DATABASE RESOURCES PRICING ABOUT US

{"id": "DEBIANCVE:CVE-2019-20934", "vendorId": null, "type": "debiancve", "bulletinFamily": "info", "title": "CVE-2019-20934", "description": "An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.", "published": "2020-11-28T07:15:00", "modified": "2020-11-28T07:15:00", "cvss": {"score": 5.4, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:C", "accessVector": "LOCAL", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 5.4}, "severity": "MEDIUM", "exploitabilityScore": 3.4, "impactScore": 7.8, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.0, "impactScore": 4.2}, "href": "https://security-tracker.debian.org/tracker/CVE-2019-20934", "reporter": "Debian Security Bug Tracker", "references": [], "cvelist": ["CVE-2019-20934"], "immutableFields": [], "lastseen": "2022-06-23T06:00:17", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "centos", "idList": ["CESA-2021:2725"]}, {"type": "cve", "idList": ["CVE-2019-20934"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2021-2725.NASL", "EULEROS_SA-2020-2514.NASL", "EULEROS_SA-2021-1039.NASL", "EULEROS_SA-2021-1079.NASL", "EULEROS_SA-2021-1311.NASL", "EULEROS_SA-2021-1684.NASL", "OPENSUSE-2021-75.NASL", "ORACLELINUX_ELSA-2021-2725.NASL", "ORACLELINUX_ELSA-2021-9002.NASL", "ORACLEVM_OVMSA-2021-0001.NASL", "REDHAT-RHSA-2021-2725.NASL", "REDHAT-RHSA-2021-2726.NASL", "REDHAT-RHSA-2021-3987.NASL", "SL_20210721_KERNEL_ON_SL7_X.NASL", "SUSE_SU-2020-3798-1.NASL", "SUSE_SU-2021-0098-1.NASL", "SUSE_SU-2021-0118-1.NASL", "SUSE_SU-2021-0133-1.NASL", "SUSE_SU-2021-0434-1.NASL", "SUSE_SU-2021-0437-1.NASL", "SUSE_SU-2021-0438-1.NASL", "SUSE_SU-2021-0452-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-2725", "ELSA-2021-9002"]}, {"type": "photon", "idList": ["PHSA-2019-0026", "PHSA-2019-0175", "PHSA-2019-0250", "PHSA-2020-0153", "PHSA-2020-3.0-0153"]}, {"type": "redhat", "idList": ["RHSA-2021:2725", "RHSA-2021:2726", "RHSA-2021:3016", "RHSA-2021:3987"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-20934"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0075-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-20934"]}], "rev": 4}, "score": {"value": 5.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2021:2725"]}, {"type": "cve", "idList": ["CVE-2019-20934"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2021-2725.NASL", "EULEROS_SA-2020-2514.NASL", "EULEROS_SA-2021-1079.NASL", "OPENSUSE-2021-75.NASL", "ORACLELINUX_ELSA-2021-2725.NASL", "ORACLELINUX_ELSA-2021-9002.NASL", "ORACLEVM_OVMSA-2021-0001.NASL", "REDHAT-RHSA-2021-2725.NASL", "REDHAT-RHSA-2021-2726.NASL", "SL_20210721_KERNEL_ON_SL7_X.NASL", "SUSE_SU-2020-3798-1.NASL", "SUSE_SU-2021-0098-1.NASL", "SUSE_SU-2021-0118-1.NASL", "SUSE_SU-2021-0133-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-2725", "ELSA-2021-9002"]}, {"type": "photon", "idList": ["PHSA-2020-3.0-0153"]}, {"type": "redhat", "idList": ["RHSA-2021:2725"]}, {"type": "redhatcve", "idList": ["RH:CVE-2019-20934"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0075-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2019-20934"]}]}, "exploitation": null, "vulnersScore": 5.1}, "_state": {"dependencies": 0, "score": 0}, "_internal": {}, "affectedPackage": [{"OS": "Debian", "OSVersion": "12", "arch": "all", "packageFilename": "linux_5.18.5-1_all.deb", "packageVersion": "5.18.5-1", "operator": "lt", "status": "resolved", "packageName": "linux"}, {"OS": "Debian", "OSVersion": "11", "arch": "all", "packageFilename": "linux_5.10.106-1_all.deb", "packageVersion": "5.10.106-1", "operator": "lt", "status": "resolved", "packageName": "linux"}, {"OS": "Debian", "OSVersion": "10", "arch": "all", "packageFilename": "linux_4.19.235-1_all.deb", "packageVersion": "4.19.235-1", "operator": "lt", "status": "resolved", "packageName": "linux"}, {"OS": "Debian", "OSVersion": "999", "arch": "all", "packageFilename": "linux_5.18.5-1_all.deb", "packageVersion": "5.18.5-1", "operator": "lt", "status": "resolved", "packageName": "linux"}, {"OS": "Debian", "OSVersion": "9", "arch": "all", "packageFilename": "linux_4.9.228-1_all.deb", "packageVersion": "4.9.228-1", "operator": "lt", "status": "resolved", "packageName": "linux"}]}

{"redhatcve": [{"lastseen": "2022-06-08T08:06:28", "description": "A flaw was found in the Linux kernel\u2019s implementation of displaying NUMA statistics, where displaying the scheduler statistics could trigger a use-after-free in show_numa_stats() and display the kernel memory to userspace. The highest threat from this vulnerability is to system availability.\n#### Mitigation\n\nAs the NUMA features are built-in and enabled by default, the NUMA functionality can be disabled at boot time by providing the kernel parameter, numa=off. \n\n\nThe method of providing this parameter depends on the operating system version, see KCS article <https://access.redhat.com/solutions/23216>. \n\n\nDisabling this feature may have significant performance impacts and the administrator should consider if the performance penalty is a problem. \n\n\nIf you need further assistance, see KCS article <https://access.redhat.com/solutions/41278> or contact Red Hat Global Support Services. \n\n", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2020-11-30T17:29:24", "type": "redhatcve", "title": "CVE-2019-20934", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 5.