-2019-11833)\n\nIt was discovered that the Bluetooth Human Interface Device Protocol (HIDP) \nimplementation in the Linux kernel did not properly verify strings were \nNULL terminated in certain situations. A local attacker could use this to \nexpose sensitive information (kernel memory). (CVE-2019-11884)\n\nIt was discovered that a NULL pointer dereference vulnerabilty existed in \nthe Near-field communication (NFC) implementation in the Linux kernel. An \nattacker could use this to cause a denial of service (system crash). \n(CVE-2019-12818)\n\nIt was discovered that the MDIO bus devices subsystem in the Linux kernel \nimproperly dropped a device reference in an error condition, leading to a \nuse-after-free. An attacker could use this to cause a denial of service \n(system crash). (CVE-2019-12819)\n\nIt was discovered that a NULL pointer dereference vulnerability existed in \nthe Near-field communication (NFC) implementation in the Linux kernel. A \nlocal attacker could use this to cause a denial of service (system crash). \n(CVE-2019-12984)\n\nJann Horn discovered a use-after-free vulnerability in the Linux kernel \nwhen accessing LDT entries in some situations. A local attacker could use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2019-13233)\n\nJann Horn discovered that the ptrace implementation in the Linux kernel did \nnot properly record credentials in some situations. A local attacker could \nuse this to cause a denial of service (system crash) or possibly gain \nadministrative privileges. (CVE-2019-13272)\n\nIt was discovered that the GTCO tablet input driver in the Linux kernel did \nnot properly bounds check the initial HID report sent by the device. A \nphysically proximate attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2019-13631)\n\nIt was discovered that the floppy driver in the Linux kernel did not \nproperly validate meta data, leading to a buffer overread. A local attacker \ncould use this to cause a denial of service (system crash). \n(CVE-2019-14283)\n\nIt was discovered that the floppy driver in the Linux kernel did not \nproperly validate ioctl() calls, leading to a division-by-zero. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2019-14284)\n\nTuba Yavuz discovered that a race condition existed in the DesignWare USB3 \nDRD Controller device driver in the Linux kernel. A physically proximate \nattacker could use this to cause a denial of service. (CVE-2019-14763)\n\nIt was discovered that an out-of-bounds read existed in the QLogic QEDI \niSCSI Initiator Driver in the Linux kernel. A local attacker could possibly \nuse this to expose sensitive information (kernel memory). (CVE-2019-15090)\n\nIt was discovered that the Raremono AM/FM/SW radio device driver in the \nLinux kernel did not properly allocate memory, leading to a use-after-free. \nA physically proximate attacker could use this to cause a denial of service \nor possibly execute arbitrary code. (CVE-2019-15211)\n\nIt was discovered at a double-free error existed in the USB Rio 500 device \ndriver for the Linux kernel. A physically proximate attacker could use this \nto cause a denial of service. (CVE-2019-15212)\n\nIt was discovered that a race condition existed in the Advanced Linux Sound \nArchitecture (ALSA) subsystem of the Linux kernel, leading to a potential \nuse-after-free. A physically proximate attacker could use this to cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2019-15214)\n\nIt was discovered that a race condition existed in the CPiA2 video4linux \ndevice driver for the Linux kernel, leading to a use-after-free. A \nphysically proximate attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2019-15215)\n\nIt was discovered that a race condition existed in the Softmac USB Prism54 \ndevice driver in the Linux kernel. A physically proximate attacker could \nuse this to cause a denial of service (system crash). (CVE-2019-15220)\n\nIt was discovered that a use-after-free vulnerability existed in the \nAppleTalk implementation in the Linux kernel if an error occurs during \ninitialization. A local attacker could use this to cause a denial of \nservice (system crash). (CVE-2019-15292)\n\nIt was discovered that the Empia EM28xx DVB USB device driver \nimplementation in the Linux kernel contained a use-after-free vulnerability \nwhen disconnecting the device. An attacker could use this to cause a denial \nof service (system crash). (CVE-2019-2024)\n\nIt was discovered that the USB video device class implementation in the \nLinux kernel did not properly validate control bits, resulting in an out of \nbounds buffer read. A local attacker could use this to possibly expose \nsensitive information (kernel memory). (CVE-2019-2101)\n\nIt was discovered that the Marvell Wireless LAN device driver in the Linux \nkernel did not properly validate the BSS descriptor. A local attacker could \npossibly use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2019-3846)\n\nJason Wang discovered that an infinite loop vulnerability existed in the \nvirtio net driver in the Linux kernel. A local attacker in a guest VM could \npossibly use this to cause a denial of service in the host system. \n(CVE-2019-3900)\n\nDaniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered \nthat the Bluetooth protocol BR/EDR specification did not properly require \nsufficiently strong encryption key lengths. A physically proximate attacker \ncould use this to expose sensitive information. (CVE-2019-9506)\n\nIt was discovered that the Appletalk IP encapsulation driver in the Linux \nkernel did not properly prevent kernel addresses from being copied to user \nspace. A local attacker with the CAP_NET_ADMIN capability could use this to \nexpose sensitive information. (CVE-2018-20511)\n\nIt was discovered that a race condition existed in the USB YUREX device \ndriver in the Linux kernel. A physically proximate attacker could use this \nto cause a denial of service (system crash). (CVE-2019-15216)\n\nIt was discovered that the Siano USB MDTV receiver device driver in the \nLinux kernel made improper assumptions about the device characteristics. A \nphysically proximate attacker could use this cause a denial of service \n(system crash). (CVE-2019-15218)\n\nIt was discovered that the Line 6 POD USB device driver in the Linux kernel \ndid not properly validate data size information from the device. A \nphysically proximate attacker could use this to cause a denial of service \n(system crash). (CVE-2019-15221)\n\nMuyu Yu discovered that the CAN implementation in the Linux kernel in some \nsituations did not properly restrict the field size when processing \noutgoing frames. A local attacker with CAP_NET_ADMIN privileges could use \nthis to execute arbitrary code. (CVE-2019-3701)\n\nVladis Dronov discovered that the debug interface for the Linux kernel's \nHID subsystem did not properly validate passed parameters in some \nsituations. A local privileged attacker could use this to cause a denial of \nservice (infinite loop). (CVE-2019-3819)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-09-02T00:00:00", "type": "ubuntu", "title": "Linux kernel (AWS) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-19985", "CVE-2018-14610", "CVE-2019-14763", "CVE-2018-13053", "CVE-2019-15216", "CVE-2019-10639", "CVE-2018-14612", "CVE-2019-12984", "CVE-2019-15220", "CVE-2019-15215", "CVE-2019-11884", "CVE-2019-15214", "CVE-2018-13099", "CVE-2019-15090", "CVE-2019-15292", "CVE-2019-11487", "CVE-2019-10638", "CVE-2019-13272", "CVE-2019-3701", "CVE-2018-20169", "CVE-2018-14616", "CVE-2019-10207", "CVE-2019-11833", "CVE-2018-20511", "CVE-2019-12819", "CVE-2019-15221", "CVE-2019-15212", "CVE-2018-20784", "CVE-2018-5383", "CVE-2019-11085", "CVE-2019-13233", "CVE-2019-3900", "CVE-2019-11599", "CVE-2019-12818", "CVE-2018-13096", "CVE-2019-10126", "CVE-2019-2101", "CVE-2019-11810", "CVE-2018-13093", "CVE-2018-13097", "CVE-2019-3819", "CVE-2019-14284", "CVE-2019-2024", "CVE-2019-3846", "CVE-2018-13098", "CVE-2018-14609", "CVE-2018-20856", "CVE-2019-15211", "CVE-2018-14614", "CVE-2019-13631", "CVE-2018-14611", "CVE-2018-13100", "CVE-2019-14283", "CVE-2019-11815", "CVE-2019-15218", "CVE-2018-14617", "CVE-2019-9506", "CVE-2018-14615", "CVE-2019-0136", "CVE-2018-16862", "CVE-2018-14613"], "modified": "2019-09-02T00:00:00", "id": "USN-4118-1", "href": "https://ubuntu.com/security/notices/USN-4118-1", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2022-03-24T21:42:59", "description": "Zhipeng Xie discovered that an infinite loop could be triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784)\n\nNicolas Waisman discovered that the WiFi driver stack in the Linux kernel did not properly validate SSID lengths. A physically proximate attacker could use this to cause a denial of service (system crash).\n(CVE-2019-17133)\n\nNicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux kernel performed DMA from a kernel stack. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-17075).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-12-03T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon (USN-4211-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20784", "CVE-2019-17075", "CVE-2019-17133"], "modified": "2019-12-09T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "cpe:/o:canonical:ubuntu_linux:16.04"], "id": "UBUNTU_USN-4211-1.NASL", "href": "https://www.tenable.com/plugins/nessus/131565", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4211-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131565);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/09\");\n\n script_cve_id(\"CVE-2018-20784\", \"CVE-2019-17075\", \"CVE-2019-17133\");\n script_xref(name:\"USN\", value:\"4211-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon (USN-4211-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Zhipeng Xie discovered that an infinite loop could be triggered in the\nCFS Linux kernel process scheduler. A local attacker could possibly\nuse this to cause a denial of service. (CVE-2018-20784)\n\nNicolas Waisman discovered that the WiFi driver stack in the Linux\nkernel did not properly validate SSID lengths. A physically proximate\nattacker could use this to cause a denial of service (system crash).\n(CVE-2019-17133)\n\nNicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the\nLinux kernel performed DMA from a kernel stack. A local attacker could\nuse this to cause a denial of service (system crash). (CVE-2019-17075).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4211-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-snapdragon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-20784\", \"CVE-2019-17075\", \"CVE-2019-17133\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-4211-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1063-kvm\", pkgver:\"4.4.0-1063.70\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1099-aws\", pkgver:\"4.4.0-1099.110\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1126-raspi2\", pkgver:\"4.4.0-1126.135\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-1130-snapdragon\", pkgver:\"4.4.0-1130.138\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-170-generic\", pkgver:\"4.4.0-170.199\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-170-generic-lpae\", pkgver:\"4.4.0-170.199\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.4.0-170-lowlatency\", pkgver:\"4.4.0-170.199\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-aws\", pkgver:\"4.4.0.1099.103\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic\", pkgver:\"4.4.0.170.178\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.4.0.170.178\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-kvm\", pkgver:\"4.4.0.1063.63\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.4.0.170.178\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.4.0.1126.126\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-snapdragon\", pkgver:\"4.4.0.1130.122\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual\", pkgver:\"4.4.0.170.178\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.4-aws / linux-image-4.4-generic / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-16T15:07:32", "description": "An update for kernel-rt is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es) :\n\n* kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation (CVE-2019-11085)\n\n* kernel: DMA attack using peripheral devices (Thunderclap) (BZ#1690716)\n\n* kernel: infinite loop in update_blocked_averages() in kernel/sched/fair.c leading to denial of service (CVE-2018-20784)\n\n* kernel: a NULL pointer dereference in drivers/scsi/megaraid/ megaraid_sas_base.c leading to DoS (CVE-2019-11810)\n\n* kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* kernel-rt: update to the RHEL8.0.z batch#2 source tree (BZ#1717516)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel-rt (RHSA-2019:1971)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20784", "CVE-2019-11085", "CVE-2019-11810", "CVE-2019-11811"], "modified": "2021-02-01T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra", "cpe:/o:redhat:enterprise_linux:8"], "id": "REDHAT-RHSA-2019-1971.NASL", "href": "https://www.tenable.com/plugins/nessus/127641", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1971. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127641);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/01\");\n\n script_cve_id(\"CVE-2018-20784\", \"CVE-2019-11085\", \"CVE-2019-11810\", \"CVE-2019-11811\");\n script_xref(name:\"RHSA\", value:\"2019:1971\");\n\n script_name(english:\"RHEL 8 : kernel-rt (RHSA-2019:1971)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for kernel-rt is now available for Red Hat Enterprise Linux\n8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel-rt packages provide the Real Time Linux Kernel, which\nenables fine-tuning for systems with extremely high determinism\nrequirements.\n\nSecurity Fix(es) :\n\n* kernel: insufficient input validation in kernel mode driver in Intel\ni915 graphics leads to privilege escalation (CVE-2019-11085)\n\n* kernel: DMA attack using peripheral devices (Thunderclap)\n(BZ#1690716)\n\n* kernel: infinite loop in update_blocked_averages() in\nkernel/sched/fair.c leading to denial of service (CVE-2018-20784)\n\n* kernel: a NULL pointer dereference in drivers/scsi/megaraid/\nmegaraid_sas_base.c leading to DoS (CVE-2019-11810)\n\n* kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c,\nipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* kernel-rt: update to the RHEL8.0.z batch#2 source tree (BZ#1717516)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1971\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-20784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11811\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20784\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-20784\", \"CVE-2019-11085\", \"CVE-2019-11810\", \"CVE-2019-11811\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:1971\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1971\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-4.18.0-80.7.1.rt9.153.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-core-4.18.0-80.7.1.rt9.153.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debug-4.18.0-80.7.1.rt9.153.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debug-core-4.18.0-80.7.1.rt9.153.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debug-debuginfo-4.18.0-80.7.1.rt9.153.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debug-devel-4.18.0-80.7.1.rt9.153.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-4.18.0-80.7.1.rt9.153.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debug-kvm-debuginfo-4.18.0-80.7.1.rt9.153.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debug-modules-4.18.0-80.7.1.rt9.153.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debug-modules-extra-4.18.0-80.7.1.rt9.153.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-4.18.0-80.7.1.rt9.153.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-common-x86_64-4.18.0-80.7.1.rt9.153.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-devel-4.18.0-80.7.1.rt9.153.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-4.18.0-80.7.1.rt9.153.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-kvm-debuginfo-4.18.0-80.7.1.rt9.153.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-modules-4.18.0-80.7.1.rt9.153.el8_0\")) flag++;\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-rt-modules-extra-4.18.0-80.7.1.rt9.153.el8_0\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-16T15:04:43", "description": "An update for kernel is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation (CVE-2019-11085)\n\n* kernel: DMA attack using peripheral devices (Thunderclap) (BZ#1690716)\n\n* kernel: infinite loop in update_blocked_averages() in kernel/sched/fair.c leading to denial of service (CVE-2018-20784)\n\n* kernel: a NULL pointer dereference in drivers/scsi/megaraid/ megaraid_sas_base.c leading to DoS (CVE-2019-11810)\n\n* kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* [DELL 8.0 z-stream BUG] - 'CPU unsupported' message with CFL-H/S 8+2 due to updated Stepping (BZ#1711048)\n\n* RHEL8.0 Snapshot4 - [LTC Test] Guest crashes during vfio device hot-plug/ un-plug operations. (kvm) (BZ#1714746)\n\n* Using Transactional Memory (TM) in a Guest Locks-up Host Core on a Power9 System (BZ#1714751)\n\n* VRSAVE register not properly saved and restored (BZ#1714753)\n\n* Fix potential spectre gadget in arch/s390/kvm/interrupt.c (BZ#1714754)\n\n* RHEL8.0 RC2 - kernel/KVM - count cache flush Spectre v2 mitigation (required for POWER9 DD2.3) (BZ#1715018)\n\n* iommu/amd: Set exclusion range correctly (BZ#1715336)\n\n* RHEL8.0 - sched/fair: Do not re-read ->h_load_next during hierarchical load calculation (BZ#1715337)\n\n* cross compile builds are broken (BZ#1715339)\n\n* Patch generated by 'make rh-test-patch' doesn't get applied during build (BZ#1715340)\n\n* hard lockup panic in during execution of CFS bandwidth period timer (BZ# 1715345)\n\n* perf annotate -P does not give full paths (BZ#1716887)\n\n* [Dell EMC 8.0 BUG] File system corrupting with I/O Stress on H330 PERC on AMD Systems if IOMMU passthrough is disabled (BZ#1717344)\n\n* Fix Spectre v1 gadgets in drivers/gpu/drm/drm_bufs.c and drivers/gpu/drm/ drm_ioctl.c (BZ#1717382)\n\n* BUG: SELinux doesn't handle NFS crossmnt well (BZ#1717777)\n\n* krb5{,i,p} doesn't work with older enctypes on aarch64 (BZ#1717800)\n\n* [RHEL-8.0][s390x]ltp-lite mtest06 testing hits EWD due to: rcu:\nINFO: rcu_sched self-detected stall on CPU (BZ#1717801)\n\n* RHEL 8 Snapshot-6: CN1200E SW iSCSI I/O performance degradation after a SCSI device/target reset rhel-8.0.0.z] (BZ#1717804)\n\n* dm cache metadata: Fix loading discard bitset (BZ#1717868)\n\n* jit'd java code on power9 ppc64le experiences stack corruption (BZ#1717869)\n\n* BUG: connect(AF_UNSPEC, ...) on a connected socket returns an error (BZ# 1717870)\n\n* mm: BUG: unable to handle kernel paging request at 0000000057ac6e9d (BZ# 1718237)\n\n* [HPE 8.0 BUG] DCPMM fsdax boot initialization takes a long time causing auto-mount to fail (BZ#1719635)\n\n* AMD Rome: WARNING: CPU: 1 PID: 0 at arch/x86/kernel/cpu/mcheck/mce.c:1510 mcheck_cpu_init+0x7a/0x460 (BZ#1721233)\n\n* [RHEL8.1] AMD Rome: EDAC amd64: Error: F0 not found, device 0x1460 (broken BIOS?) (BZ#1722365)\n\n* AMD Rome: Intermittent NMI received for unknown reason (BZ#1722367)\n\n* [DELL 8.0 BUG] - 'CPU unsupported' message with WHL-U due to updated Stepping (BZ#1722372)\n\nEnhancement(s) :\n\n* RHEL 8 - AMD Rome Support (BZ#1721972)\n\nUsers of kernel are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-12T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel (RHSA-2019:1959)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20784", "CVE-2019-11085", "CVE-2019-11810", "CVE-2019-11811"], "modified": "2021-02-01T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:bpftool-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-core", "p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:python3-perf", "p-cpe:/a:redhat:enterprise_linux:python3-perf-debuginfo", "cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:enterprise_linux:8.0"], "id": "REDHAT-RHSA-2019-1959.NASL", "href": "https://www.tenable.com/plugins/nessus/127637", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2019:1959. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(127637);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/01\");\n\n script_cve_id(\"CVE-2018-20784\", \"CVE-2019-11085\", \"CVE-2019-11810\", \"CVE-2019-11811\");\n script_xref(name:\"RHSA\", value:\"2019:1959\");\n\n script_name(english:\"RHEL 8 : kernel (RHSA-2019:1959)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* kernel: insufficient input validation in kernel mode driver in Intel\ni915 graphics leads to privilege escalation (CVE-2019-11085)\n\n* kernel: DMA attack using peripheral devices (Thunderclap)\n(BZ#1690716)\n\n* kernel: infinite loop in update_blocked_averages() in\nkernel/sched/fair.c leading to denial of service (CVE-2018-20784)\n\n* kernel: a NULL pointer dereference in drivers/scsi/megaraid/\nmegaraid_sas_base.c leading to DoS (CVE-2019-11810)\n\n* kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c,\nipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, acknowledgments, and other related information, refer to\nthe CVE page(s) listed in the References section.\n\nBug Fix(es) :\n\n* [DELL 8.0 z-stream BUG] - 'CPU unsupported' message with CFL-H/S 8+2\ndue to updated Stepping (BZ#1711048)\n\n* RHEL8.0 Snapshot4 - [LTC Test] Guest crashes during vfio device\nhot-plug/ un-plug operations. (kvm) (BZ#1714746)\n\n* Using Transactional Memory (TM) in a Guest Locks-up Host Core on a\nPower9 System (BZ#1714751)\n\n* VRSAVE register not properly saved and restored (BZ#1714753)\n\n* Fix potential spectre gadget in arch/s390/kvm/interrupt.c\n(BZ#1714754)\n\n* RHEL8.0 RC2 - kernel/KVM - count cache flush Spectre v2 mitigation\n(required for POWER9 DD2.3) (BZ#1715018)\n\n* iommu/amd: Set exclusion range correctly (BZ#1715336)\n\n* RHEL8.0 - sched/fair: Do not re-read ->h_load_next during\nhierarchical load calculation (BZ#1715337)\n\n* cross compile builds are broken (BZ#1715339)\n\n* Patch generated by 'make rh-test-patch' doesn't get applied during\nbuild (BZ#1715340)\n\n* hard lockup panic in during execution of CFS bandwidth period timer\n(BZ# 1715345)\n\n* perf annotate -P does not give full paths (BZ#1716887)\n\n* [Dell EMC 8.0 BUG] File system corrupting with I/O Stress on H330\nPERC on AMD Systems if IOMMU passthrough is disabled (BZ#1717344)\n\n* Fix Spectre v1 gadgets in drivers/gpu/drm/drm_bufs.c and\ndrivers/gpu/drm/ drm_ioctl.c (BZ#1717382)\n\n* BUG: SELinux doesn't handle NFS crossmnt well (BZ#1717777)\n\n* krb5{,i,p} doesn't work with older enctypes on aarch64 (BZ#1717800)\n\n* [RHEL-8.0][s390x]ltp-lite mtest06 testing hits EWD due to: rcu:\nINFO: rcu_sched self-detected stall on CPU (BZ#1717801)\n\n* RHEL 8 Snapshot-6: CN1200E SW iSCSI I/O performance degradation\nafter a SCSI device/target reset rhel-8.0.0.z] (BZ#1717804)\n\n* dm cache metadata: Fix loading discard bitset (BZ#1717868)\n\n* jit'd java code on power9 ppc64le experiences stack corruption\n(BZ#1717869)\n\n* BUG: connect(AF_UNSPEC, ...) on a connected socket returns an error\n(BZ# 1717870)\n\n* mm: BUG: unable to handle kernel paging request at 0000000057ac6e9d\n(BZ# 1718237)\n\n* [HPE 8.0 BUG] DCPMM fsdax boot initialization takes a long time\ncausing auto-mount to fail (BZ#1719635)\n\n* AMD Rome: WARNING: CPU: 1 PID: 0 at\narch/x86/kernel/cpu/mcheck/mce.c:1510 mcheck_cpu_init+0x7a/0x460\n(BZ#1721233)\n\n* [RHEL8.1] AMD Rome: EDAC amd64: Error: F0 not found, device 0x1460\n(broken BIOS?) (BZ#1722365)\n\n* AMD Rome: Intermittent NMI received for unknown reason (BZ#1722367)\n\n* [DELL 8.0 BUG] - 'CPU unsupported' message with WHL-U due to updated\nStepping (BZ#1722372)\n\nEnhancement(s) :\n\n* RHEL 8 - AMD Rome Support (BZ#1721972)\n\nUsers of kernel are advised to upgrade to these updated packages,\nwhich fix these bugs and add this enhancement.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2019:1959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-20784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11085\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2019-11811\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20784\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/02/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 8.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-20784\", \"CVE-2019-11085\", \"CVE-2019-11810\", \"CVE-2019-11811\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2019:1959\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2019:1959\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bpftool-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bpftool-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"bpftool-debuginfo-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"bpftool-debuginfo-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"bpftool-debuginfo-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", reference:\"kernel-abi-whitelists-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-core-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-core-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-cross-headers-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-cross-headers-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debug-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debug-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debug-core-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debug-core-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"kernel-debug-debuginfo-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debug-devel-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debug-devel-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debug-modules-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debug-modules-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debug-modules-extra-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debug-modules-extra-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"kernel-debuginfo-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debuginfo-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debuginfo-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"kernel-debuginfo-common-aarch64-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-devel-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-devel-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", reference:\"kernel-doc-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-headers-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-headers-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-modules-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-modules-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-modules-extra-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-modules-extra-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-tools-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-tools-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"kernel-tools-debuginfo-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-tools-debuginfo-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-tools-debuginfo-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"kernel-tools-libs-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"kernel-tools-libs-devel-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"x86_64\", reference:\"kernel-tools-libs-devel-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-zfcpdump-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-zfcpdump-core-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-zfcpdump-devel-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-zfcpdump-modules-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"kernel-zfcpdump-modules-extra-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"perf-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"perf-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"perf-debuginfo-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"perf-debuginfo-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"perf-debuginfo-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"python3-perf-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"python3-perf-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", sp:\"0\", cpu:\"aarch64\", reference:\"python3-perf-debuginfo-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"s390x\", reference:\"python3-perf-debuginfo-4.18.0-80.7.1.el8_0\")) flag++;\n\n if (rpm_check(release:\"RHEL8\", cpu:\"x86_64\", reference:\"python3-perf-debuginfo-4.18.0-80.7.1.el8_0\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / kernel-abi-whitelists / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-06T12:54:08", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:1959 advisory.\n\n - kernel: infinite loop in update_blocked_averages() in kernel/sched/fair.c leading to denial of service (CVE-2018-20784)\n\n - kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation (CVE-2019-11085)\n\n - kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS (CVE-2019-11810)\n\n - kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-01-29T00:00:00", "type": "nessus", "title": "CentOS 8 : kernel (CESA-2019:1959)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20784", "CVE-2019-11085", "CVE-2019-11810", "CVE-2019-11811"], "modified": "2021-03-23T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-core", "p-cpe:/a:centos:centos:kernel-cross-headers", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-core", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-debug-modules", "p-cpe:/a:centos:centos:kernel-debug-modules-extra", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-modules", "p-cpe:/a:centos:centos:kernel-modules-extra", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python3-perf"], "id": "CENTOS8_RHSA-2019-1959.NASL", "href": "https://www.tenable.com/plugins/nessus/145675", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2019:1959. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145675);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/23\");\n\n script_cve_id(\n \"CVE-2018-20784\",\n \"CVE-2019-11085\",\n \"CVE-2019-11810\",\n \"CVE-2019-11811\"\n );\n script_bugtraq_id(\n 107138,\n 108286,\n 108410,\n 108488\n );\n script_xref(name:\"RHSA\", value:\"2019:1959\");\n\n script_name(english:\"CentOS 8 : kernel (CESA-2019:1959)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2019:1959 advisory.\n\n - kernel: infinite loop in update_blocked_averages() in kernel/sched/fair.c leading to denial of service\n (CVE-2018-20784)\n\n - kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege\n escalation (CVE-2019-11085)\n\n - kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS\n (CVE-2019-11810)\n\n - kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c\n (CVE-2019-11811)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2019:1959\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20784\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2018-20784', 'CVE-2019-11085', 'CVE-2019-11810', 'CVE-2019-11811');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for CESA-2019:1959');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'reference':'bpftool-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-core / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-16T15:05:17", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-1959 advisory.\n\n - An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c.\n This causes a Denial of Service, related to a use-after-free. (CVE-2019-11810)\n\n - Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.\n (CVE-2019-11085)\n\n - An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c, drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)\n\n - In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load. (CVE-2018-20784)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-20T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : kernel (ELSA-2019-1959)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20784", "CVE-2019-11085", "CVE-2019-11810", "CVE-2019-11811"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-core", "p-cpe:/a:oracle:linux:kernel-cross-headers", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-core", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-debug-modules", "p-cpe:/a:oracle:linux:kernel-debug-modules-extra", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-modules", "p-cpe:/a:oracle:linux:kernel-modules-extra", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python3-perf"], "id": "ORACLELINUX_ELSA-2019-1959.NASL", "href": "https://www.tenable.com/plugins/nessus/127976", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2019-1959.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(127976);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2018-20784\",\n \"CVE-2019-11085\",\n \"CVE-2019-11810\",\n \"CVE-2019-11811\"\n );\n script_xref(name:\"RHSA\", value:\"2019:1959\");\n\n script_name(english:\"Oracle Linux 8 : kernel (ELSA-2019-1959)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2019-1959 advisory.\n\n - An issue was discovered in the Linux kernel before 5.0.7. A NULL pointer dereference can occur when\n megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c.\n This causes a Denial of Service, related to a use-after-free. (CVE-2019-11810)\n\n - Insufficient input validation in Kernel Mode Driver in Intel(R) i915 Graphics for Linux before version 5.0\n may allow an authenticated user to potentially enable escalation of privilege via local access.\n (CVE-2019-11085)\n\n - An issue was discovered in the Linux kernel before 5.0.4. There is a use-after-free upon attempted read\n access to /proc/ioports after the ipmi_si module is removed, related to drivers/char/ipmi/ipmi_si_intf.c,\n drivers/char/ipmi/ipmi_si_mem_io.c, and drivers/char/ipmi/ipmi_si_port_io.c. (CVE-2019-11811)\n\n - In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to\n cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other\n impact by inducing a high load. (CVE-2018-20784)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2019-1959.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20784\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/12/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.18.0-80.7.1.el8_0'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2019-1959');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.18';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-4.18.0'},\n {'reference':'kernel-abi-whitelists-4.18.0-80.7.1.el8_0', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-4.18.0'},\n {'reference':'kernel-core-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-core-4.18.0'},\n {'reference':'kernel-cross-headers-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-cross-headers-4.18.0'},\n {'reference':'kernel-debug-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-4.18.0'},\n {'reference':'kernel-debug-core-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-core-4.18.0'},\n {'reference':'kernel-debug-devel-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-4.18.0'},\n {'reference':'kernel-debug-modules-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-4.18.0'},\n {'reference':'kernel-debug-modules-extra-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-extra-4.18.0'},\n {'reference':'kernel-devel-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-4.18.0'},\n {'reference':'kernel-headers-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-4.18.0'},\n {'reference':'kernel-modules-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-4.18.0'},\n {'reference':'kernel-modules-extra-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-extra-4.18.0'},\n {'reference':'kernel-tools-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-4.18.0'},\n {'reference':'kernel-tools-libs-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-4.18.0'},\n {'reference':'kernel-tools-libs-devel-4.18.0-80.7.1.el8_0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-4.18.0'},\n {'reference':'kernel-tools-libs-devel-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-4.18.0'},\n {'reference':'perf-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-80.7.1.el8_0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-07T00:43:20", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - Array index error in the tcm_vhost_make_tpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl call. NOTE: the affected function was renamed to vhost_scsi_make_tpg before the vulnerability was announced.(CVE-2015-4036i1/4%0\n\n - The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message.(CVE-2016-4485i1/4%0\n\n - The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.(CVE-2013-7269i1/4%0\n\n - The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.(CVE-2016-3136i1/4%0\n\n - An out-of-bounds memory access flaw, CVE-2014-7825, was found in the syscall tracing functionality of the Linux kernel's perf subsystem. A local, unprivileged user could use this flaw to crash the system. Additionally, an out-of-bounds memory access flaw, CVE-2014-7826, was found in the syscall tracing functionality of the Linux kernel's ftrace subsystem. On a system with ftrace syscall tracing enabled, a local, unprivileged user could use this flaw to crash the system, or escalate their privileges.(CVE-2014-7826i1/4%0\n\n - Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to a null pointer dereference flaw. It could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS.(CVE-2016-8630i1/4%0\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.(CVE-2018-10881i1/4%0\n\n - The arch_timer_reg_read_stable macro in arch/arm64/include/asm/arch_timer.h in the Linux kernel before 4.13 allows local users to cause a denial of service (infinite recursion) by writing to a file under /sys/kernel/debug in certain circumstances, as demonstrated by a scenario involving debugfs, ftrace, PREEMPT_TRACER, and FUNCTION_GRAPH_TRACER.(CVE-2017-18261i1/4%0\n\n - The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets.(CVE-2014-2309i1/4%0\n\n - In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load.(CVE-2018-20784i1/4%0\n\n - An issue was discovered in the F2FS filesystem code in fs/f2fs/inline.c in the Linux kernel. A denial of service due to the out-of-bounds memory access can occur for a modified f2fs filesystem image.(CVE-2018-13099i1/4%0\n\n - An out-of-bounds write vulnerability was found in the Linux kernel's vmw_surface_define_ioctl() function, in the 'drivers/gpu/drm/vmwgfx/vmwgfx_surface.c' file. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2017-7294i1/4%0\n\n - A flaw was found in the way the Linux kernel's KVM subsystem handled non-canonical addresses when emulating instructions that change the RIP (for example, branches or calls). A guest user with access to an I/O or MMIO region could use this flaw to crash the guest.(CVE-2014-3647i1/4%0\n\n - The __munlock_pagevec function in mm/mlock.c in the Linux kernel, before 4.11.4, allows local users to cause a denial of service (NR_MLOCK accounting corruption) via crafted use of mlockall and munlockall system calls.(CVE-2017-18221i1/4%0\n\n - ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2018-1120i1/4%0\n\n - The proc_connectinfo() function in 'drivers/usb/core/devio.c' in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted USBDEVFS_CONNECTINFO ioctl call. The stack object 'ci' has a total size of 8 bytes. Its last 3 bytes are padding bytes which are not initialized and are leaked to userland.(CVE-2016-4482i1/4%0\n\n - A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shash_async_export() by attempting to force the in-kernel hashing algorithms into decrypting an empty data set.(CVE-2016-8646i1/4%0\n\n - An issue was discovered in the btrfs filesystem code in the Linux kernel. An invalid NULL pointer dereference in btrfs_root_node() when mounting a crafted btrfs image is due to a lack of chunk block group mapping validation in btrfs_read_block_groups() in the fs/btrfs/extent-tree.c function and a lack of empty-tree checks in check_leaf() in fs/btrfs/tree-checker.c function. This could lead to a system crash and a denial of service.(CVE-2018-14612i1/4%0\n\n - It was found that the Linux kernel's TCP/IP protocol suite implementation for IPv6 allowed the Hop Limit value to be set to a smaller value than the default one. An attacker on a local network could use this flaw to prevent systems on that network from sending or receiving network packets.(CVE-2015-2922i1/4%0\n\n - A NULL-pointer dereference flaw was found in the kernel, which is caused by a race between revoking a user-type key and reading from it. The issue could be triggered by an unprivileged user with a local account, causing the kernel to crash (denial of service).(CVE-2015-7550i1/4%0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1520)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-7269", "CVE-2014-2309", "CVE-2014-3647", "CVE-2014-7826", "CVE-2015-2922", "CVE-2015-4036", "CVE-2015-7550", "CVE-2016-3136", "CVE-2016-4482", "CVE-2016-4485", "CVE-2016-8630", "CVE-2016-8646", "CVE-2017-18221", "CVE-2017-18261", "CVE-2017-7294", "CVE-2018-10881", "CVE-2018-1120", "CVE-2018-13099", "CVE-2018-14612", "CVE-2018-20784"], "modified": "2021-02-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1520.NASL", "href": "https://www.tenable.com/plugins/nessus/124973", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124973);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/08\");\n\n script_cve_id(\n \"CVE-2013-7269\",\n \"CVE-2014-2309\",\n \"CVE-2014-3647\",\n \"CVE-2014-7826\",\n \"CVE-2015-2922\",\n \"CVE-2015-4036\",\n \"CVE-2015-7550\",\n \"CVE-2016-3136\",\n \"CVE-2016-4482\",\n \"CVE-2016-4485\",\n \"CVE-2016-8630\",\n \"CVE-2016-8646\",\n \"CVE-2017-18221\",\n \"CVE-2017-18261\",\n \"CVE-2017-7294\",\n \"CVE-2018-10881\",\n \"CVE-2018-1120\",\n \"CVE-2018-13099\",\n \"CVE-2018-14612\",\n \"CVE-2018-20784\"\n );\n script_bugtraq_id(\n 64742,\n 66095,\n 70748,\n 70971,\n 74315,\n 74664\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1520)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - Array index error in the tcm_vhost_make_tpg function in\n drivers/vhost/scsi.c in the Linux kernel before 4.0\n might allow guest OS users to cause a denial of service\n (memory corruption) or possibly have unspecified other\n impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl\n call. NOTE: the affected function was renamed to\n vhost_scsi_make_tpg before the vulnerability was\n announced.(CVE-2015-4036i1/4%0\n\n - The llc_cmsg_rcv function in net/llc/af_llc.c in the\n Linux kernel before 4.5.5 does not initialize a certain\n data structure, which allows attackers to obtain\n sensitive information from kernel stack memory by\n reading a message.(CVE-2016-4485i1/4%0\n\n - The nr_recvmsg function in net/netrom/af_netrom.c in\n the Linux kernel before 3.12.4 updates a certain length\n value without ensuring that an associated data\n structure has been initialized, which allows local\n users to obtain sensitive information from kernel\n memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg\n system call.(CVE-2013-7269i1/4%0\n\n - The mct_u232_msr_to_state function in\n drivers/usb/serial/mct_u232.c in the Linux kernel\n before 4.5.1 allows physically proximate attackers to\n cause a denial of service (NULL pointer dereference and\n system crash) via a crafted USB device without two\n interrupt-in endpoint descriptors.(CVE-2016-3136i1/4%0\n\n - An out-of-bounds memory access flaw, CVE-2014-7825, was\n found in the syscall tracing functionality of the Linux\n kernel's perf subsystem. A local, unprivileged user\n could use this flaw to crash the system. Additionally,\n an out-of-bounds memory access flaw, CVE-2014-7826, was\n found in the syscall tracing functionality of the Linux\n kernel's ftrace subsystem. On a system with ftrace\n syscall tracing enabled, a local, unprivileged user\n could use this flaw to crash the system, or escalate\n their privileges.(CVE-2014-7826i1/4%0\n\n - Linux kernel built with the Kernel-based Virtual\n Machine (CONFIG_KVM) support is vulnerable to a null\n pointer dereference flaw. It could occur on x86\n platform, when emulating an undefined instruction. An\n attacker could use this flaw to crash the host kernel\n resulting in DoS.(CVE-2016-8630i1/4%0\n\n - A flaw was found in the Linux kernel's ext4 filesystem.\n A local user can cause an out-of-bound access in\n ext4_get_group_info function, a denial of service, and\n a system crash by mounting and operating on a crafted\n ext4 filesystem image.(CVE-2018-10881i1/4%0\n\n - The arch_timer_reg_read_stable macro in\n arch/arm64/include/asm/arch_timer.h in the Linux kernel\n before 4.13 allows local users to cause a denial of\n service (infinite recursion) by writing to a file under\n /sys/kernel/debug in certain circumstances, as\n demonstrated by a scenario involving debugfs, ftrace,\n PREEMPT_TRACER, and\n FUNCTION_GRAPH_TRACER.(CVE-2017-18261i1/4%0\n\n - The ip6_route_add function in net/ipv6/route.c in the\n Linux kernel through 3.13.6 does not properly count the\n addition of routes, which allows remote attackers to\n cause a denial of service (memory consumption) via a\n flood of ICMPv6 Router Advertisement\n packets.(CVE-2014-2309i1/4%0\n\n - In the Linux kernel before 4.20.2, kernel/sched/fair.c\n mishandles leaf cfs_rq's, which allows attackers to\n cause a denial of service (infinite loop in\n update_blocked_averages) or possibly have unspecified\n other impact by inducing a high load.(CVE-2018-20784i1/4%0\n\n - An issue was discovered in the F2FS filesystem code in\n fs/f2fs/inline.c in the Linux kernel. A denial of\n service due to the out-of-bounds memory access can\n occur for a modified f2fs filesystem\n image.(CVE-2018-13099i1/4%0\n\n - An out-of-bounds write vulnerability was found in the\n Linux kernel's vmw_surface_define_ioctl() function, in\n the 'drivers/gpu/drm/vmwgfx/vmwgfx_surface.c' file. Due\n to the nature of the flaw, privilege escalation cannot\n be fully ruled out, although we believe it is\n unlikely.(CVE-2017-7294i1/4%0\n\n - A flaw was found in the way the Linux kernel's KVM\n subsystem handled non-canonical addresses when\n emulating instructions that change the RIP (for\n example, branches or calls). A guest user with access\n to an I/O or MMIO region could use this flaw to crash\n the guest.(CVE-2014-3647i1/4%0\n\n - The __munlock_pagevec function in mm/mlock.c in the\n Linux kernel, before 4.11.4, allows local users to\n cause a denial of service (NR_MLOCK accounting\n corruption) via crafted use of mlockall and munlockall\n system calls.(CVE-2017-18221i1/4%0\n\n - ** RESERVED ** This candidate has been reserved by an\n organization or individual that will use it when\n announcing a new security problem. When the candidate\n has been publicized, the details for this candidate\n will be provided.(CVE-2018-1120i1/4%0\n\n - The proc_connectinfo() function in\n 'drivers/usb/core/devio.c' in the Linux kernel through\n 4.6 does not initialize a certain data structure, which\n allows local users to obtain sensitive information from\n kernel stack memory via a crafted USBDEVFS_CONNECTINFO\n ioctl call. The stack object 'ci' has a total size of 8\n bytes. Its last 3 bytes are padding bytes which are not\n initialized and are leaked to\n userland.(CVE-2016-4482i1/4%0\n\n - A vulnerability was found in the Linux kernel. An\n unprivileged local user could trigger oops in\n shash_async_export() by attempting to force the\n in-kernel hashing algorithms into decrypting an empty\n data set.(CVE-2016-8646i1/4%0\n\n - An issue was discovered in the btrfs filesystem code in\n the Linux kernel. An invalid NULL pointer dereference\n in btrfs_root_node() when mounting a crafted btrfs\n image is due to a lack of chunk block group mapping\n validation in btrfs_read_block_groups() in the\n fs/btrfs/extent-tree.c function and a lack of\n empty-tree checks in check_leaf() in\n fs/btrfs/tree-checker.c function. This could lead to a\n system crash and a denial of service.(CVE-2018-14612i1/4%0\n\n - It was found that the Linux kernel's TCP/IP protocol\n suite implementation for IPv6 allowed the Hop Limit\n value to be set to a smaller value than the default\n one. An attacker on a local network could use this flaw\n to prevent systems on that network from sending or\n receiving network packets.(CVE-2015-2922i1/4%0\n\n - A NULL-pointer dereference flaw was found in the\n kernel, which is caused by a race between revoking a\n user-type key and reading from it. The issue could be\n triggered by an unprivileged user with a local account,\n causing the kernel to crash (denial of\n service).(CVE-2015-7550i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1520\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f904a7a8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.28-1.2.117\",\n \"kernel-devel-4.19.28-1.2.117\",\n \"kernel-headers-4.19.28-1.2.117\",\n \"kernel-tools-4.19.28-1.2.117\",\n \"kernel-tools-libs-4.19.28-1.2.117\",\n \"kernel-tools-libs-devel-4.19.28-1.2.117\",\n \"perf-4.19.28-1.2.117\",\n \"python-perf-4.19.28-1.2.117\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-04-04T14:21:16", "description": "Hui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19985)\n\nZhipeng Xie discovered that an infinite loop could triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784)\n\nIt was discovered that the Intel wifi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (wifi disconnect). (CVE-2019-0136)\n\nIt was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207)\n\nAmit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. (CVE-2019-10638)\n\nAmit Klein and Benny Pinkas discovered that the location of kernel addresses could exposed by the implementation of connection-less network protocols in the Linux kernel. A remote attacker could possibly use this to assist in the exploitation of another vulnerability in the Linux kernel. (CVE-2019-10639)\n\nIt was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487)\n\nJann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information.\n(CVE-2019-11599)\n\nIt was discovered that a NULL pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash).\n(CVE-2019-11810)\n\nIt was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2019-13631)\n\nPraveen Pandey discovered that the Linux kernel did not properly validate sent signals in some situations on PowerPC systems with transactional memory disabled. A local attacker could use this to cause a denial of service. (CVE-2019-13648)\n\nIt was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash).\n(CVE-2019-14283)\n\nIt was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284)\n\nTuba Yavuz discovered that a race condition existed in the DesignWare USB3 DRD Controller device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service.\n(CVE-2019-14763)\n\nIt was discovered that an out-of-bounds read existed in the QLogic QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-15090)\n\nIt was discovered that the Raremono AM/FM/SW radio device driver in the Linux kernel did not properly allocate memory, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.\n(CVE-2019-15211)\n\nIt was discovered at a double-free error existed in the USB Rio 500 device driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-15212)\n\nIt was discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel, leading to a potential use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) pro possibly execute arbitrary code. (CVE-2019-15214)\n\nIt was discovered that a race condition existed in the CPiA2 video4linux device driver for the Linux kernel, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15215)\n\nIt was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash).\n(CVE-2019-15220)\n\nIt was discovered that a use-after-free vulnerability existed in the Appletalk implementation in the Linux kernel if an error occurs during initialization. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-15292)\n\nJason Wang discovered that an infinite loop vulnerability existed in the virtio net driver in the Linux kernel. A local attacker in a guest VM could possibly use this to cause a denial of service in the host system. (CVE-2019-3900)\n\nDaniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered that the Bluetooth protocol BR/EDR specification did not properly require sufficiently strong encryption key lengths. A physicall proximate attacker could use this to expose sensitive information. (CVE-2019-9506)\n\nIt was discovered that a race condition existed in the USB YUREX device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash).\n(CVE-2019-15216)\n\nIt was discovered that the Siano USB MDTV receiver device driver in the Linux kernel made improper assumptions about the device characteristics. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2019-15218)\n\nIt was discovered that the Line 6 POD USB device driver in the Linux kernel did not properly validate data size information from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15221)\n\nMuyu Yu discovered that the CAN implementation in the Linux kernel in some situations did not properly restrict the field size when processing outgoing frames. A local attacker with CAP_NET_ADMIN privileges could use this to execute arbitrary code. (CVE-2019-3701)\n\nVladis Dronov discovered that the debug interface for the Linux kernel's HID subsystem did not properly validate passed parameters in some situations. A local privileged attacker could use this to cause a denial of service (infinite loop). (CVE-2019-3819).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-09-03T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS : linux, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, (USN-4115-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-19985", "CVE-2018-20784", "CVE-2019-0136", "CVE-2019-10207", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-11487", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-13631", "CVE-2019-13648", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-14763", "CVE-2019-15090", "CVE-2019-15211", "CVE-2019-15212", "CVE-2019-15214", "CVE-2019-15215", "CVE-2019-15216", "CVE-2019-15218", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15292", "CVE-2019-3701", "CVE-2019-3819", "CVE-2019-3900", "CVE-2019-9506"], "modified": "2019-09-24T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-4.15", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-4115-1.NASL", "href": "https://www.tenable.com/plugins/nessus/128475", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4115-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128475);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2019/09/24 11:01:33\");\n\n script_cve_id(\"CVE-2018-19985\", \"CVE-2018-20784\", \"CVE-2019-0136\", \"CVE-2019-10207\", \"CVE-2019-10638\", \"CVE-2019-10639\", \"CVE-2019-11487\", \"CVE-2019-11599\", \"CVE-2019-11810\", \"CVE-2019-13631\", \"CVE-2019-13648\", \"CVE-2019-14283\", \"CVE-2019-14284\", \"CVE-2019-14763\", \"CVE-2019-15090\", \"CVE-2019-15211\", \"CVE-2019-15212\", \"CVE-2019-15214\", \"CVE-2019-15215\", \"CVE-2019-15216\", \"CVE-2019-15218\", \"CVE-2019-15220\", \"CVE-2019-15221\", \"CVE-2019-15292\", \"CVE-2019-3701\", \"CVE-2019-3819\", \"CVE-2019-3900\", \"CVE-2019-9506\");\n script_xref(name:\"USN\", value:\"4115-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS : linux, linux-azure, linux-gcp, linux-gke-4.15, linux-hwe, linux-kvm, (USN-4115-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Hui Peng and Mathias Payer discovered that the Option USB High Speed\ndriver in the Linux kernel did not properly validate metadata received\nfrom the device. A physically proximate attacker could use this to\ncause a denial of service (system crash). (CVE-2018-19985)\n\nZhipeng Xie discovered that an infinite loop could triggered in the\nCFS Linux kernel process scheduler. A local attacker could possibly\nuse this to cause a denial of service. (CVE-2018-20784)\n\nIt was discovered that the Intel wifi device driver in the Linux\nkernel did not properly validate certain Tunneled Direct Link Setup\n(TDLS). A physically proximate attacker could use this to cause a\ndenial of service (wifi disconnect). (CVE-2019-0136)\n\nIt was discovered that the Bluetooth UART implementation in the Linux\nkernel did not properly check for missing tty operations. A local\nattacker could use this to cause a denial of service. (CVE-2019-10207)\n\nAmit Klein and Benny Pinkas discovered that the Linux kernel did not\nsufficiently randomize IP ID values generated for connectionless\nnetworking protocols. A remote attacker could use this to track\nparticular Linux devices. (CVE-2019-10638)\n\nAmit Klein and Benny Pinkas discovered that the location of kernel\naddresses could exposed by the implementation of connection-less\nnetwork protocols in the Linux kernel. A remote attacker could\npossibly use this to assist in the exploitation of another\nvulnerability in the Linux kernel. (CVE-2019-10639)\n\nIt was discovered that an integer overflow existed in the Linux kernel\nwhen reference counting pages, leading to potential use-after-free\nissues. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2019-11487)\n\nJann Horn discovered that a race condition existed in the Linux kernel\nwhen performing core dumps. A local attacker could use this to cause a\ndenial of service (system crash) or expose sensitive information.\n(CVE-2019-11599)\n\nIt was discovered that a NULL pointer dereference vulnerability\nexisted in the LSI Logic MegaRAID driver in the Linux kernel. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2019-11810)\n\nIt was discovered that the GTCO tablet input driver in the Linux\nkernel did not properly bounds check the initial HID report sent by\nthe device. A physically proximate attacker could use to cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2019-13631)\n\nPraveen Pandey discovered that the Linux kernel did not properly\nvalidate sent signals in some situations on PowerPC systems with\ntransactional memory disabled. A local attacker could use this to\ncause a denial of service. (CVE-2019-13648)\n\nIt was discovered that the floppy driver in the Linux kernel did not\nproperly validate meta data, leading to a buffer overread. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2019-14283)\n\nIt was discovered that the floppy driver in the Linux kernel did not\nproperly validate ioctl() calls, leading to a division-by-zero. A\nlocal attacker could use this to cause a denial of service (system\ncrash). (CVE-2019-14284)\n\nTuba Yavuz discovered that a race condition existed in the DesignWare\nUSB3 DRD Controller device driver in the Linux kernel. A physically\nproximate attacker could use this to cause a denial of service.\n(CVE-2019-14763)\n\nIt was discovered that an out-of-bounds read existed in the QLogic\nQEDI iSCSI Initiator Driver in the Linux kernel. A local attacker\ncould possibly use this to expose sensitive information (kernel\nmemory). (CVE-2019-15090)\n\nIt was discovered that the Raremono AM/FM/SW radio device driver in\nthe Linux kernel did not properly allocate memory, leading to a\nuse-after-free. A physically proximate attacker could use this to\ncause a denial of service or possibly execute arbitrary code.\n(CVE-2019-15211)\n\nIt was discovered at a double-free error existed in the USB Rio 500\ndevice driver for the Linux kernel. A physically proximate attacker\ncould use this to cause a denial of service. (CVE-2019-15212)\n\nIt was discovered that a race condition existed in the Advanced Linux\nSound Architecture (ALSA) subsystem of the Linux kernel, leading to a\npotential use-after-free. A physically proximate attacker could use\nthis to cause a denial of service (system crash) pro possibly execute\narbitrary code. (CVE-2019-15214)\n\nIt was discovered that a race condition existed in the CPiA2\nvideo4linux device driver for the Linux kernel, leading to a\nuse-after-free. A physically proximate attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2019-15215)\n\nIt was discovered that a race condition existed in the Softmac USB\nPrism54 device driver in the Linux kernel. A physically proximate\nattacker could use this to cause a denial of service (system crash).\n(CVE-2019-15220)\n\nIt was discovered that a use-after-free vulnerability existed in the\nAppletalk implementation in the Linux kernel if an error occurs during\ninitialization. A local attacker could use this to cause a denial of\nservice (system crash). (CVE-2019-15292)\n\nJason Wang discovered that an infinite loop vulnerability existed in\nthe virtio net driver in the Linux kernel. A local attacker in a guest\nVM could possibly use this to cause a denial of service in the host\nsystem. (CVE-2019-3900)\n\nDaniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen\ndiscovered that the Bluetooth protocol BR/EDR specification did not\nproperly require sufficiently strong encryption key lengths. A\nphysicall proximate attacker could use this to expose sensitive\ninformation. (CVE-2019-9506)\n\nIt was discovered that a race condition existed in the USB YUREX\ndevice driver in the Linux kernel. A physically proximate attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2019-15216)\n\nIt was discovered that the Siano USB MDTV receiver device driver in\nthe Linux kernel made improper assumptions about the device\ncharacteristics. A physically proximate attacker could use this cause\na denial of service (system crash). (CVE-2019-15218)\n\nIt was discovered that the Line 6 POD USB device driver in the Linux\nkernel did not properly validate data size information from the\ndevice. A physically proximate attacker could use this to cause a\ndenial of service (system crash). (CVE-2019-15221)\n\nMuyu Yu discovered that the CAN implementation in the Linux kernel in\nsome situations did not properly restrict the field size when\nprocessing outgoing frames. A local attacker with CAP_NET_ADMIN\nprivileges could use this to execute arbitrary code. (CVE-2019-3701)\n\nVladis Dronov discovered that the debug interface for the Linux\nkernel's HID subsystem did not properly validate passed parameters in\nsome situations. A local privileged attacker could use this to cause a\ndenial of service (infinite loop). (CVE-2019-3819).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4115-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-4.15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-19985\", \"CVE-2018-20784\", \"CVE-2019-0136\", \"CVE-2019-10207\", \"CVE-2019-10638\", \"CVE-2019-10639\", \"CVE-2019-11487\", \"CVE-2019-11599\", \"CVE-2019-11810\", \"CVE-2019-13631\", \"CVE-2019-13648\", \"CVE-2019-14283\", \"CVE-2019-14284\", \"CVE-2019-14763\", \"CVE-2019-15090\", \"CVE-2019-15211\", \"CVE-2019-15212\", \"CVE-2019-15214\", \"CVE-2019-15215\", \"CVE-2019-15216\", \"CVE-2019-15218\", \"CVE-2019-15220\", \"CVE-2019-15221\", \"CVE-2019-15292\", \"CVE-2019-3701\", \"CVE-2019-3819\", \"CVE-2019-3900\", \"CVE-2019-9506\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-4115-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1022-oracle\", pkgver:\"4.15.0-1022.25~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1041-gcp\", pkgver:\"4.15.0-1041.43\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1056-azure\", pkgver:\"4.15.0-1056.61\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-60-generic\", pkgver:\"4.15.0-60.67~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-60-generic-lpae\", pkgver:\"4.15.0-60.67~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-60-lowlatency\", pkgver:\"4.15.0-60.67~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-azure\", pkgver:\"4.15.0.1056.59\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gcp\", pkgver:\"4.15.0.1041.55\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-hwe-16.04\", pkgver:\"4.15.0.60.81\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae-hwe-16.04\", pkgver:\"4.15.0.60.81\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gke\", pkgver:\"4.15.0.1041.55\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-hwe-16.04\", pkgver:\"4.15.0.60.81\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-oem\", pkgver:\"4.15.0.60.81\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-oracle\", pkgver:\"4.15.0.1022.16\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual-hwe-16.04\", pkgver:\"4.15.0.60.81\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1022-oracle\", pkgver:\"4.15.0-1022.25\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1041-gke\", pkgver:\"4.15.0-1041.43\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1043-kvm\", pkgver:\"4.15.0-1043.43\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1044-raspi2\", pkgver:\"4.15.0-1044.47\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-60-generic\", pkgver:\"4.15.0-60.67\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-60-generic-lpae\", pkgver:\"4.15.0-60.67\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-60-lowlatency\", pkgver:\"4.15.0-60.67\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic\", pkgver:\"4.15.0.60.62\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.15.0.60.62\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gke\", pkgver:\"4.15.0.1041.44\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gke-4.15\", pkgver:\"4.15.0.1041.44\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-kvm\", pkgver:\"4.15.0.1043.43\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.15.0.60.62\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-oracle\", pkgver:\"4.15.0.1022.25\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.15.0.1044.42\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-virtual\", pkgver:\"4.15.0.60.62\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.15-azure / linux-image-4.15-gcp / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-04T14:20:11", "description": "USN 4115-1 fixed vulnerabilities in the Linux 4.15 kernel for Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. Unfortunately, as part of the update, a regression was introduced that caused a kernel crash when handling fragmented packets in some situations. This update addresses the issue.\n\nWe apologize for the inconvenience.\n\nHui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19985)\n\nZhipeng Xie discovered that an infinite loop could triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784)\n\nIt was discovered that the Intel Wi-Fi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (Wi-Fi disconnect). (CVE-2019-0136)\n\nIt was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207)\n\nAmit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. (CVE-2019-10638)\n\nAmit Klein and Benny Pinkas discovered that the location of kernel addresses could be exposed by the implementation of connection-less network protocols in the Linux kernel. A remote attacker could possibly use this to assist in the exploitation of another vulnerability in the Linux kernel. (CVE-2019-10639)\n\nIt was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487)\n\nJann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information.\n(CVE-2019-11599)\n\nIt was discovered that a NULL pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash).\n(CVE-2019-11810)\n\nIt was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2019-13631)\n\nPraveen Pandey discovered that the Linux kernel did not properly validate sent signals in some situations on PowerPC systems with transactional memory disabled. A local attacker could use this to cause a denial of service. (CVE-2019-13648)\n\nIt was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash).\n(CVE-2019-14283)\n\nIt was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284)\n\nTuba Yavuz discovered that a race condition existed in the DesignWare USB3 DRD Controller device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service.\n(CVE-2019-14763)\n\nIt was discovered that an out-of-bounds read existed in the QLogic QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-15090)\n\nIt was discovered that the Raremono AM/FM/SW radio device driver in the Linux kernel did not properly allocate memory, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.\n(CVE-2019-15211)\n\nIt was discovered at a double-free error existed in the USB Rio 500 device driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-15212)\n\nIt was discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel, leading to a potential use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15214)\n\nIt was discovered that a race condition existed in the CPiA2 video4linux device driver for the Linux kernel, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15215)\n\nIt was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash).\n(CVE-2019-15220)\n\nIt was discovered that a use-after-free vulnerability existed in the AppleTalk implementation in the Linux kernel if an error occurs during initialization. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-15292)\n\nJason Wang discovered that an infinite loop vulnerability existed in the virtio net driver in the Linux kernel. A local attacker in a guest VM could possibly use this to cause a denial of service in the host system. (CVE-2019-3900)\n\nDaniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered that the Bluetooth protocol BR/EDR specification did not properly require sufficiently strong encryption key lengths. A physically proximate attacker could use this to expose sensitive information. (CVE-2019-9506)\n\nIt was discovered that a race condition existed in the USB YUREX device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash).\n(CVE-2019-15216)\n\nIt was discovered that the Siano USB MDTV receiver device driver in the Linux kernel made improper assumptions about the device characteristics. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2019-15218)\n\nIt was discovered that the Line 6 POD USB device driver in the Linux kernel did not properly validate data size information from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15221)\n\nMuyu Yu discovered that the CAN implementation in the Linux kernel in some situations did not properly restrict the field size when processing outgoing frames. A local attacker with CAP_NET_ADMIN privileges could use this to execute arbitrary code. (CVE-2019-3701)\n\nVladis Dronov discovered that the debug interface for the Linux kernel's HID subsystem did not properly validate passed parameters in some situations. A local privileged attacker could use this to cause a denial of service (infinite loop). (CVE-2019-3819).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-09-11T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel regression (USN-4115-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-19985", "CVE-2018-20784", "CVE-2019-0136", "CVE-2019-10207", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-11487", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-13631", "CVE-2019-13648", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-14763", "CVE-2019-15090", "CVE-2019-15211", "CVE-2019-15212", "CVE-2019-15214", "CVE-2019-15215", "CVE-2019-15216", "CVE-2019-15218", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15292", "CVE-2019-3701", "CVE-2019-3819", "CVE-2019-3900", "CVE-2019-9506"], "modified": "2020-09-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe", "p-cpe:/a:canonical:ubuntu_linux:linux-image-azure", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke", "p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-4.15", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle", "p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual", "p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-4115-2.NASL", "href": "https://www.tenable.com/plugins/nessus/128680", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4115-2. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128680);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2018-19985\", \"CVE-2018-20784\", \"CVE-2019-0136\", \"CVE-2019-10207\", \"CVE-2019-10638\", \"CVE-2019-10639\", \"CVE-2019-11487\", \"CVE-2019-11599\", \"CVE-2019-11810\", \"CVE-2019-13631\", \"CVE-2019-13648\", \"CVE-2019-14283\", \"CVE-2019-14284\", \"CVE-2019-14763\", \"CVE-2019-15090\", \"CVE-2019-15211\", \"CVE-2019-15212\", \"CVE-2019-15214\", \"CVE-2019-15215\", \"CVE-2019-15216\", \"CVE-2019-15218\", \"CVE-2019-15220\", \"CVE-2019-15221\", \"CVE-2019-15292\", \"CVE-2019-3701\", \"CVE-2019-3819\", \"CVE-2019-3900\", \"CVE-2019-9506\");\n script_xref(name:\"USN\", value:\"4115-2\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS : Linux kernel regression (USN-4115-2)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"USN 4115-1 fixed vulnerabilities in the Linux 4.15 kernel for Ubuntu\n18.04 LTS and Ubuntu 16.04 LTS. Unfortunately, as part of the update,\na regression was introduced that caused a kernel crash when handling\nfragmented packets in some situations. This update addresses the\nissue.\n\nWe apologize for the inconvenience.\n\nHui Peng and Mathias Payer discovered that the Option USB High Speed\ndriver in the Linux kernel did not properly validate metadata received\nfrom the device. A physically proximate attacker could use this to\ncause a denial of service (system crash). (CVE-2018-19985)\n\nZhipeng Xie discovered that an infinite loop could triggered in the\nCFS Linux kernel process scheduler. A local attacker could possibly\nuse this to cause a denial of service. (CVE-2018-20784)\n\nIt was discovered that the Intel Wi-Fi device driver in the Linux\nkernel did not properly validate certain Tunneled Direct Link Setup\n(TDLS). A physically proximate attacker could use this to cause a\ndenial of service (Wi-Fi disconnect). (CVE-2019-0136)\n\nIt was discovered that the Bluetooth UART implementation in the Linux\nkernel did not properly check for missing tty operations. A local\nattacker could use this to cause a denial of service. (CVE-2019-10207)\n\nAmit Klein and Benny Pinkas discovered that the Linux kernel did not\nsufficiently randomize IP ID values generated for connectionless\nnetworking protocols. A remote attacker could use this to track\nparticular Linux devices. (CVE-2019-10638)\n\nAmit Klein and Benny Pinkas discovered that the location of kernel\naddresses could be exposed by the implementation of connection-less\nnetwork protocols in the Linux kernel. A remote attacker could\npossibly use this to assist in the exploitation of another\nvulnerability in the Linux kernel. (CVE-2019-10639)\n\nIt was discovered that an integer overflow existed in the Linux kernel\nwhen reference counting pages, leading to potential use-after-free\nissues. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2019-11487)\n\nJann Horn discovered that a race condition existed in the Linux kernel\nwhen performing core dumps. A local attacker could use this to cause a\ndenial of service (system crash) or expose sensitive information.\n(CVE-2019-11599)\n\nIt was discovered that a NULL pointer dereference vulnerability\nexisted in the LSI Logic MegaRAID driver in the Linux kernel. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2019-11810)\n\nIt was discovered that the GTCO tablet input driver in the Linux\nkernel did not properly bounds check the initial HID report sent by\nthe device. A physically proximate attacker could use this to cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2019-13631)\n\nPraveen Pandey discovered that the Linux kernel did not properly\nvalidate sent signals in some situations on PowerPC systems with\ntransactional memory disabled. A local attacker could use this to\ncause a denial of service. (CVE-2019-13648)\n\nIt was discovered that the floppy driver in the Linux kernel did not\nproperly validate meta data, leading to a buffer overread. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2019-14283)\n\nIt was discovered that the floppy driver in the Linux kernel did not\nproperly validate ioctl() calls, leading to a division-by-zero. A\nlocal attacker could use this to cause a denial of service (system\ncrash). (CVE-2019-14284)\n\nTuba Yavuz discovered that a race condition existed in the DesignWare\nUSB3 DRD Controller device driver in the Linux kernel. A physically\nproximate attacker could use this to cause a denial of service.\n(CVE-2019-14763)\n\nIt was discovered that an out-of-bounds read existed in the QLogic\nQEDI iSCSI Initiator Driver in the Linux kernel. A local attacker\ncould possibly use this to expose sensitive information (kernel\nmemory). (CVE-2019-15090)\n\nIt was discovered that the Raremono AM/FM/SW radio device driver in\nthe Linux kernel did not properly allocate memory, leading to a\nuse-after-free. A physically proximate attacker could use this to\ncause a denial of service or possibly execute arbitrary code.\n(CVE-2019-15211)\n\nIt was discovered at a double-free error existed in the USB Rio 500\ndevice driver for the Linux kernel. A physically proximate attacker\ncould use this to cause a denial of service. (CVE-2019-15212)\n\nIt was discovered that a race condition existed in the Advanced Linux\nSound Architecture (ALSA) subsystem of the Linux kernel, leading to a\npotential use-after-free. A physically proximate attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2019-15214)\n\nIt was discovered that a race condition existed in the CPiA2\nvideo4linux device driver for the Linux kernel, leading to a\nuse-after-free. A physically proximate attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2019-15215)\n\nIt was discovered that a race condition existed in the Softmac USB\nPrism54 device driver in the Linux kernel. A physically proximate\nattacker could use this to cause a denial of service (system crash).\n(CVE-2019-15220)\n\nIt was discovered that a use-after-free vulnerability existed in the\nAppleTalk implementation in the Linux kernel if an error occurs during\ninitialization. A local attacker could use this to cause a denial of\nservice (system crash). (CVE-2019-15292)\n\nJason Wang discovered that an infinite loop vulnerability existed in\nthe virtio net driver in the Linux kernel. A local attacker in a guest\nVM could possibly use this to cause a denial of service in the host\nsystem. (CVE-2019-3900)\n\nDaniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen\ndiscovered that the Bluetooth protocol BR/EDR specification did not\nproperly require sufficiently strong encryption key lengths. A\nphysically proximate attacker could use this to expose sensitive\ninformation. (CVE-2019-9506)\n\nIt was discovered that a race condition existed in the USB YUREX\ndevice driver in the Linux kernel. A physically proximate attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2019-15216)\n\nIt was discovered that the Siano USB MDTV receiver device driver in\nthe Linux kernel made improper assumptions about the device\ncharacteristics. A physically proximate attacker could use this cause\na denial of service (system crash). (CVE-2019-15218)\n\nIt was discovered that the Line 6 POD USB device driver in the Linux\nkernel did not properly validate data size information from the\ndevice. A physically proximate attacker could use this to cause a\ndenial of service (system crash). (CVE-2019-15221)\n\nMuyu Yu discovered that the CAN implementation in the Linux kernel in\nsome situations did not properly restrict the field size when\nprocessing outgoing frames. A local attacker with CAP_NET_ADMIN\nprivileges could use this to execute arbitrary code. (CVE-2019-3701)\n\nVladis Dronov discovered that the debug interface for the Linux\nkernel's HID subsystem did not properly validate passed parameters in\nsome situations. A local privileged attacker could use this to cause a\ndenial of service (infinite loop). (CVE-2019-3819).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4115-2/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gcp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-gke-4.15\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oracle\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-raspi2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-virtual-hwe-16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-19985\", \"CVE-2018-20784\", \"CVE-2019-0136\", \"CVE-2019-10207\", \"CVE-2019-10638\", \"CVE-2019-10639\", \"CVE-2019-11487\", \"CVE-2019-11599\", \"CVE-2019-11810\", \"CVE-2019-13631\", \"CVE-2019-13648\", \"CVE-2019-14283\", \"CVE-2019-14284\", \"CVE-2019-14763\", \"CVE-2019-15090\", \"CVE-2019-15211\", \"CVE-2019-15212\", \"CVE-2019-15214\", \"CVE-2019-15215\", \"CVE-2019-15216\", \"CVE-2019-15218\", \"CVE-2019-15220\", \"CVE-2019-15221\", \"CVE-2019-15292\", \"CVE-2019-3701\", \"CVE-2019-3819\", \"CVE-2019-3900\", \"CVE-2019-9506\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-4115-2\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1023-oracle\", pkgver:\"4.15.0-1023.26~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1042-gcp\", pkgver:\"4.15.0-1042.44\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1048-aws\", pkgver:\"4.15.0-1048.50~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1057-azure\", pkgver:\"4.15.0-1057.62\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-62-generic\", pkgver:\"4.15.0-62.69~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-62-generic-lpae\", pkgver:\"4.15.0-62.69~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-62-lowlatency\", pkgver:\"4.15.0-62.69~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-aws-hwe\", pkgver:\"4.15.0.1048.48\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-azure\", pkgver:\"4.15.0.1057.60\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gcp\", pkgver:\"4.15.0.1042.56\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-hwe-16.04\", pkgver:\"4.15.0.62.82\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-generic-lpae-hwe-16.04\", pkgver:\"4.15.0.62.82\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-gke\", pkgver:\"4.15.0.1042.56\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-lowlatency-hwe-16.04\", pkgver:\"4.15.0.62.82\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-oem\", pkgver:\"4.15.0.62.82\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-oracle\", pkgver:\"4.15.0.1023.17\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-virtual-hwe-16.04\", pkgver:\"4.15.0.62.82\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1023-oracle\", pkgver:\"4.15.0-1023.26\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1042-gke\", pkgver:\"4.15.0-1042.44\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1044-kvm\", pkgver:\"4.15.0-1044.44\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1045-raspi2\", pkgver:\"4.15.0-1045.49\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1048-aws\", pkgver:\"4.15.0-1048.50\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-62-generic\", pkgver:\"4.15.0-62.69\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-62-generic-lpae\", pkgver:\"4.15.0-62.69\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-62-lowlatency\", pkgver:\"4.15.0-62.69\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-aws\", pkgver:\"4.15.0.1048.47\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic\", pkgver:\"4.15.0.62.64\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-generic-lpae\", pkgver:\"4.15.0.62.64\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gke\", pkgver:\"4.15.0.1042.45\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-gke-4.15\", pkgver:\"4.15.0.1042.45\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-kvm\", pkgver:\"4.15.0.1044.44\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-lowlatency\", pkgver:\"4.15.0.62.64\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-oracle\", pkgver:\"4.15.0.1023.26\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-raspi2\", pkgver:\"4.15.0.1045.43\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-virtual\", pkgver:\"4.15.0.62.64\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.15-aws / linux-image-4.15-azure / etc\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-18T04:50:40", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2082-1 advisory.\n\n - The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. (CVE-2017-13695)\n\n - In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load. (CVE-2018-20784)\n\n - An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR. (CVE-2018-7755)\n\n - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. (CVE-2019-19377)\n\n - A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of service. (CVE-2020-10769)\n\n - There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. (CVE-2021-20292)\n\n - A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.\n (CVE-2021-20321)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. (CVE-2021-33061)\n\n - net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call. (CVE-2021-38208)\n\n - A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().\n This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. (CVE-2022-1011)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. (CVE-2022-1353)\n\n - The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object. (CVE-2022-1419)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system. (CVE-2022-1516)\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854) (CVE-2022-1729)\n\n - A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.\n (CVE-2022-1734)\n\n - Intel: CVE-2022-21123 Shared Buffers Data Read (SBDR) (CVE-2022-21123)\n\n - Intel: CVE-2022-21125 Shared Buffers Data Sampling (SBDS) (CVE-2022-21125)\n\n - Intel: CVE-2022-21127 Special Register Buffer Data Sampling Update (SRBDS Update) (CVE-2022-21127)\n\n - Intel: CVE-2022-21166 Device Register Partial Write (DRPW) (CVE-2022-21166)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). (CVE-2022-21499)\n\n - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. (CVE-2022-28388)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. (CVE-2022-30594)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-06-15T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2082-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13695", "CVE-2018-20784", "CVE-2018-7755", "CVE-2019-19377", "CVE-2020-10769", "CVE-2021-20292", "CVE-2021-20321", "CVE-2021-28688", "CVE-2021-33061", "CVE-2021-38208", "CVE-2022-0854", "CVE-2022-1011", "CVE-2022-1184", "CVE-2022-1353", "CVE-2022-1419", "CVE-2022-1516", "CVE-2022-1652", "CVE-2022-1729", "CVE-2022-1734", "CVE-2022-1974", "CVE-2022-1975", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21127", "CVE-2022-21166", "CVE-2022-21180", "CVE-2022-21499", "CVE-2022-28388", "CVE-2022-28390", "CVE-2022-30594"], "modified": "2022-06-16T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:12:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-source:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-syms:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-base:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-man:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-kgraft:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:cluster-md-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:dlm-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:gfs2-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-macros:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:ocfs2-kmp-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_4_180-94_164-default:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-2082-1.NASL", "href": "https://www.tenable.com/plugins/nessus/162245", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2082-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162245);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/16\");\n\n script_cve_id(\n \"CVE-2017-13695\",\n \"CVE-2018-7755\",\n \"CVE-2018-20784\",\n \"CVE-2019-19377\",\n \"CVE-2020-10769\",\n \"CVE-2021-20292\",\n \"CVE-2021-20321\",\n \"CVE-2021-28688\",\n \"CVE-2021-33061\",\n \"CVE-2021-38208\",\n \"CVE-2022-1011\",\n \"CVE-2022-1184\",\n \"CVE-2022-1353\",\n \"CVE-2022-1419\",\n \"CVE-2022-1516\",\n \"CVE-2022-1652\",\n \"CVE-2022-1729\",\n \"CVE-2022-1734\",\n \"CVE-2022-1974\",\n \"CVE-2022-1975\",\n \"CVE-2022-21123\",\n \"CVE-2022-21125\",\n \"CVE-2022-21127\",\n \"CVE-2022-21166\",\n \"CVE-2022-21180\",\n \"CVE-2022-21499\",\n \"CVE-2022-28388\",\n \"CVE-2022-28390\",\n \"CVE-2022-30594\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2082-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2082-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2082-1 advisory.\n\n - The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does\n not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive\n information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a\n crafted ACPI table. (CVE-2017-13695)\n\n - In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to\n cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other\n impact by inducing a high load. (CVE-2018-20784)\n\n - An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel\n through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM\n ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the\n location of kernel code and data and bypass kernel security protections such as KASLR. (CVE-2018-7755)\n\n - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and\n unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. (CVE-2019-19377)\n\n - A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in\n crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4\n bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat,\n leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of\n service. (CVE-2020-10769)\n\n - There is a flaw reported in the Linux kernel in versions before 5.9 in\n drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue\n results from the lack of validating the existence of an object prior to performing operations on the\n object. An attacker with a local account with a root privilege, can leverage this vulnerability to\n escalate privileges and execute code in the context of the kernel. (CVE-2021-20292)\n\n - A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users\n do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.\n (CVE-2021-20321)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use\n uninitialized or stale values. This initialization went too far and may under certain conditions also\n overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking\n persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died,\n leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an\n authenticated user to potentially enable denial of service via local access. (CVE-2021-33061)\n\n - net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial\n of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure\n of a bind call. (CVE-2021-38208)\n\n - A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().\n This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in\n privilege escalation. (CVE-2022-1011)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This\n flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a\n leak of internal kernel information. (CVE-2022-1353)\n\n - The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount\n of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will\n access the freed drm_vgem_gem_object. (CVE-2022-1419)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's X.25 set of standardized network protocols\n functionality in the way a user terminates their session using a simulated Ethernet card and continued\n usage of this connection. This flaw allows a local user to crash the system. (CVE-2022-1516)\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency\n use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker\n could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the\n system. (CVE-2022-1652)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854) (CVE-2022-1729)\n\n - A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use\n after free both read or write when non synchronized between cleanup routine and firmware download routine.\n (CVE-2022-1734)\n\n - Intel: CVE-2022-21123 Shared Buffers Data Read (SBDR) (CVE-2022-21123)\n\n - Intel: CVE-2022-21125 Shared Buffers Data Sampling (SBDS) (CVE-2022-21125)\n\n - Intel: CVE-2022-21127 Special Register Buffer Data Sampling Update (SRBDS Update) (CVE-2022-21127)\n\n - Intel: CVE-2022-21166 Device Register Partial Write (DRPW) (CVE-2022-21166)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger\n respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and\n Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). (CVE-2022-21499)\n\n - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double\n free. (CVE-2022-28388)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers\n to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. (CVE-2022-30594)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1051510\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1055710\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1084513\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1087082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1126703\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1158266\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173265\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182171\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183723\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197343\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198687\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198997\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199314\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199505\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199785\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200144\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200249\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-June/011287.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?145ea4c2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-7755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-10769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20292\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20321\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33061\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1184\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1734\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21123\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21125\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21127\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21180\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21499\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-28388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-28390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-30594\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20784\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_164-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-default-4.4.180-94.164.3', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE-HPC-release-12.3', 'sle-ha-release-12.3', 'sles-release-12.3']},\n {'reference':'dlm-kmp-default-4.4.180-94.164.3', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE-HPC-release-12.3', 'sle-ha-release-12.3', 'sles-release-12.3']},\n {'reference':'gfs2-kmp-default-4.4.180-94.164.3', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE-HPC-release-12.3', 'sle-ha-release-12.3', 'sles-release-12.3']},\n {'reference':'ocfs2-kmp-default-4.4.180-94.164.3', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE-HPC-release-12.3', 'sle-ha-release-12.3', 'sles-release-12.3']},\n {'reference':'kernel-default-4.4.180-94.164.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3', 'sles-release-12.3']},\n {'reference':'kernel-default-base-4.4.180-94.164.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3', 'sles-release-12.3']},\n {'reference':'kernel-default-devel-4.4.180-94.164.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3', 'sles-release-12.3']},\n {'reference':'kernel-default-kgraft-4.4.180-94.164.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'kernel-devel-4.4.180-94.164.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3', 'sles-release-12.3']},\n {'reference':'kernel-macros-4.4.180-94.164.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3', 'sles-release-12.3']},\n {'reference':'kernel-source-4.4.180-94.164.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3', 'sles-release-12.3']},\n {'reference':'kernel-syms-4.4.180-94.164.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3', 'sles-release-12.3']},\n {'reference':'kgraft-patch-4_4_180-94_164-default-1-4.3.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'kernel-default-4.4.180-94.164.3', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'kernel-default-base-4.4.180-94.164.3', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'kernel-default-devel-4.4.180-94.164.3', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'kernel-default-kgraft-4.4.180-94.164.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'kernel-default-man-4.4.180-94.164.3', 'sp':'3', 'cpu':'s390x', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'kernel-devel-4.4.180-94.164.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'kernel-macros-4.4.180-94.164.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'kernel-source-4.4.180-94.164.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'kernel-syms-4.4.180-94.164.2', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'kgraft-patch-4_4_180-94_164-default-1-4.3.2', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-18T04:49:31", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2077-1 advisory.\n\n - The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. (CVE-2017-13695)\n\n - In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load. (CVE-2018-20784)\n\n - An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR. (CVE-2018-7755)\n\n - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. (CVE-2019-19377)\n\n - A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4 bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat, leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of service. (CVE-2020-10769)\n\n - There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. (CVE-2021-20292)\n\n - A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.\n (CVE-2021-20321)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use uninitialized or stale values. This initialization went too far and may under certain conditions also overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died, leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. (CVE-2021-33061)\n\n - net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure of a bind call. (CVE-2021-38208)\n\n - A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().\n This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in privilege escalation. (CVE-2022-1011)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. (CVE-2022-1353)\n\n - The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object. (CVE-2022-1419)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system. (CVE-2022-1516)\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854) (CVE-2022-1729)\n\n - A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.\n (CVE-2022-1734)\n\n - Intel: CVE-2022-21123 Shared Buffers Data Read (SBDR) (CVE-2022-21123)\n\n - Intel: CVE-2022-21125 Shared Buffers Data Sampling (SBDS) (CVE-2022-21125)\n\n - Intel: CVE-2022-21127 Special Register Buffer Data Sampling Update (SRBDS Update) (CVE-2022-21127)\n\n - Intel: CVE-2022-21166 Device Register Partial Write (DRPW) (CVE-2022-21166)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). (CVE-2022-21499)\n\n - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. (CVE-2022-28388)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. (CVE-2022-30594)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-06-15T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2077-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-13695", "CVE-2018-20784", "CVE-2018-7755", "CVE-2019-19377", "CVE-2020-10769", "CVE-2021-20292", "CVE-2021-20321", "CVE-2021-28688", "CVE-2021-33061", "CVE-2021-38208", "CVE-2022-0854", "CVE-2022-1011", "CVE-2022-1184", "CVE-2022-1353", "CVE-2022-1419", "CVE-2022-1516", "CVE-2022-1652", "CVE-2022-1729", "CVE-2022-1734", "CVE-2022-1974", "CVE-2022-1975", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21127", "CVE-2022-21166", "CVE-2022-21180", "CVE-2022-21499", "CVE-2022-28388", "CVE-2022-28390", "CVE-2022-30594"], "modified": "2022-06-17T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:12:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-source:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-syms:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-base:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-macros:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-2077-1.NASL", "href": "https://www.tenable.com/plugins/nessus/162232", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2077-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162232);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/17\");\n\n script_cve_id(\n \"CVE-2017-13695\",\n \"CVE-2018-7755\",\n \"CVE-2018-20784\",\n \"CVE-2019-19377\",\n \"CVE-2020-10769\",\n \"CVE-2021-20292\",\n \"CVE-2021-20321\",\n \"CVE-2021-28688\",\n \"CVE-2021-33061\",\n \"CVE-2021-38208\",\n \"CVE-2022-1011\",\n \"CVE-2022-1184\",\n \"CVE-2022-1353\",\n \"CVE-2022-1419\",\n \"CVE-2022-1516\",\n \"CVE-2022-1652\",\n \"CVE-2022-1729\",\n \"CVE-2022-1734\",\n \"CVE-2022-1974\",\n \"CVE-2022-1975\",\n \"CVE-2022-21123\",\n \"CVE-2022-21125\",\n \"CVE-2022-21127\",\n \"CVE-2022-21166\",\n \"CVE-2022-21180\",\n \"CVE-2022-21499\",\n \"CVE-2022-28388\",\n \"CVE-2022-28390\",\n \"CVE-2022-30594\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2077-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2077-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2077-1 advisory.\n\n - The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does\n not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive\n information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a\n crafted ACPI table. (CVE-2017-13695)\n\n - In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to\n cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other\n impact by inducing a high load. (CVE-2018-20784)\n\n - An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel\n through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM\n ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the\n location of kernel code and data and bypass kernel security protections such as KASLR. (CVE-2018-7755)\n\n - In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and\n unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. (CVE-2019-19377)\n\n - A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in\n crypto/authenc.c in the IPsec Cryptographic algorithm's module, authenc. When a payload longer than 4\n bytes, and is not following 4-byte alignment boundary guidelines, it causes a buffer over-read threat,\n leading to a system crash. This flaw allows a local attacker with user privileges to cause a denial of\n service. (CVE-2020-10769)\n\n - There is a flaw reported in the Linux kernel in versions before 5.9 in\n drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue\n results from the lack of validating the existence of an object prior to performing operations on the\n object. An attacker with a local account with a root privilege, can leverage this vulnerability to\n escalate privileges and execute code in the context of the kernel. (CVE-2021-20292)\n\n - A race condition accessing file object in the Linux kernel OverlayFS subsystem was found in the way users\n do rename in specific way with OverlayFS. A local user could use this flaw to crash the system.\n (CVE-2021-20321)\n\n - The fix for XSA-365 includes initialization of pointers such that subsequent cleanup code wouldn't use\n uninitialized or stale values. This initialization went too far and may under certain conditions also\n overwrite pointers which are in need of cleaning up. The lack of cleanup would result in leaking\n persistent grants. The leak in turn would prevent fully cleaning up after a respective guest has died,\n leaving around zombie domains. All Linux versions having the fix for XSA-365 applied are vulnerable.\n XSA-365 was classified to affect versions back to at least 3.11. (CVE-2021-28688)\n\n - Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an\n authenticated user to potentially enable denial of service via local access. (CVE-2021-33061)\n\n - net/nfc/llcp_sock.c in the Linux kernel before 5.12.10 allows local unprivileged users to cause a denial\n of service (NULL pointer dereference and BUG) by making a getsockname call after a certain type of failure\n of a bind call. (CVE-2021-38208)\n\n - A use-after-free flaw was found in the Linux kernel's FUSE filesystem in the way a user triggers write().\n This flaw allows a local user to gain unauthorized access to data from the FUSE filesystem, resulting in\n privilege escalation. (CVE-2022-1011)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This\n flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a\n leak of internal kernel information. (CVE-2022-1353)\n\n - The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount\n of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will\n access the freed drm_vgem_gem_object. (CVE-2022-1419)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's X.25 set of standardized network protocols\n functionality in the way a user terminates their session using a simulated Ethernet card and continued\n usage of this connection. This flaw allows a local user to crash the system. (CVE-2022-1516)\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency\n use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker\n could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the\n system. (CVE-2022-1652)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854) (CVE-2022-1729)\n\n - A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use\n after free both read or write when non synchronized between cleanup routine and firmware download routine.\n (CVE-2022-1734)\n\n - Intel: CVE-2022-21123 Shared Buffers Data Read (SBDR) (CVE-2022-21123)\n\n - Intel: CVE-2022-21125 Shared Buffers Data Sampling (SBDS) (CVE-2022-21125)\n\n - Intel: CVE-2022-21127 Special Register Buffer Data Sampling Update (SRBDS Update) (CVE-2022-21127)\n\n - Intel: CVE-2022-21166 Device Register Partial Write (DRPW) (CVE-2022-21166)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger\n respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and\n Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H). (CVE-2022-21499)\n\n - usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double\n free. (CVE-2022-28388)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers\n to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag. (CVE-2022-30594)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1055710\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1084513\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1087082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1126703\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1158266\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1173265\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1182171\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1183723\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197343\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198687\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198742\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199012\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199063\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199426\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199505\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200144\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200249\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-June/011285.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1ed8c6a9\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-13695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-7755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19377\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-10769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20292\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-20321\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28688\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33061\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-38208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1184\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1734\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1974\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21123\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21125\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21127\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21180\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21499\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-28388\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-28390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-30594\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20784\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/08/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'kernel-default-4.4.121-92.175.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'kernel-default-base-4.4.121-92.175.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'kernel-default-devel-4.4.121-92.175.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'kernel-devel-4.4.121-92.175.2', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'kernel-macros-4.4.121-92.175.2', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'kernel-source-4.4.121-92.175.2', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'kernel-syms-4.4.121-92.175.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-default / kernel-default-base / kernel-default-devel / etc');\n}\n", "cvss": {"score": 7.5, "vector": "CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-23T02:15:38", "description": "It was discovered that the alarmtimer implementation in the Linux kernel contained an integer overflow vulnerability. A local attacker could use this to cause a denial of service. (CVE-2018-13053)\n\nWen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly track inode validations. An attacker could use this to construct a malicious XFS image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13093)\n\nWen Xu discovered that the f2fs file system implementation in the Linux kernel did not properly validate metadata. An attacker could use this to construct a malicious f2fs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-13096, CVE-2018-13097, CVE-2018-13098, CVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14615, CVE-2018-14616)\n\nWen Xu and Po-Ning Tseng discovered that btrfs file system implementation in the Linux kernel did not properly validate metadata.\nAn attacker could use this to construct a malicious btrfs image that, when mounted, could cause a denial of service (system crash).\n(CVE-2018-14609, CVE-2018-14610, CVE-2018-14611, CVE-2018-14612, CVE-2018-14613)\n\nWen Xu discovered that the HFS+ filesystem implementation in the Linux kernel did not properly handle malformed catalog data in some situations. An attacker could use this to construct a malicious HFS+ image that, when mounted, could cause a denial of service (system crash). (CVE-2018-14617)\n\nVasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem of the Linux kernel did not properly initialize new files in some situations. A local attacker could use this to expose sensitive information. (CVE-2018-16862)\n\nHui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19985)\n\nHui Peng and Mathias Payer discovered that the USB subsystem in the Linux kernel did not properly handle size checks when handling an extra USB descriptor. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-20169)\n\nZhipeng Xie discovered that an infinite loop could triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784)\n\nIt was discovered that a use-after-free error existed in the block layer subsystem of the Linux kernel when certain failure conditions occurred. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2018-20856)\n\nEli Biham and Lior Neumann discovered that the Bluetooth implementation in the Linux kernel did not properly validate elliptic curve parameters during Diffie-Hellman key exchange in some situations. An attacker could use this to expose sensitive information. (CVE-2018-5383)\n\nIt was discovered that the Intel wifi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (wifi disconnect). (CVE-2019-0136)\n\nIt was discovered that a heap buffer overflow existed in the Marvell Wireless LAN device driver for the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-10126)\n\nIt was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207)\n\nAmit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. (CVE-2019-10638)\n\nAmit Klein and Benny Pinkas discovered that the location of kernel addresses could exposed by the implementation of connection-less network protocols in the Linux kernel. A remote attacker could possibly use this to assist in the exploitation of another vulnerability in the Linux kernel. (CVE-2019-10639)\n\nAdam Zabrocki discovered that the Intel i915 kernel mode graphics driver in the Linux kernel did not properly restrict mmap() ranges in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2019-11085)\n\nIt was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487)\n\nJann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information.\n(CVE-2019-11599)\n\nIt was discovered that a NULL pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash).\n(CVE-2019-11810)\n\nIt was discovered that a race condition leading to a use-after-free existed in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel. The RDS protocol is blacklisted by default in Ubuntu. If enabled, a local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2019-11815)\n\nIt was discovered that the ext4 file system implementation in the Linux kernel did not properly zero out memory in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2019-11833)\n\nIt was discovered that the Bluetooth Human Interface Device Protocol (HIDP) implementation in the Linux kernel did not properly verify strings were NULL terminated in certain situations. A local attacker could use this to expose sensitive information (kernel memory).\n(CVE-2019-11884)\n\nIt was discovered that a NULL pointer dereference vulnerabilty existed in the Near-field communication (NFC) implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12818)\n\nIt was discovered that the MDIO bus devices subsystem in the Linux kernel improperly dropped a device reference in an error condition, leading to a use-after-free. An attacker could use this to cause a denial of service (system crash). (CVE-2019-12819)\n\nIt was discovered that a NULL pointer dereference vulnerability existed in the Near-field communication (NFC) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-12984)\n\nJann Horn discovered a use-after-free vulnerability in the Linux kernel when accessing LDT entries in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13233)\n\nJann Horn discovered that the ptrace implementation in the Linux kernel did not properly record credentials in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2019-13272)\n\nIt was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code.\n(CVE-2019-13631)\n\nIt was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash).\n(CVE-2019-14283)\n\nIt was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284)\n\nTuba Yavuz discovered that a race condition existed in the DesignWare USB3 DRD Controller device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service.\n(CVE-2019-14763)\n\nIt was discovered that an out-of-bounds read existed in the QLogic QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-15090)\n\nIt was discovered that the Raremono AM/FM/SW radio device driver in the Linux kernel did not properly allocate memory, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code.\n(CVE-2019-15211)\n\nIt was discovered at a double-free error existed in the USB Rio 500 device driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-15212)\n\nIt was discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel, leading to a potential use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) pro possibly execute arbitrary code. (CVE-2019-15214)\n\nIt was discovered that a race condition existed in the CPiA2 video4linux device driver for the Linux kernel, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15215)\n\nIt was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash).\n(CVE-2019-15220)\n\nIt was discovered that a use-after-free vulnerability existed in the Appletalk implementation in the Linux kernel if an error occurs during initialization. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-15292)\n\nIt was discovered that the Empia EM28xx DVB USB device driver implementation in the Linux kernel contained a use-after-free vulnerability when disconnecting the device. An attacker could use this to cause a denial of service (system crash). (CVE-2019-2024)\n\nIt was discovered that the USB video device class implementation in the Linux kernel did not properly validate control bits, resulting in an out of bounds buffer read. A local attacker could use this to possibly expose sensitive information (kernel memory). (CVE-2019-2101)\n\nIt was discovered that the Marvell Wireless LAN device driver in the Linux kernel did not properly validate the BSS descriptor. A local attacker could possibly use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-3846)\n\nJason Wang discovered that an infinite loop vulnerability existed in the virtio net driver in the Linux kernel. A local attacker in a guest VM could possibly use this to cause a denial of service in the host system. (CVE-2019-3900)\n\nDaniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered that the Bluetooth protocol BR/EDR specification did not properly require sufficiently strong encryption key lengths. A physicall proximate attacker could use this to expose sensitive information. (CVE-2019-9506)\n\nIt was discovered that the Appletalk IP encapsulation driver in the Linux kernel did not properly prevent kernel addresses from being copied to user space. A local attacker with the CAP_NET_ADMIN capability could use this to expose sensitive information.\n(CVE-2018-20511)\n\nIt was discovered that a race condition existed in the USB YUREX device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash).\n(CVE-2019-15216)\n\nIt was discovered that the Siano USB MDTV receiver device driver in the Linux kernel made improper assumptions about the device characteristics. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2019-15218)\n\nIt was discovered that the Line 6 POD USB device driver in the Linux kernel did not properly validate data size information from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15221)\n\nMuyu Yu discovered that the CAN implementation in the Linux kernel in some situations did not properly restrict the field size when processing outgoing frames. A local attacker with CAP_NET_ADMIN privileges could use this to execute arbitrary code. (CVE-2019-3701)\n\nVladis Dronov discovered that the debug interface for the Linux kernel's HID subsystem did not properly validate passed parameters in some situations. A local privileged attacker could use this to cause a denial of service (infinite loop). (CVE-2019-3819).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-09-03T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS : linux-aws vulnerabilities (USN-4118-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-13053", "CVE-2018-13093", "CVE-2018-13096", "CVE-2018-13097", "CVE-2018-13098", "CVE-2018-13099", "CVE-2018-13100", "CVE-2018-14609", "CVE-2018-14610", "CVE-2018-14611", "CVE-2018-14612", "CVE-2018-14613", "CVE-2018-14614", "CVE-2018-14615", "CVE-2018-14616", "CVE-2018-14617", "CVE-2018-16862", "CVE-2018-19985", "CVE-2018-20169", "CVE-2018-20511", "CVE-2018-20784", "CVE-2018-20856", "CVE-2018-5383", "CVE-2019-0136", "CVE-2019-10126", "CVE-2019-10207", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-11085", "CVE-2019-11487", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-11815", "CVE-2019-11833", "CVE-2019-11884", "CVE-2019-12818", "CVE-2019-12819", "CVE-2019-12984", "CVE-2019-13233", "CVE-2019-13272", "CVE-2019-13631", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-14763", "CVE-2019-15090", "CVE-2019-15211", "CVE-2019-15212", "CVE-2019-15214", "CVE-2019-15215", "CVE-2019-15216", "CVE-2019-15218", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15292", "CVE-2019-2024", "CVE-2019-2101", "CVE-2019-3701", "CVE-2019-3819", "CVE-2019-3846", "CVE-2019-3900", "CVE-2019-9506"], "modified": "2021-12-21T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts"], "id": "UBUNTU_USN-4118-1.NASL", "href": "https://www.tenable.com/plugins/nessus/128478", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4118-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128478);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/12/21\");\n\n script_cve_id(\"CVE-2018-13053\", \"CVE-2018-13093\", \"CVE-2018-13096\", \"CVE-2018-13097\", \"CVE-2018-13098\", \"CVE-2018-13099\", \"CVE-2018-13100\", \"CVE-2018-14609\", \"CVE-2018-14610\", \"CVE-2018-14611\", \"CVE-2018-14612\", \"CVE-2018-14613\", \"CVE-2018-14614\", \"CVE-2018-14615\", \"CVE-2018-14616\", \"CVE-2018-14617\", \"CVE-2018-16862\", \"CVE-2018-19985\", \"CVE-2018-20169\", \"CVE-2018-20511\", \"CVE-2018-20784\", \"CVE-2018-20856\", \"CVE-2018-5383\", \"CVE-2019-0136\", \"CVE-2019-10126\", \"CVE-2019-10207\", \"CVE-2019-10638\", \"CVE-2019-10639\", \"CVE-2019-11085\", \"CVE-2019-11487\", \"CVE-2019-11599\", \"CVE-2019-11810\", \"CVE-2019-11815\", \"CVE-2019-11833\", \"CVE-2019-11884\", \"CVE-2019-12818\", \"CVE-2019-12819\", \"CVE-2019-12984\", \"CVE-2019-13233\", \"CVE-2019-13272\", \"CVE-2019-13631\", \"CVE-2019-14283\", \"CVE-2019-14284\", \"CVE-2019-14763\", \"CVE-2019-15090\", \"CVE-2019-15211\", \"CVE-2019-15212\", \"CVE-2019-15214\", \"CVE-2019-15215\", \"CVE-2019-15216\", \"CVE-2019-15218\", \"CVE-2019-15220\", \"CVE-2019-15221\", \"CVE-2019-15292\", \"CVE-2019-2024\", \"CVE-2019-2101\", \"CVE-2019-3701\", \"CVE-2019-3819\", \"CVE-2019-3846\", \"CVE-2019-3900\", \"CVE-2019-9506\");\n script_xref(name:\"USN\", value:\"4118-1\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/10\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS : linux-aws vulnerabilities (USN-4118-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"It was discovered that the alarmtimer implementation in the Linux\nkernel contained an integer overflow vulnerability. A local attacker\ncould use this to cause a denial of service. (CVE-2018-13053)\n\nWen Xu discovered that the XFS filesystem implementation in the Linux\nkernel did not properly track inode validations. An attacker could use\nthis to construct a malicious XFS image that, when mounted, could\ncause a denial of service (system crash). (CVE-2018-13093)\n\nWen Xu discovered that the f2fs file system implementation in the\nLinux kernel did not properly validate metadata. An attacker could use\nthis to construct a malicious f2fs image that, when mounted, could\ncause a denial of service (system crash). (CVE-2018-13096,\nCVE-2018-13097, CVE-2018-13098, CVE-2018-13099, CVE-2018-13100,\nCVE-2018-14614, CVE-2018-14615, CVE-2018-14616)\n\nWen Xu and Po-Ning Tseng discovered that btrfs file system\nimplementation in the Linux kernel did not properly validate metadata.\nAn attacker could use this to construct a malicious btrfs image that,\nwhen mounted, could cause a denial of service (system crash).\n(CVE-2018-14609, CVE-2018-14610, CVE-2018-14611, CVE-2018-14612,\nCVE-2018-14613)\n\nWen Xu discovered that the HFS+ filesystem implementation in the Linux\nkernel did not properly handle malformed catalog data in some\nsituations. An attacker could use this to construct a malicious HFS+\nimage that, when mounted, could cause a denial of service (system\ncrash). (CVE-2018-14617)\n\nVasily Averin and Pavel Tikhomirov discovered that the cleancache\nsubsystem of the Linux kernel did not properly initialize new files in\nsome situations. A local attacker could use this to expose sensitive\ninformation. (CVE-2018-16862)\n\nHui Peng and Mathias Payer discovered that the Option USB High Speed\ndriver in the Linux kernel did not properly validate metadata received\nfrom the device. A physically proximate attacker could use this to\ncause a denial of service (system crash). (CVE-2018-19985)\n\nHui Peng and Mathias Payer discovered that the USB subsystem in the\nLinux kernel did not properly handle size checks when handling an\nextra USB descriptor. A physically proximate attacker could use this\nto cause a denial of service (system crash). (CVE-2018-20169)\n\nZhipeng Xie discovered that an infinite loop could triggered in the\nCFS Linux kernel process scheduler. A local attacker could possibly\nuse this to cause a denial of service. (CVE-2018-20784)\n\nIt was discovered that a use-after-free error existed in the block\nlayer subsystem of the Linux kernel when certain failure conditions\noccurred. A local attacker could possibly use this to cause a denial\nof service (system crash) or possibly execute arbitrary code.\n(CVE-2018-20856)\n\nEli Biham and Lior Neumann discovered that the Bluetooth\nimplementation in the Linux kernel did not properly validate elliptic\ncurve parameters during Diffie-Hellman key exchange in some\nsituations. An attacker could use this to expose sensitive\ninformation. (CVE-2018-5383)\n\nIt was discovered that the Intel wifi device driver in the Linux\nkernel did not properly validate certain Tunneled Direct Link Setup\n(TDLS). A physically proximate attacker could use this to cause a\ndenial of service (wifi disconnect). (CVE-2019-0136)\n\nIt was discovered that a heap buffer overflow existed in the Marvell\nWireless LAN device driver for the Linux kernel. An attacker could use\nthis to cause a denial of service (system crash) or possibly execute\narbitrary code. (CVE-2019-10126)\n\nIt was discovered that the Bluetooth UART implementation in the Linux\nkernel did not properly check for missing tty operations. A local\nattacker could use this to cause a denial of service. (CVE-2019-10207)\n\nAmit Klein and Benny Pinkas discovered that the Linux kernel did not\nsufficiently randomize IP ID values generated for connectionless\nnetworking protocols. A remote attacker could use this to track\nparticular Linux devices. (CVE-2019-10638)\n\nAmit Klein and Benny Pinkas discovered that the location of kernel\naddresses could exposed by the implementation of connection-less\nnetwork protocols in the Linux kernel. A remote attacker could\npossibly use this to assist in the exploitation of another\nvulnerability in the Linux kernel. (CVE-2019-10639)\n\nAdam Zabrocki discovered that the Intel i915 kernel mode graphics\ndriver in the Linux kernel did not properly restrict mmap() ranges in\nsome situations. A local attacker could use this to cause a denial of\nservice (system crash) or possibly execute arbitrary code.\n(CVE-2019-11085)\n\nIt was discovered that an integer overflow existed in the Linux kernel\nwhen reference counting pages, leading to potential use-after-free\nissues. A local attacker could use this to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2019-11487)\n\nJann Horn discovered that a race condition existed in the Linux kernel\nwhen performing core dumps. A local attacker could use this to cause a\ndenial of service (system crash) or expose sensitive information.\n(CVE-2019-11599)\n\nIt was discovered that a NULL pointer dereference vulnerability\nexisted in the LSI Logic MegaRAID driver in the Linux kernel. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2019-11810)\n\nIt was discovered that a race condition leading to a use-after-free\nexisted in the Reliable Datagram Sockets (RDS) protocol implementation\nin the Linux kernel. The RDS protocol is blacklisted by default in\nUbuntu. If enabled, a local attacker could use this to cause a denial\nof service (system crash) or possibly execute arbitrary code.\n(CVE-2019-11815)\n\nIt was discovered that the ext4 file system implementation in the\nLinux kernel did not properly zero out memory in some situations. A\nlocal attacker could use this to expose sensitive information (kernel\nmemory). (CVE-2019-11833)\n\nIt was discovered that the Bluetooth Human Interface Device Protocol\n(HIDP) implementation in the Linux kernel did not properly verify\nstrings were NULL terminated in certain situations. A local attacker\ncould use this to expose sensitive information (kernel memory).\n(CVE-2019-11884)\n\nIt was discovered that a NULL pointer dereference vulnerabilty existed\nin the Near-field communication (NFC) implementation in the Linux\nkernel. An attacker could use this to cause a denial of service\n(system crash). (CVE-2019-12818)\n\nIt was discovered that the MDIO bus devices subsystem in the Linux\nkernel improperly dropped a device reference in an error condition,\nleading to a use-after-free. An attacker could use this to cause a\ndenial of service (system crash). (CVE-2019-12819)\n\nIt was discovered that a NULL pointer dereference vulnerability\nexisted in the Near-field communication (NFC) implementation in the\nLinux kernel. A local attacker could use this to cause a denial of\nservice (system crash). (CVE-2019-12984)\n\nJann Horn discovered a use-after-free vulnerability in the Linux\nkernel when accessing LDT entries in some situations. A local attacker\ncould use this to cause a denial of service (system crash) or possibly\nexecute arbitrary code. (CVE-2019-13233)\n\nJann Horn discovered that the ptrace implementation in the Linux\nkernel did not properly record credentials in some situations. A local\nattacker could use this to cause a denial of service (system crash) or\npossibly gain administrative privileges. (CVE-2019-13272)\n\nIt was discovered that the GTCO tablet input driver in the Linux\nkernel did not properly bounds check the initial HID report sent by\nthe device. A physically proximate attacker could use to cause a\ndenial of service (system crash) or possibly execute arbitrary code.\n(CVE-2019-13631)\n\nIt was discovered that the floppy driver in the Linux kernel did not\nproperly validate meta data, leading to a buffer overread. A local\nattacker could use this to cause a denial of service (system crash).\n(CVE-2019-14283)\n\nIt was discovered that the floppy driver in the Linux kernel did not\nproperly validate ioctl() calls, leading to a division-by-zero. A\nlocal attacker could use this to cause a denial of service (system\ncrash). (CVE-2019-14284)\n\nTuba Yavuz discovered that a race condition existed in the DesignWare\nUSB3 DRD Controller device driver in the Linux kernel. A physically\nproximate attacker could use this to cause a denial of service.\n(CVE-2019-14763)\n\nIt was discovered that an out-of-bounds read existed in the QLogic\nQEDI iSCSI Initiator Driver in the Linux kernel. A local attacker\ncould possibly use this to expose sensitive information (kernel\nmemory). (CVE-2019-15090)\n\nIt was discovered that the Raremono AM/FM/SW radio device driver in\nthe Linux kernel did not properly allocate memory, leading to a\nuse-after-free. A physically proximate attacker could use this to\ncause a denial of service or possibly execute arbitrary code.\n(CVE-2019-15211)\n\nIt was discovered at a double-free error existed in the USB Rio 500\ndevice driver for the Linux kernel. A physically proximate attacker\ncould use this to cause a denial of service. (CVE-2019-15212)\n\nIt was discovered that a race condition existed in the Advanced Linux\nSound Architecture (ALSA) subsystem of the Linux kernel, leading to a\npotential use-after-free. A physically proximate attacker could use\nthis to cause a denial of service (system crash) pro possibly execute\narbitrary code. (CVE-2019-15214)\n\nIt was discovered that a race condition existed in the CPiA2\nvideo4linux device driver for the Linux kernel, leading to a\nuse-after-free. A physically proximate attacker could use this to\ncause a denial of service (system crash) or possibly execute arbitrary\ncode. (CVE-2019-15215)\n\nIt was discovered that a race condition existed in the Softmac USB\nPrism54 device driver in the Linux kernel. A physically proximate\nattacker could use this to cause a denial of service (system crash).\n(CVE-2019-15220)\n\nIt was discovered that a use-after-free vulnerability existed in the\nAppletalk implementation in the Linux kernel if an error occurs during\ninitialization. A local attacker could use this to cause a denial of\nservice (system crash). (CVE-2019-15292)\n\nIt was discovered that the Empia EM28xx DVB USB device driver\nimplementation in the Linux kernel contained a use-after-free\nvulnerability when disconnecting the device. An attacker could use\nthis to cause a denial of service (system crash). (CVE-2019-2024)\n\nIt was discovered that the USB video device class implementation in\nthe Linux kernel did not properly validate control bits, resulting in\nan out of bounds buffer read. A local attacker could use this to\npossibly expose sensitive information (kernel memory). (CVE-2019-2101)\n\nIt was discovered that the Marvell Wireless LAN device driver in the\nLinux kernel did not properly validate the BSS descriptor. A local\nattacker could possibly use this to cause a denial of service (system\ncrash) or possibly execute arbitrary code. (CVE-2019-3846)\n\nJason Wang discovered that an infinite loop vulnerability existed in\nthe virtio net driver in the Linux kernel. A local attacker in a guest\nVM could possibly use this to cause a denial of service in the host\nsystem. (CVE-2019-3900)\n\nDaniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen\ndiscovered that the Bluetooth protocol BR/EDR specification did not\nproperly require sufficiently strong encryption key lengths. A\nphysicall proximate attacker could use this to expose sensitive\ninformation. (CVE-2019-9506)\n\nIt was discovered that the Appletalk IP encapsulation driver in the\nLinux kernel did not properly prevent kernel addresses from being\ncopied to user space. A local attacker with the CAP_NET_ADMIN\ncapability could use this to expose sensitive information.\n(CVE-2018-20511)\n\nIt was discovered that a race condition existed in the USB YUREX\ndevice driver in the Linux kernel. A physically proximate attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2019-15216)\n\nIt was discovered that the Siano USB MDTV receiver device driver in\nthe Linux kernel made improper assumptions about the device\ncharacteristics. A physically proximate attacker could use this cause\na denial of service (system crash). (CVE-2019-15218)\n\nIt was discovered that the Line 6 POD USB device driver in the Linux\nkernel did not properly validate data size information from the\ndevice. A physically proximate attacker could use this to cause a\ndenial of service (system crash). (CVE-2019-15221)\n\nMuyu Yu discovered that the CAN implementation in the Linux kernel in\nsome situations did not properly restrict the field size when\nprocessing outgoing frames. A local attacker with CAP_NET_ADMIN\nprivileges could use this to execute arbitrary code. (CVE-2019-3701)\n\nVladis Dronov discovered that the debug interface for the Linux\nkernel's HID subsystem did not properly validate passed parameters in\nsome situations. A local privileged attacker could use this to cause a\ndenial of service (infinite loop). (CVE-2019-3819).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4118-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Update the affected linux-image-4.15-aws, linux-image-aws and / or\nlinux-image-aws-hwe packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Polkit pkexec helper PTRACE_TRACEME local root exploit');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.15-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws-hwe\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/07/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/09/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/09/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2021 Canonical, Inc. / NASL script (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"ksplice.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2018-13053\", \"CVE-2018-13093\", \"CVE-2018-13096\", \"CVE-2018-13097\", \"CVE-2018-13098\", \"CVE-2018-13099\", \"CVE-2018-13100\", \"CVE-2018-14609\", \"CVE-2018-14610\", \"CVE-2018-14611\", \"CVE-2018-14612\", \"CVE-2018-14613\", \"CVE-2018-14614\", \"CVE-2018-14615\", \"CVE-2018-14616\", \"CVE-2018-14617\", \"CVE-2018-16862\", \"CVE-2018-19985\", \"CVE-2018-20169\", \"CVE-2018-20511\", \"CVE-2018-20784\", \"CVE-2018-20856\", \"CVE-2018-5383\", \"CVE-2019-0136\", \"CVE-2019-10126\", \"CVE-2019-10207\", \"CVE-2019-10638\", \"CVE-2019-10639\", \"CVE-2019-11085\", \"CVE-2019-11487\", \"CVE-2019-11599\", \"CVE-2019-11810\", \"CVE-2019-11815\", \"CVE-2019-11833\", \"CVE-2019-11884\", \"CVE-2019-12818\", \"CVE-2019-12819\", \"CVE-2019-12984\", \"CVE-2019-13233\", \"CVE-2019-13272\", \"CVE-2019-13631\", \"CVE-2019-14283\", \"CVE-2019-14284\", \"CVE-2019-14763\", \"CVE-2019-15090\", \"CVE-2019-15211\", \"CVE-2019-15212\", \"CVE-2019-15214\", \"CVE-2019-15215\", \"CVE-2019-15216\", \"CVE-2019-15218\", \"CVE-2019-15220\", \"CVE-2019-15221\", \"CVE-2019-15292\", \"CVE-2019-2024\", \"CVE-2019-2101\", \"CVE-2019-3701\", \"CVE-2019-3819\", \"CVE-2019-3846\", \"CVE-2019-3900\", \"CVE-2019-9506\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for USN-4118-1\");\n }\n else\n {\n _ubuntu_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-4.15.0-1047-aws\", pkgver:\"4.15.0-1047.49~16.04.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"linux-image-aws-hwe\", pkgver:\"4.15.0.1047.47\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-4.15.0-1047-aws\", pkgver:\"4.15.0-1047.49\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"linux-image-aws\", pkgver:\"4.15.0.1047.46\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"linux-image-4.15-aws / linux-image-aws / linux-image-aws-hwe\");\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-12-11T14:43:31", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-12-04T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-4211-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20784", "CVE-2019-17075", "CVE-2019-17133"], "modified": "2019-12-10T00:00:00", "id": "OPENVAS:1361412562310844256", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844256", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844256\");\n script_version(\"2019-12-10T07:34:00+0000\");\n script_cve_id(\"CVE-2018-20784\", \"CVE-2019-17133\", \"CVE-2019-17075\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-12-10 07:34:00 +0000 (Tue, 10 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-12-04 03:01:42 +0000 (Wed, 04 Dec 2019)\");\n script_name(\"Ubuntu Update for linux USN-4211-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU16\\.04 LTS\");\n\n script_xref(name:\"USN\", value:\"4211-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-December/005229.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the USN-4211-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Zhipeng Xie discovered that an infinite loop could be triggered in the CFS\nLinux kernel process scheduler. A local attacker could possibly use this to\ncause a denial of service. (CVE-2018-20784)\n\nNicolas Waisman discovered that the WiFi driver stack in the Linux kernel\ndid not properly validate SSID lengths. A physically proximate attacker\ncould use this to cause a denial of service (system crash).\n(CVE-2019-17133)\n\nNicolas Waisman discovered that the Chelsio T4/T5 RDMA Driver for the Linux\nkernel performed DMA from a kernel stack. A local attacker could use this\nto cause a denial of service (system crash). (CVE-2019-17075)\");\n\n script_tag(name:\"affected\", value:\"'linux' package(s) on Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-1063-kvm\", ver:\"4.4.0-1063.70\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-1099-aws\", ver:\"4.4.0-1099.110\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-1126-raspi2\", ver:\"4.4.0-1126.135\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-1130-snapdragon\", ver:\"4.4.0-1130.138\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-170-generic\", ver:\"4.4.0-170.199\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-170-generic-lpae\", ver:\"4.4.0-170.199\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-170-lowlatency\", ver:\"4.4.0-170.199\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-170-powerpc-e500mc\", ver:\"4.4.0-170.199\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-170-powerpc-smp\", ver:\"4.4.0-170.199\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-170-powerpc64-emb\", ver:\"4.4.0-170.199\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.4.0-170-powerpc64-smp\", ver:\"4.4.0-170.199\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.4.0.1099.103\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.4.0.170.178\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.4.0.170.178\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-kvm\", ver:\"4.4.0.1063.63\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.4.0.170.178\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.4.0.170.178\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.4.0.170.178\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"4.4.0.170.178\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"4.4.0.170.178\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.4.0.1126.126\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-snapdragon\", ver:\"4.4.0.1130.122\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-virtual\", ver:\"4.4.0.170.178\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-05T16:39:00", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1520)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-7825", "CVE-2018-20784", "CVE-2015-2922", "CVE-2015-7550", "CVE-2014-3647", "CVE-2018-10881", "CVE-2017-18261", "CVE-2018-13099", "CVE-2017-7294", "CVE-2016-8630", "CVE-2018-1120", "CVE-2014-2309", "CVE-2016-4485", "CVE-2016-4482", "CVE-2016-3136", "CVE-2016-8646", "CVE-2013-7269", "CVE-2018-14612", "CVE-2014-7826", "CVE-2017-18221", "CVE-2015-4036"], "modified": "2020-02-05T00:00:00", "id": "OPENVAS:1361412562311220191520", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191520", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1520\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2013-7269\", \"CVE-2014-2309\", \"CVE-2014-3647\", \"CVE-2014-7826\", \"CVE-2015-2922\", \"CVE-2015-4036\", \"CVE-2015-7550\", \"CVE-2016-3136\", \"CVE-2016-4482\", \"CVE-2016-4485\", \"CVE-2016-8630\", \"CVE-2016-8646\", \"CVE-2017-18221\", \"CVE-2017-18261\", \"CVE-2017-7294\", \"CVE-2018-10881\", \"CVE-2018-1120\", \"CVE-2018-13099\", \"CVE-2018-14612\", \"CVE-2018-20784\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:02:59 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1520)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1520\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1520\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1520 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Array index error in the tcm_vhost_make_tpg function in drivers/vhost/scsi.c in the Linux kernel before 4.0 might allow guest OS users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted VHOST_SCSI_SET_ENDPOINT ioctl call. NOTE: the affected function was renamed to vhost_scsi_make_tpg before the vulnerability was announced.(CVE-2015-4036)\n\nThe llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows attackers to obtain sensitive information from kernel stack memory by reading a message.(CVE-2016-4485)\n\nThe nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which allows local users to obtain sensitive information from kernel memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.(CVE-2013-7269)\n\nThe mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.(CVE-2016-3136)\n\nAn out-of-bounds memory access flaw, CVE-2014-7825, was found in the syscall tracing functionality of the Linux kernel's perf subsystem. A local, unprivileged user could use this flaw to crash the system. Additionally, an out-of-bounds memory access flaw, CVE-2014-7826, was found in the syscall tracing functionality of the Linux kernel's ftrace subsystem. On a system with ftrace syscall tracing enabled, a local, unprivileged user could use this flaw to crash the system, or escalate their privileges.(CVE-2014-7826)\n\nLinux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support is vulnerable to a null pointer dereference flaw. It could occur on x86 platform, when emulating an undefined instruction. An attacker could use this flaw to crash the host kernel resulting in DoS.(CVE-2016-8630)\n\nA flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.(CVE-2018-10881)\n\nThe arch_timer_reg_read_stable macro in arch/arm64/include/asm/arch_timer.h in the Linux kernel before 4.13 allows local users to cause a denial of service (infinite recursion) by writing to a file under /sys/kernel/debug in certain circumstances, as demonstrated by a sc ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-09-17T00:36:24", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-09-12T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-4115-2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-14763", "CVE-2019-15218", "CVE-2019-15090", "CVE-2019-3900", "CVE-2019-0136", "CVE-2019-14284", "CVE-2019-10639", "CVE-2018-20784", "CVE-2019-15216", "CVE-2019-15211", "CVE-2019-13648", "CVE-2019-9506", "CVE-2019-15215", "CVE-2019-13631", "CVE-2019-10207", "CVE-2019-15220", "CVE-2019-11810", "CVE-2019-15212", "CVE-2019-11599", "CVE-2019-15221", "CVE-2019-10638", "CVE-2019-3701", "CVE-2019-15292", "CVE-2019-11487", "CVE-2019-15214", "CVE-2019-3819", "CVE-2018-19985", "CVE-2019-14283"], "modified": "2019-09-16T00:00:00", "id": "OPENVAS:1361412562310844174", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844174", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844174\");\n script_version(\"2019-09-16T07:48:47+0000\");\n script_cve_id(\"CVE-2018-19985\", \"CVE-2018-20784\", \"CVE-2019-0136\", \"CVE-2019-10207\", \"CVE-2019-10638\", \"CVE-2019-10639\", \"CVE-2019-11487\", \"CVE-2019-11599\", \"CVE-2019-11810\", \"CVE-2019-13631\", \"CVE-2019-13648\", \"CVE-2019-14283\", \"CVE-2019-14284\", \"CVE-2019-14763\", \"CVE-2019-15090\", \"CVE-2019-15211\", \"CVE-2019-15212\", \"CVE-2019-15214\", \"CVE-2019-15215\", \"CVE-2019-15220\", \"CVE-2019-15292\", \"CVE-2019-3900\", \"CVE-2019-9506\", \"CVE-2019-15216\", \"CVE-2019-15218\", \"CVE-2019-15221\", \"CVE-2019-3701\", \"CVE-2019-3819\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-09-16 07:48:47 +0000 (Mon, 16 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-09-12 02:01:51 +0000 (Thu, 12 Sep 2019)\");\n script_name(\"Ubuntu Update for linux USN-4115-2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.04 LTS|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4115-2\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-September/005111.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the USN-4115-2 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"USN 4115-1 fixed vulnerabilities in the Linux 4.15 kernel for Ubuntu\n18.04 LTS and Ubuntu 16.04 LTS. Unfortunately, as part of the update,\na regression was introduced that caused a kernel crash when handling\nfragmented packets in some situations. This update addresses the issue.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nHui Peng and Mathias Payer discovered that the Option USB High Speed driver\nin the Linux kernel did not properly validate metadata received from the\ndevice. A physically proximate attacker could use this to cause a denial of\nservice (system crash). (CVE-2018-19985)\n\nZhipeng Xie discovered that an infinite loop could triggered in the CFS\nLinux kernel process scheduler. A local attacker could possibly use this to\ncause a denial of service. (CVE-2018-20784)\n\nIt was discovered that the Intel Wi-Fi device driver in the Linux kernel did\nnot properly validate certain Tunneled Direct Link Setup (TDLS). A\nphysically proximate attacker could use this to cause a denial of service\n(Wi-Fi disconnect). (CVE-2019-0136)\n\nIt was discovered that the Bluetooth UART implementation in the Linux\nkernel did not properly check for missing tty operations. A local attacker\ncould use this to cause a denial of service. (CVE-2019-10207)\n\nAmit Klein and Benny Pinkas discovered that the Linux kernel did not\nsufficiently randomize IP ID values generated for connectionless networking\nprotocols. A remote attacker could use this to track particular Linux\ndevices. (CVE-2019-10638)\n\nAmit Klein and Benny Pinkas discovered that the location of kernel\naddresses could be exposed by the implementation of connection-less network\nprotocols in the Linux kernel. A remote attacker could possibly use this to\nassist in the exploitation of another vulnerability in the Linux kernel.\n(CVE-2019-10639)\n\nIt was discovered that an integer overflow existed in the Linux kernel when\nreference counting pages, leading to potential use-after-free issues. A\nlocal attacker could use this to cause a denial of service (system crash)\nor possibly execute arbitrary code. (CVE-2019-11487)\n\nJann Horn discovered that a race condition existed in the Linux kernel when\nperforming core dumps. A local attacker could use this to cause a denial of\nservice (system crash) or expose sensitive information. (CVE-2019-11599)\n\nIt was discovered that a null pointer dereference vulnerability existed in\nthe LSI Logic MegaRAID driver in the Linux kernel. A local attacker could\nuse this to cause a denial of service (system crash). (CVE-2019-11810)\n\nIt was discovered that the GTCO tablet input driver in the Linux kernel did ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'linux' package(s) on Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1023-oracle\", ver:\"4.15.0-1023.26\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1042-gke\", ver:\"4.15.0-1042.44\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1044-kvm\", ver:\"4.15.0-1044.44\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1045-raspi2\", ver:\"4.15.0-1045.49\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1048-aws\", ver:\"4.15.0-1048.50\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-62-generic\", ver:\"4.15.0-62.69\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-62-generic-lpae\", ver:\"4.15.0-62.69\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-62-lowlatency\", ver:\"4.15.0-62.69\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.15.0.1048.47\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.15.0.62.64\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.15.0.62.64\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"4.15.0.1042.45\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gke-4.15\", ver:\"4.15.0.1042.45\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-kvm\", ver:\"4.15.0.1044.44\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.15.0.62.64\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-oracle\", ver:\"4.15.0.1023.26\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.15.0.62.64\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.15.0.62.64\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"4.15.0.62.64\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"4.15.0.62.64\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.15.0.1045.43\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-virtual\", ver:\"4.15.0.62.64\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1023-oracle\", ver:\"4.15.0-1023.26~16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1042-gcp\", ver:\"4.15.0-1042.44\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1048-aws\", ver:\"4.15.0-1048.50~16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1057-azure\", ver:\"4.15.0-1057.62\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-62-generic\", ver:\"4.15.0-62.69~16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-62-generic-lpae\", ver:\"4.15.0-62.69~16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-62-lowlatency\", ver:\"4.15.0-62.69~16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-aws-hwe\", ver:\"4.15.0.1048.48\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-azure\", ver:\"4.15.0.1057.60\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gcp\", ver:\"4.15.0.1042.56\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic-hwe-16.04\", ver:\"4.15.0.62.82\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic-lpae-hwe-16.04\", ver:\"4.15.0.62.82\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"4.15.0.1042.56\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-lowlatency-hwe-16.04\", ver:\"4.15.0.62.82\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-oem\", ver:\"4.15.0.62.82\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-oracle\", ver:\"4.15.0.1023.17\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-virtual-hwe-16.04\", ver:\"4.15.0.62.82\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-09-06T18:54:00", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-09-03T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux USN-4115-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-14763", "CVE-2019-15218", "CVE-2019-15090", "CVE-2019-3900", "CVE-2019-0136", "CVE-2019-14284", "CVE-2019-10639", "CVE-2018-20784", "CVE-2019-15216", "CVE-2019-15211", "CVE-2019-13648", "CVE-2019-9506", "CVE-2019-15215", "CVE-2019-13631", "CVE-2019-10207", "CVE-2019-15220", "CVE-2019-11810", "CVE-2019-15212", "CVE-2019-11599", "CVE-2019-15221", "CVE-2019-10638", "CVE-2019-3701", "CVE-2019-15292", "CVE-2019-11487", "CVE-2019-15214", "CVE-2019-3819", "CVE-2018-19985", "CVE-2019-14283"], "modified": "2019-09-05T00:00:00", "id": "OPENVAS:1361412562310844156", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844156", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844156\");\n script_version(\"2019-09-05T09:53:24+0000\");\n script_cve_id(\"CVE-2018-19985\", \"CVE-2018-20784\", \"CVE-2019-0136\", \"CVE-2019-10207\", \"CVE-2019-10638\", \"CVE-2019-10639\", \"CVE-2019-11487\", \"CVE-2019-11599\", \"CVE-2019-11810\", \"CVE-2019-13631\", \"CVE-2019-13648\", \"CVE-2019-14283\", \"CVE-2019-14284\", \"CVE-2019-14763\", \"CVE-2019-15090\", \"CVE-2019-15211\", \"CVE-2019-15212\", \"CVE-2019-15214\", \"CVE-2019-15215\", \"CVE-2019-15220\", \"CVE-2019-15292\", \"CVE-2019-3900\", \"CVE-2019-9506\", \"CVE-2019-15216\", \"CVE-2019-15218\", \"CVE-2019-15221\", \"CVE-2019-3701\", \"CVE-2019-3819\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-09-05 09:53:24 +0000 (Thu, 05 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-09-03 02:01:18 +0000 (Tue, 03 Sep 2019)\");\n script_name(\"Ubuntu Update for linux USN-4115-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.04 LTS|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4115-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-September/005093.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux'\n package(s) announced via the USN-4115-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Hui Peng and Mathias Payer discovered that the Option USB High Speed driver\nin the Linux kernel did not properly validate metadata received from the\ndevice. A physically proximate attacker could use this to cause a denial of\nservice (system crash). (CVE-2018-19985)\n\nZhipeng Xie discovered that an infinite loop could triggered in the CFS\nLinux kernel process scheduler. A local attacker could possibly use this to\ncause a denial of service. (CVE-2018-20784)\n\nIt was discovered that the Intel wifi device driver in the Linux kernel did\nnot properly validate certain Tunneled Direct Link Setup (TDLS). A\nphysically proximate attacker could use this to cause a denial of service\n(wifi disconnect). (CVE-2019-0136)\n\nIt was discovered that the Bluetooth UART implementation in the Linux\nkernel did not properly check for missing tty operations. A local attacker\ncould use this to cause a denial of service. (CVE-2019-10207)\n\nAmit Klein and Benny Pinkas discovered that the Linux kernel did not\nsufficiently randomize IP ID values generated for connectionless networking\nprotocols. A remote attacker could use this to track particular Linux\ndevices. (CVE-2019-10638)\n\nAmit Klein and Benny Pinkas discovered that the location of kernel\naddresses could exposed by the implementation of connection-less network\nprotocols in the Linux kernel. A remote attacker could possibly use this to\nassist in the exploitation of another vulnerability in the Linux kernel.\n(CVE-2019-10639)\n\nIt was discovered that an integer overflow existed in the Linux kernel when\nreference counting pages, leading to potential use-after-free issues. A\nlocal attacker could use this to cause a denial of service (system crash)\nor possibly execute arbitrary code. (CVE-2019-11487)\n\nJann Horn discovered that a race condition existed in the Linux kernel when\nperforming core dumps. A local attacker could use this to cause a denial of\nservice (system crash) or expose sensitive information. (CVE-2019-11599)\n\nIt was discovered that a null pointer dereference vulnerability existed in\nthe LSI Logic MegaRAID driver in the Linux kernel. A local attacker could\nuse this to cause a denial of service (system crash). (CVE-2019-11810)\n\nIt was discovered that the GTCO tablet input driver in the Linux kernel did\nnot properly bounds check the initial HID report sent by the device. A\nphysically proximate attacker could use to cause a denial of service\n(system crash) or possibly execute arbitrary code. (CVE-2019-13631)\n\nPraveen Pandey discovered that the Linux kernel did not properly validate\nsent signals in some situations on PowerPC systems with transaction ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'linux' package(s) on Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1022-oracle\", ver:\"4.15.0-1022.25\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1041-gke\", ver:\"4.15.0-1041.43\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1043-kvm\", ver:\"4.15.0-1043.43\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1044-raspi2\", ver:\"4.15.0-1044.47\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-60-generic\", ver:\"4.15.0-60.67\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-60-generic-lpae\", ver:\"4.15.0-60.67\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-60-lowlatency\", ver:\"4.15.0-60.67\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic\", ver:\"4.15.0.60.62\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic-lpae\", ver:\"4.15.0.60.62\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"4.15.0.1041.44\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gke-4.15\", ver:\"4.15.0.1041.44\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-kvm\", ver:\"4.15.0.1043.43\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-lowlatency\", ver:\"4.15.0.60.62\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-oracle\", ver:\"4.15.0.1022.25\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc-e500mc\", ver:\"4.15.0.60.62\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc-smp\", ver:\"4.15.0.60.62\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc64-emb\", ver:\"4.15.0.60.62\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-powerpc64-smp\", ver:\"4.15.0.60.62\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-raspi2\", ver:\"4.15.0.1044.42\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-virtual\", ver:\"4.15.0.60.62\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1022-oracle\", ver:\"4.15.0-1022.25~16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1041-gcp\", ver:\"4.15.0-1041.43\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1056-azure\", ver:\"4.15.0-1056.61\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-60-generic\", ver:\"4.15.0-60.67~16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-60-generic-lpae\", ver:\"4.15.0-60.67~16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-60-lowlatency\", ver:\"4.15.0-60.67~16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-azure\", ver:\"4.15.0.1056.59\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gcp\", ver:\"4.15.0.1041.55\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic-hwe-16.04\", ver:\"4.15.0.60.81\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-generic-lpae-hwe-16.04\", ver:\"4.15.0.60.81\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-gke\", ver:\"4.15.0.1041.55\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-lowlatency-hwe-16.04\", ver:\"4.15.0.60.81\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-oem\", ver:\"4.15.0.60.81\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-oracle\", ver:\"4.15.0.1022.16\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-virtual-hwe-16.04\", ver:\"4.15.0.60.81\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-09-06T18:52:42", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-09-03T00:00:00", "type": "openvas", "title": "Ubuntu Update for linux-aws USN-4118-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-14609", "CVE-2019-14763", "CVE-2019-15218", "CVE-2018-13053", "CVE-2019-15090", "CVE-2019-3900", "CVE-2018-14610", "CVE-2018-13096", "CVE-2019-0136", "CVE-2018-13098", "CVE-2019-14284", "CVE-2019-12984", "CVE-2019-10639", "CVE-2018-20784", "CVE-2019-15216", "CVE-2018-13100", "CVE-2019-15211", "CVE-2018-14615", "CVE-2019-12819", "CVE-2018-13093", "CVE-2019-11085", "CVE-2018-13099", "CVE-2019-13272", "CVE-2019-9506", "CVE-2019-15215", "CVE-2019-13631", "CVE-2018-16862", "CVE-2019-11884", "CVE-2019-10207", "CVE-2019-15220", "CVE-2019-11810", "CVE-2019-11833", "CVE-2019-15212", "CVE-2019-11599", "CVE-2019-15221", "CVE-2018-14614", "CVE-2019-10638", "CVE-2018-14617", "CVE-2018-20856", "CVE-2019-12818", "CVE-2019-3701", "CVE-2019-15292", "CVE-2019-11487", "CVE-2018-14612", "CVE-2019-2024", "CVE-2019-11815", "CVE-2018-14611", "CVE-2018-13097", "CVE-2019-15214", "CVE-2019-3846", "CVE-2018-20169", "CVE-2018-5383", "CVE-2019-2101", "CVE-2019-10126", "CVE-2019-13233", "CVE-2019-3819", "CVE-2018-19985", "CVE-2018-14616", "CVE-2018-20511", "CVE-2018-14613", "CVE-2019-14283"], "modified": "2019-09-05T00:00:00", "id": "OPENVAS:1361412562310844159", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844159", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844159\");\n script_version(\"2019-09-05T09:53:24+0000\");\n script_cve_id(\"CVE-2018-13053\", \"CVE-2018-13093\", \"CVE-2018-13096\", \"CVE-2018-13097\", \"CVE-2018-13098\", \"CVE-2018-13099\", \"CVE-2018-13100\", \"CVE-2018-14614\", \"CVE-2018-14615\", \"CVE-2018-14616\", \"CVE-2018-14609\", \"CVE-2018-14610\", \"CVE-2018-14611\", \"CVE-2018-14612\", \"CVE-2018-14613\", \"CVE-2018-14617\", \"CVE-2018-16862\", \"CVE-2018-19985\", \"CVE-2018-20169\", \"CVE-2018-20784\", \"CVE-2018-20856\", \"CVE-2018-5383\", \"CVE-2019-0136\", \"CVE-2019-10126\", \"CVE-2019-10207\", \"CVE-2019-10638\", \"CVE-2019-10639\", \"CVE-2019-11085\", \"CVE-2019-11487\", \"CVE-2019-11599\", \"CVE-2019-11810\", \"CVE-2019-11815\", \"CVE-2019-11833\", \"CVE-2019-11884\", \"CVE-2019-12818\", \"CVE-2019-12819\", \"CVE-2019-12984\", \"CVE-2019-13233\", \"CVE-2019-13272\", \"CVE-2019-13631\", \"CVE-2019-14283\", \"CVE-2019-14284\", \"CVE-2019-14763\", \"CVE-2019-15090\", \"CVE-2019-15211\", \"CVE-2019-15212\", \"CVE-2019-15214\", \"CVE-2019-15215\", \"CVE-2019-15220\", \"CVE-2019-15292\", \"CVE-2019-2024\", \"CVE-2019-2101\", \"CVE-2019-3846\", \"CVE-2019-3900\", \"CVE-2019-9506\", \"CVE-2018-20511\", \"CVE-2019-15216\", \"CVE-2019-15218\", \"CVE-2019-15221\", \"CVE-2019-3701\", \"CVE-2019-3819\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-09-05 09:53:24 +0000 (Thu, 05 Sep 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-09-03 02:02:11 +0000 (Tue, 03 Sep 2019)\");\n script_name(\"Ubuntu Update for linux-aws USN-4118-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.04 LTS|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4118-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-September/005096.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'linux-aws'\n package(s) announced via the USN-4118-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that the alarmtimer implementation in the Linux kernel\ncontained an integer overflow vulnerability. A local attacker could use\nthis to cause a denial of service. (CVE-2018-13053)\n\nWen Xu discovered that the XFS filesystem implementation in the Linux\nkernel did not properly track inode validations. An attacker could use this\nto construct a malicious XFS image that, when mounted, could cause a denial\nof service (system crash). (CVE-2018-13093)\n\nWen Xu discovered that the f2fs file system implementation in the Linux\nkernel did not properly validate metadata. An attacker could use this to\nconstruct a malicious f2fs image that, when mounted, could cause a denial\nof service (system crash). (CVE-2018-13096, CVE-2018-13097, CVE-2018-13098,\nCVE-2018-13099, CVE-2018-13100, CVE-2018-14614, CVE-2018-14615,\nCVE-2018-14616)\n\nWen Xu and Po-Ning Tseng discovered that btrfs file system implementation\nin the Linux kernel did not properly validate metadata. An attacker could\nuse this to construct a malicious btrfs image that, when mounted, could\ncause a denial of service (system crash). (CVE-2018-14609, CVE-2018-14610,\nCVE-2018-14611, CVE-2018-14612, CVE-2018-14613)\n\nWen Xu discovered that the HFS+ filesystem implementation in the Linux\nkernel did not properly handle malformed catalog data in some situations.\nAn attacker could use this to construct a malicious HFS+ image that, when\nmounted, could cause a denial of service (system crash). (CVE-2018-14617)\n\nVasily Averin and Pavel Tikhomirov discovered that the cleancache subsystem\nof the Linux kernel did not properly initialize new files in some\nsituations. A local attacker could use this to expose sensitive\ninformation. (CVE-2018-16862)\n\nHui Peng and Mathias Payer discovered that the Option USB High Speed driver\nin the Linux kernel did not properly validate metadata received from the\ndevice. A physically proximate attacker could use this to cause a denial of\nservice (system crash). (CVE-2018-19985)\n\nHui Peng and Mathias Payer discovered that the USB subsystem in the Linux\nkernel did not properly handle size checks when handling an extra USB\ndescriptor. A physically proximate attacker could use this to cause a\ndenial of service (system crash). (CVE-2018-20169)\n\nZhipeng Xie discovered that an infinite loop could triggered in the CFS\nLinux kernel process scheduler. A local attacker could possibly use this to\ncause a denial of service. (CVE-2018-20784)\n\nIt was discovered that a use-after-free error existed in the block layer\nsubsystem of the Linux kernel when certain failure conditions occurred. A\nlocal attacker could possi ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'linux-aws' package(s) on Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1047-aws\", ver:\"4.15.0-1047.49\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-aws\", ver:\"4.15.0.1047.46\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-4.15.0-1047-aws\", ver:\"4.15.0-1047.49~16.04.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"linux-image-aws-hwe\", ver:\"4.15.0.1047.47\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2021-10-19T20:36:32", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation (CVE-2019-11085)\n\n* kernel: DMA attack using peripheral devices (Thunderclap) (BZ#1690716)\n\n* kernel: infinite loop in update_blocked_averages() in kernel/sched/fair.c leading to denial of service (CVE-2018-20784)\n\n* kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS (CVE-2019-11810)\n\n* kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* [DELL 8.0 z-stream BUG] - \"CPU unsupported\" message with CFL-H/S 8+2 due to updated Stepping (BZ#1711048)\n\n* RHEL8.0 Snapshot4 - [LTC Test] Guest crashes during vfio device hot-plug/un-plug operations. (kvm) (BZ#1714746)\n\n* Using Transactional Memory (TM) in a Guest Locks-up Host Core on a Power9 System (BZ#1714751)\n\n* VRSAVE register not properly saved and restored (BZ#1714753)\n\n* Fix potential spectre gadget in arch/s390/kvm/interrupt.c (BZ#1714754)\n\n* RHEL8.0 RC2 - kernel/KVM - count cache flush Spectre v2 mitigation (required for POWER9 DD2.3) (BZ#1715018)\n\n* iommu/amd: Set exclusion range correctly (BZ#1715336)\n\n* RHEL8.0 - sched/fair: Do not re-read ->h_load_next during hierarchical load calculation (BZ#1715337)\n\n* cross compile builds are broken (BZ#1715339)\n\n* Patch generated by 'make rh-test-patch' doesn't get applied during build (BZ#1715340)\n\n* hard lockup panic in during execution of CFS bandwidth period timer (BZ#1715345)\n\n* perf annotate -P does not give full paths (BZ#1716887)\n\n* [Dell EMC 8.0 BUG] File system corrupting with I/O Stress on H330 PERC on AMD Systems if IOMMU passthrough is disabled (BZ#1717344)\n\n* Fix Spectre v1 gadgets in drivers/gpu/drm/drm_bufs.c and drivers/gpu/drm/drm_ioctl.c (BZ#1717382)\n\n* BUG: SELinux doesn't handle NFS crossmnt well (BZ#1717777)\n\n* krb5{,i,p} doesn't work with older enctypes on aarch64 (BZ#1717800)\n\n* [RHEL-8.0][s390x]ltp-lite mtest06 testing hits EWD due to: rcu: INFO: rcu_sched self-detected stall on CPU (BZ#1717801)\n\n* RHEL 8 Snapshot-6: CN1200E SW iSCSI I/O performance degradation after a SCSI device/target reset rhel-8.0.0.z] (BZ#1717804)\n\n* dm cache metadata: Fix loading discard bitset (BZ#1717868)\n\n* jit'd java code on power9 ppc64le experiences stack corruption (BZ#1717869)\n\n* BUG: connect(AF_UNSPEC, ...) on a connected socket returns an error (BZ#1717870)\n\n* mm: BUG: unable to handle kernel paging request at 0000000057ac6e9d (BZ#1718237)\n\n* [HPE 8.0 BUG] DCPMM fsdax boot initialization takes a long time causing auto-mount to fail (BZ#1719635)\n\n* AMD Rome: WARNING: CPU: 1 PID: 0 at arch/x86/kernel/cpu/mcheck/mce.c:1510 mcheck_cpu_init+0x7a/0x460 (BZ#1721233)\n\n* [RHEL8.1] AMD Rome: EDAC amd64: Error: F0 not found, device 0x1460 (broken BIOS?) (BZ#1722365)\n\n* AMD Rome: Intermittent NMI received for unknown reason (BZ#1722367)\n\n* [DELL 8.0 BUG] - \"CPU unsupported\" message with WHL-U due to updated Stepping (BZ#1722372)\n\nEnhancement(s):\n\n* RHEL 8 - AMD Rome Support (BZ#1721972)\n\nUsers of kernel are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-07-30T09:18:32", "type": "redhat", "title": "(RHSA-2019:1959) Important: kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20784", "CVE-2019-11085", "CVE-2019-11810", "CVE-2019-11811"], "modified": "2019-07-30T09:36:16", "id": "RHSA-2019:1959", "href": "https://access.redhat.com/errata/RHSA-2019:1959", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-10-19T20:35:47", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: insufficient input validation in kernel mode driver in Intel i915 graphics leads to privilege escalation (CVE-2019-11085)\n\n* kernel: DMA attack using peripheral devices (Thunderclap) (BZ#1690716)\n\n* kernel: infinite loop in update_blocked_averages() in kernel/sched/fair.c leading to denial of service (CVE-2018-20784)\n\n* kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS (CVE-2019-11810)\n\n* kernel: use-after-free in drivers/char/ipmi/ipmi_si_intf.c, ipmi_si_mem_io.c, ipmi_si_port_io.c (CVE-2019-11811)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* kernel-rt: update to the RHEL8.0.z batch#2 source tree (BZ#1717516)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-07-30T10:55:07", "type": "redhat", "title": "(RHSA-2019:1971) Important: kernel-rt security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20784", "CVE-2019-11085", "CVE-2019-11810", "CVE-2019-11811"], "modified": "2019-07-30T10:59:30", "id": "RHSA-2019:1971", "href": "https://access.redhat.com/errata/RHSA-2019:1971", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "oraclelinux": [{"lastseen": "2021-07-30T06:24:59", "description": "- [4.18.0-80.7.1_0.OL8]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]\n- Update x509.genkey [Orabug: 24817676]\n[4.18.0-80.7.1_0]\n- [x86] Update stepping values for Whiskey Lake U/Y (David Arcari) [1722372 1704801]\n- [x86] x86/perf/amd: Resolve NMI latency issues for active PMCs (David Arcari) [1722367 1640238]\n- [x86] x86/perf/amd: Resolve race condition when disabling PMC (David Arcari) [1722367 1640238]\n- [edac] EDAC/amd64: Set maximum channel layer size depending on family (Gary Hook) [1722365 1690984]\n- [edac] EDAC/amd64: Adjust printed chip select sizes when interleaved (Gary Hook) [1722365 1690984]\n- [edac] EDAC/amd64: Recognize x16 symbol size (Gary Hook) [1722365 1690984]\n- [edac] EDAC/amd64: Support more than two Unified Memory Controllers (Gary Hook) [1722365 1690984]\n- [edac] EDAC/amd64: Use a macro for iterating over Unified Memory Controllers (Gary Hook) [1722365 1690984]\n- [edac] EDAC, amd64: Add Family 17h, models 10h-2fh support (Gary Hook) [1722365 1690984]\n- [edac] EDAC/amd64: Add Family 17h Model 30h PCI IDs (Aristeu Rozanski) [1722365 1696603]\n- [x86] mark AMD Rome processors supported (David Arcari) [1721972 1520002]\n- [x86] x86/mce: Handle varying MCA bank counts (David Arcari) [1721233 1668779]\n- [iommu] iommu/vt-d: Disable ATS support on untrusted devices (Jerry Snitselaar) [1700376 1692246]\n- [documentation] thunderbolt: Export IOMMU based DMA protection support to userspace (Jerry Snitselaar) [1700376 1692246]\n- [iommu] iommu/vt-d: Do not enable ATS for untrusted devices (Jerry Snitselaar) [1700376 1692246]\n- [iommu] iommu/vt-d: Force IOMMU on for platform opt in hint (Jerry Snitselaar) [1700376 1692246]\n- [pci] PCI / ACPI: Identify untrusted PCI devices (Myron Stowe) [1700376 1704979]\n- [acpi] ACPI / property: Allow multiple property compatible _DSD entries (Myron Stowe) [1700376 1537397]\n- [net] tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Florian Westphal) [1719922 1719923] {CVE-2019-11479}\n- [net] tcp: add tcp_min_snd_mss sysctl (Florian Westphal) [1719922 1719923] {CVE-2019-11479}\n- [net] tcp: tcp_fragment() should apply sane memory limits (Florian Westphal) [1719857 1719858] {CVE-2019-11478}\n- [net] tcp: limit payload size of sacked skbs (Florian Westphal) [1719602 1719603] {CVE-2019-11477}\n[4.18.0-80.6.1_0]\n- [mm] mm: defer ZONE_DEVICE page initialization to the point where we init pgmap (Waiman Long) [1719635 1666538]\n- [mm] mm: create non-atomic version of SetPageReserved for init use (Waiman Long) [1719635 1666538]\n- [mm] mm: provide kernel parameter to allow disabling page init poisoning (Waiman Long) [1719635 1666538]\n- [mm] mm, slub: restore the original intention of prefetch_freepointer() (Rafael Aquini) [1718237 1714671]\n- [security] selinux: do not report error on connect(AF_UNSPEC) (Ondrej Mosnacek) [1717870 1707828]\n- [security] selinux: Check address length before reading address family (Ondrej Mosnacek) [1717870 1707828]\n- [powerpc] powerpc/tm: Fix stack pointer corruption (Desnes Augusto Nunes do Rosario) [1717869 1707635]\n- [md] dm cache metadata: Fix loading discard bitset (Mike Snitzer) [1717868 1701618]\n- [md] dm mpath: fix missing call of path selector type->end_io (Mike Snitzer) [1717804 1686227]\n- [mm] mm/memory.c: do_fault: avoid usage of stale vm_area_struct ('Herton R. Krzesinski') [1717801 1684734]\n- [net] sunrpc: fix 4 more call sites that were using stack memory with a scatterlist (Scott Mayhew) [1717800 1679183]\n- [net] sunrpc: Don't use stack buffer with scatterlist (Scott Mayhew) [1717800 1679183]\n- [scsi] scsi: mpt3sas: Fix kernel panic during expander reset (Tomas Henzl) [1717791 1677693]\n- [security] selinux: always allow mounting submounts (Ondrej Mosnacek) [1717777 1647723]\n- [drm] drm/bufs: Fix Spectre v1 vulnerability (Rob Clark) [1717382 1663467]\n- [drm] drm/ioctl: Fix Spectre v1 vulnerabilities (Rob Clark) [1717382 1663467]\n- [tools] perf annotate: Fix getting source line failure (Michael Petlan) [1716887 1614435]\n- [iommu] iommu/amd: Set exclusion range correctly (Jerry Snitselaar) [1715336 1702766]\n- [iommu] iommu/amd: Reserve exclusion range in iova-domain (Jerry Snitselaar) [1717344 1694835]\n- [kvm] KVM: PPC: Book3S: Add count cache flush parameters to kvmppc_get_cpu_char() (Vitaly Kuznetsov) [1715018 1694456]\n- [s390] kvm: s390: Fix potential spectre warnings (Thomas Huth) [1714754 1702344]\n- [drm] drm/i915/gvt: Fix mmap range check (Alex Williamson) [1713572 1713573] {CVE-2019-11085}\n- [scsi] scsi: megaraid_sas: return error when create DMA pool failed (Tomas Henzl) [1712862 1712863] {CVE-2019-11810}\n[4.18.0-80.5.1_0]\n- [kernel] sched/fair: Limit sched_cfs_period_timer() loop to avoid hard lockup (Joel Savitz) [1715345 1695651]\n- [kernel] sched/fair: Fix O(nr_cgroups) in the load balancing path (Phil Auld) [1715343 1685636] {CVE-2018-20784}\n- [kernel] sched/fair: Fix insertion in rq->leaf_cfs_rq_list (Phil Auld) [1715343 1685636] {CVE-2018-20784}\n- [kernel] sched/fair: Add tmp_alone_branch assertion (Phil Auld) [1715343 1685636] {CVE-2018-20784}\n- [kernel] sched/fair: Fix infinite loop in update_blocked_averages() by reverting a9e7f6544b9c (Phil Auld) [1715343 1685636] {CVE-2018-20784}\n- [rpmspec] apply linux-kernel-test.patch when building ('Herton R. Krzesinski') [1715340 1690534]\n- [rpmspec] Fix cross builds (Jiri Olsa) [1715339 1694956]\n- [kernel] sched/fair: Do not re-read ->h_load_next during hierarchical load calculation (Phil Auld) [1715337 1701762]\n- [kvm] KVM: PPC: Book3S HV: Save/restore vrsave register in kvmhv_p9_guest_entry() (Suraj Jitindar Singh) [1714753 1700272]\n- [powerpc] KVM: PPC: Book3S HV: Perserve PSSCR FAKE_SUSPEND bit on guest exit (Suraj Jitindar Singh) [1714751 1689768]\n- [powerpc] powerpc/powernv/ioda: Fix locked_vm counting for memory used by IOMMU tables (David Gibson) [1714746 1674410]\n- [char] ipmi_si: fix use-after-free of resource->name (Tony Camuso) [1714409 1714410] {CVE-2019-11811}\n- [x86] Update stepping values for coffee lake desktop (David Arcari) [1711048 1704800]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-08-19T00:00:00", "type": "oraclelinux", "title": "kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-20784", "CVE-2019-11085", "CVE-2019-11477", "CVE-2019-11478", "CVE-2019-11479", "CVE-2019-11810", "CVE-2019-11811"], "modified": "2019-08-19T00:00:00", "id": "ELSA-2019-1959", "href": "http://linux.oracle.com/errata/ELSA-2019-1959.html", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "cloudfoundry": [{"lastseen": "2021-08-11T17:41:43", "description": "# \n\n## Severity\n\nMedium\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 16.04\n\n## Description\n\nUSN 4115-1 fixed vulnerabilities in the Linux 4.15 kernel for Ubuntu 18.04 LTS and Ubuntu 16.04 LTS. Unfortunately, as part of the update, a regression was introduced that caused a kernel crash when handling fragmented packets in some situations. This update addresses the issue.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nHui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19985)\n\nZhipeng Xie discovered that an infinite loop could triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784)\n\nIt was discovered that the Intel Wi-Fi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (Wi-Fi disconnect). (CVE-2019-0136)\n\nIt was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207)\n\nAmit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. (CVE-2019-10638)\n\nAmit Klein and Benny Pinkas discovered that the location of kernel addresses could be exposed by the implementation of connection-less network protocols in the Linux kernel. A remote attacker could possibly use this to assist in the exploitation of another vulnerability in the Linux kernel. (CVE-2019-10639)\n\nIt was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487)\n\nJann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2019-11599)\n\nIt was discovered that a null pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-11810)\n\nIt was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13631)\n\nPraveen Pandey discovered that the Linux kernel did not properly validate sent signals in some situations on PowerPC systems with transactional memory disabled. A local attacker could use this to cause a denial of service. (CVE-2019-13648)\n\nIt was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14283)\n\nIt was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284)\n\nTuba Yavuz discovered that a race condition existed in the DesignWare USB3 DRD Controller device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-14763)\n\nIt was discovered that an out-of-bounds read existed in the QLogic QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-15090)\n\nIt was discovered that the Raremono AM/FM/SW radio device driver in the Linux kernel did not properly allocate memory, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2019-15211)\n\nIt was discovered at a double-free error existed in the USB Rio 500 device driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-15212)\n\nIt was discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel, leading to a potential use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15214)\n\nIt was discovered that a race condition existed in the CPiA2 video4linux device driver for the Linux kernel, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15215)\n\nIt was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15220)\n\nIt was discovered that a use-after-free vulnerability existed in the AppleTalk implementation in the Linux kernel if an error occurs during initialization. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-15292)\n\nJason Wang discovered that an infinite loop vulnerability existed in the virtio net driver in the Linux kernel. A local attacker in a guest VM could possibly use this to cause a denial of service in the host system. (CVE-2019-3900)\n\nDaniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered that the Bluetooth protocol BR/EDR specification did not properly require sufficiently strong encryption key lengths. A physically proximate attacker could use this to expose sensitive information. (CVE-2019-9506)\n\nIt was discovered that a race condition existed in the USB YUREX device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15216)\n\nIt was discovered that the Siano USB MDTV receiver device driver in the Linux kernel made improper assumptions about the device characteristics. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2019-15218)\n\nIt was discovered that the Line 6 POD USB device driver in the Linux kernel did not properly validate data size information from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15221)\n\nMuyu Yu discovered that the CAN implementation in the Linux kernel in some situations did not properly restrict the field size when processing outgoing frames. A local attacker with CAP_NET_ADMIN privileges could use this to execute arbitrary code. (CVE-2019-3701)\n\nVladis Dronov discovered that the debug interface for the Linux kernel\u2019s HID subsystem did not properly validate passed parameters in some situations. A local privileged attacker could use this to cause a denial of service (infinite loop). (CVE-2019-3819)\n\nCVEs contained in this USN include: CVE-2018-19985, CVE-2019-3701, CVE-2019-3819, CVE-2018-20784, CVE-2019-11487, CVE-2019-11599, CVE-2019-11810, CVE-2019-3900, CVE-2019-0136, CVE-2019-10207, CVE-2019-10638, CVE-2019-10639, CVE-2019-13631, CVE-2019-14283, CVE-2019-14284, CVE-2019-14763, CVE-2019-15090, CVE-2019-15211, CVE-2019-15212, CVE-2019-15214, CVE-2019-15215, CVE-2019-15216, CVE-2019-15218, CVE-2019-15220, CVE-2019-15221, CVE-2019-15292, CVE-2019-9506, CVE-2019-13648\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Cloud Foundry BOSH xenial-stemcells are vulnerable, including: \n * 456.x versions prior to 456.25\n * 315.x versions prior to 315.97\n * 250.x versions prior to 250.110\n * 170.x versions prior to 170.133\n * 97.x versions prior to 97.159\n * All other stemcells not listed.\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH xenial-stemcells: \n * Upgrade 456.x versions to 456.25\n * Upgrade 315.x versions to 315.97\n * Upgrade 250.x versions to 250.110\n * Upgrade 170.x versions to 170.133\n * Upgrade 97.x versions to 97.159\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-xenial>).\n\n## References\n\n * [USN-4115-2](<https://usn.ubuntu.com/4115-2>)\n * [CVE-2018-19985](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-19985>)\n * [CVE-2019-3701](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-3701>)\n * [CVE-2019-3819](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-3819>)\n * [CVE-2018-20784](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20784>)\n * [CVE-2019-11487](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11487>)\n * [CVE-2019-11599](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11599>)\n * [CVE-2019-11810](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11810>)\n * [CVE-2019-3900](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3900>)\n * [CVE-2019-0136](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0136>)\n * [CVE-2019-10207](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-10207>)\n * [CVE-2019-10638](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-10638>)\n * [CVE-2019-10639](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-10639>)\n * [CVE-2019-13631](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13631>)\n * [CVE-2019-14283](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14283>)\n * [CVE-2019-14284](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14284>)\n * [CVE-2019-14763](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14763>)\n * [CVE-2019-15090](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15090>)\n * [CVE-2019-15211](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15211>)\n * [CVE-2019-15212](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15212>)\n * [CVE-2019-15214](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15214>)\n * [CVE-2019-15215](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15215>)\n * [CVE-2019-15216](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15216>)\n * [CVE-2019-15218](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15218>)\n * [CVE-2019-15220](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15220>)\n * [CVE-2019-15221](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15221>)\n * [CVE-2019-15292](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15292>)\n * [CVE-2019-9506](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9506>)\n * [CVE-2019-13648](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13648>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-09-30T00:00:00", "type": "cloudfoundry", "title": "USN-4115-2: Linux kernel regression | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-19985", "CVE-2018-20784", "CVE-2019-0136", "CVE-2019-10207", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-11487", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-13631", "CVE-2019-13648", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-14763", "CVE-2019-15090", "CVE-2019-15211", "CVE-2019-15212", "CVE-2019-15214", "CVE-2019-15215", "CVE-2019-15216", "CVE-2019-15218", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15292", "CVE-2019-3701", "CVE-2019-3819", "CVE-2019-3900", "CVE-2019-9506"], "modified": "2019-09-30T00:00:00", "id": "CFOUNDRY:BD71AB043932448695E8B3D20302D582", "href": "https://www.cloudfoundry.org/blog/usn-4115-2/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-08-11T17:41:41", "description": "# \n\n## Severity\n\nMedium\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 16.04\n\n## Description\n\nHui Peng and Mathias Payer discovered that the Option USB High Speed driver in the Linux kernel did not properly validate metadata received from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2018-19985)\n\nZhipeng Xie discovered that an infinite loop could triggered in the CFS Linux kernel process scheduler. A local attacker could possibly use this to cause a denial of service. (CVE-2018-20784)\n\nIt was discovered that the Intel wifi device driver in the Linux kernel did not properly validate certain Tunneled Direct Link Setup (TDLS). A physically proximate attacker could use this to cause a denial of service (wifi disconnect). (CVE-2019-0136)\n\nIt was discovered that the Bluetooth UART implementation in the Linux kernel did not properly check for missing tty operations. A local attacker could use this to cause a denial of service. (CVE-2019-10207)\n\nAmit Klein and Benny Pinkas discovered that the Linux kernel did not sufficiently randomize IP ID values generated for connectionless networking protocols. A remote attacker could use this to track particular Linux devices. (CVE-2019-10638)\n\nAmit Klein and Benny Pinkas discovered that the location of kernel addresses could exposed by the implementation of connection-less network protocols in the Linux kernel. A remote attacker could possibly use this to assist in the exploitation of another vulnerability in the Linux kernel. (CVE-2019-10639)\n\nIt was discovered that an integer overflow existed in the Linux kernel when reference counting pages, leading to potential use-after-free issues. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-11487)\n\nJann Horn discovered that a race condition existed in the Linux kernel when performing core dumps. A local attacker could use this to cause a denial of service (system crash) or expose sensitive information. (CVE-2019-11599)\n\nIt was discovered that a null pointer dereference vulnerability existed in the LSI Logic MegaRAID driver in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-11810)\n\nIt was discovered that the GTCO tablet input driver in the Linux kernel did not properly bounds check the initial HID report sent by the device. A physically proximate attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-13631)\n\nPraveen Pandey discovered that the Linux kernel did not properly validate sent signals in some situations on PowerPC systems with transactional memory disabled. A local attacker could use this to cause a denial of service. (CVE-2019-13648)\n\nIt was discovered that the floppy driver in the Linux kernel did not properly validate meta data, leading to a buffer overread. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14283)\n\nIt was discovered that the floppy driver in the Linux kernel did not properly validate ioctl() calls, leading to a division-by-zero. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-14284)\n\nTuba Yavuz discovered that a race condition existed in the DesignWare USB3 DRD Controller device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-14763)\n\nIt was discovered that an out-of-bounds read existed in the QLogic QEDI iSCSI Initiator Driver in the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2019-15090)\n\nIt was discovered that the Raremono AM/FM/SW radio device driver in the Linux kernel did not properly allocate memory, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2019-15211)\n\nIt was discovered at a double-free error existed in the USB Rio 500 device driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service. (CVE-2019-15212)\n\nIt was discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel, leading to a potential use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) pro possibly execute arbitrary code. (CVE-2019-15214)\n\nIt was discovered that a race condition existed in the CPiA2 video4linux device driver for the Linux kernel, leading to a use-after-free. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-15215)\n\nIt was discovered that a race condition existed in the Softmac USB Prism54 device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15220)\n\nIt was discovered that a use-after-free vulnerability existed in the Appletalk implementation in the Linux kernel if an error occurs during initialization. A local attacker could use this to cause a denial of service (system crash). (CVE-2019-15292)\n\nJason Wang discovered that an infinite loop vulnerability existed in the virtio net driver in the Linux kernel. A local attacker in a guest VM could possibly use this to cause a denial of service in the host system. (CVE-2019-3900)\n\nDaniele Antonioli, Nils Ole Tippenhauer, and Kasper B. Rasmussen discovered that the Bluetooth protocol BR/EDR specification did not properly require sufficiently strong encryption key lengths. A physicall proximate attacker could use this to expose sensitive information. (CVE-2019-9506)\n\nIt was discovered that a race condition existed in the USB YUREX device driver in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15216)\n\nIt was discovered that the Siano USB MDTV receiver device driver in the Linux kernel made improper assumptions about the device characteristics. A physically proximate attacker could use this cause a denial of service (system crash). (CVE-2019-15218)\n\nIt was discovered that the Line 6 POD USB device driver in the Linux kernel did not properly validate data size information from the device. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2019-15221)\n\nMuyu Yu discovered that the CAN implementation in the Linux kernel in some situations did not properly restrict the field size when processing outgoing frames. A local attacker with CAP_NET_ADMIN privileges could use this to execute arbitrary code. (CVE-2019-3701)\n\nVladis Dronov discovered that the debug interface for the Linux kernel\u2019s HID subsystem did not properly validate passed parameters in some situations. A local privileged attacker could use this to cause a denial of service (infinite loop). (CVE-2019-3819)\n\nCVEs contained in this USN include: CVE-2018-19985, CVE-2019-3701, CVE-2019-3819, CVE-2018-20784, CVE-2019-11487, CVE-2019-11599, CVE-2019-11810, CVE-2019-3900, CVE-2019-0136, CVE-2019-10207, CVE-2019-10638, CVE-2019-10639, CVE-2019-13631, CVE-2019-14283, CVE-2019-14284, CVE-2019-14763, CVE-2019-15090, CVE-2019-15211, CVE-2019-15212, CVE-2019-15214, CVE-2019-15215, CVE-2019-15216, CVE-2019-15218, CVE-2019-15220, CVE-2019-15221, CVE-2019-15292, CVE-2019-9506, CVE-2019-13648\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * Cloud Foundry BOSH xenial-stemcells are vulnerable, including: \n * 456.x versions prior to 456.22\n * 315.x versions prior to 315.93\n * 250.x versions prior to 250.106\n * 170.x versions prior to 170.129\n * 97.x versions prior to 97.156\n * All other stemcells not listed.\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH xenial-stemcells: \n * Upgrade 456.x versions to 456.22\n * Upgrade 315.x versions to 315.93\n * Upgrade 250.x versions to 250.106\n * Upgrade 170.x versions to 170.129\n * Upgrade 97.x versions to 97.156\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-xenial>).\n\n## References\n\n * [USN-4115-1](<https://usn.ubuntu.com/4115-1>)\n * [CVE-2018-19985](<https://people.canonical.com/~ubuntu-security/cve/CVE-2018-19985>)\n * [CVE-2019-3701](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-3701>)\n * [CVE-2019-3819](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-3819>)\n * [CVE-2018-20784](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20784>)\n * [CVE-2019-11487](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11487>)\n * [CVE-2019-11599](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11599>)\n * [CVE-2019-11810](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11810>)\n * [CVE-2019-3900](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3900>)\n * [CVE-2019-0136](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-0136>)\n * [CVE-2019-10207](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-10207>)\n * [CVE-2019-10638](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-10638>)\n * [CVE-2019-10639](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-10639>)\n * [CVE-2019-13631](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13631>)\n * [CVE-2019-14283](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14283>)\n * [CVE-2019-14284](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14284>)\n * [CVE-2019-14763](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14763>)\n * [CVE-2019-15090](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15090>)\n * [CVE-2019-15211](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15211>)\n * [CVE-2019-15212](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15212>)\n * [CVE-2019-15214](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15214>)\n * [CVE-2019-15215](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15215>)\n * [CVE-2019-15216](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15216>)\n * [CVE-2019-15218](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15218>)\n * [CVE-2019-15220](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15220>)\n * [CVE-2019-15221](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15221>)\n * [CVE-2019-15292](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-15292>)\n * [CVE-2019-9506](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-9506>)\n * [CVE-2019-13648](<https://people.canonical.com/~ubuntu-security/cve/CVE-2019-13648>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2019-09-30T00:00:00", "type": "cloudfoundry", "title": "USN-4115-1: Linux kernel vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-19985", "CVE-2018-20784", "CVE-2019-0136", "CVE-2019-10207", "CVE-2019-10638", "CVE-2019-10639", "CVE-2019-11487", "CVE-2019-11599", "CVE-2019-11810", "CVE-2019-13631", "CVE-2019-13648", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-14763", "CVE-2019-15090", "CVE-2019-15211", "CVE-2019-15212", "CVE-2019-15214", "CVE-2019-15215", "CVE-2019-15216", "CVE-2019-15218", "CVE-2019-15220", "CVE-2019-15221", "CVE-2019-15292", "CVE-2019-3701", "CVE-2019-3819", "CVE-2019-3900", "CVE-2019-9506"], "modified": "2019-09-30T00:00:00", "id": "CFOUNDRY:A005A5D22D18F966EBF6C011F833E895", "href": "https://www.cloudfoundry.org/blog/usn-4115-1/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
CVE-2018-20784