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20934"], "modified": "2022-06-08T06:46:25", "id": "RH:CVE-2019-20934", "href": "https://access.redhat.com/security/cve/cve-2019-20934", "cvss": {"score": 5.4, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:C"}}], "veracode": [{"lastseen": "2022-06-04T16:40:10", "description": "Linux kernel is vulnerable to denial of service. Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed. A flaw was found in the Linux kernels implementation of displaying NUMA statistics, where displaying the scheduler statistics could trigger a use-after-free in show_numa_stats() and display the kernel memory to userspace. The highest threat from this vulnerability is to system availability.\n", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2021-07-23T00:39:04", "type": "veracode", "title": "Denial Of Service ", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 5.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20934"], "modified": "2022-04-19T18:41:30", "id": "VERACODE:31293", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-31293/summary", "cvss": {"score": 5.4, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:C"}}], "cve": [{"lastseen": "2022-03-23T22:28:11", "description": "An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2020-11-28T07:15:00", "type": "cve", "title": "CVE-2019-20934", "cwe": ["CWE-416"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 5.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20934"], "modified": "2021-01-12T13:49:00", "cpe": ["cpe:/o:linux:linux_kernel:5.2.17", "cpe:/o:linux:linux_kernel:5.3"], "id": "CVE-2019-20934", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20934", "cvss": {"score": 5.4, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:5.3:rc1:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:5.2.17:*:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2022-06-02T17:41:31", "description": "An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c. ([CVE-2019-20934](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20934>))\n\nImpact\n\nThere is no impact; F5 products are not affected by this vulnerability.\n", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2022-06-02T16:51:00", "type": "f5", "title": "Linux kernel vulnerability CVE-2019-20934", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 5.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 7.8, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20934"], "modified": "2022-06-02T16:51:00", "id": "F5:K69232741", "href": "https://support.f5.com/csp/article/K69232741", "cvss": {"score": 5.4, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:C"}}], "ubuntucve": [{"lastseen": "2021-11-22T21:24:11", "description": "An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems,\nthe Linux fair scheduler has a use-after-free in show_numa_stats() because\nNUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 4.2}, "published": "2020-11-28T00:00:00", "type": "ubuntucve", "title": "CVE-2019-20934", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 5.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 7.8, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20934"], "modified": "2020-11-28T00:00:00", "id": "UB:CVE-2019-20934", "href": "https://ubuntu.com/security/CVE-2019-20934", "cvss": {"score": 5.4, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:C"}}], "nessus": [{"lastseen": "2022-05-10T17:45:42", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by multiple vulnerabilities:\n\n - An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c. (CVE-2019-20934)\n\n - In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770. (CVE-2020-11668)\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. (CVE-2021-33033)\n\n - In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. (CVE-2021-33034)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-05-10T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2022-0014)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-20934", "CVE-2020-11668", "CVE-2021-33033", "CVE-2021-33034"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_core:kernel", "p-cpe:/a:zte:cgsl_core:kernel-abi-whitelists", "p-cpe:/a:zte:cgsl_core:kernel-core", "p-cpe:/a:zte:cgsl_core:kernel-debug-core", "p-cpe:/a:zte:cgsl_core:kernel-debug-debuginfo", "p-cpe:/a:zte:cgsl_core:kernel-debug-devel", "p-cpe:/a:zte:cgsl_core:kernel-debug-modules", "p-cpe:/a:zte:cgsl_core:kernel-debuginfo", "p-cpe:/a:zte:cgsl_core:kernel-debuginfo-common-x86_64", "p-cpe:/a:zte:cgsl_core:kernel-devel", "p-cpe:/a:zte:cgsl_core:kernel-headers", "p-cpe:/a:zte:cgsl_core:kernel-modules", "p-cpe:/a:zte:cgsl_core:kernel-sign-keys", "p-cpe:/a:zte:cgsl_core:kernel-tools", "p-cpe:/a:zte:cgsl_core:kernel-tools-debuginfo", "p-cpe:/a:zte:cgsl_core:kernel-tools-libs", "p-cpe:/a:zte:cgsl_core:kernel-tools-libs-devel", "p-cpe:/a:zte:cgsl_core:perf", "p-cpe:/a:zte:cgsl_core:perf-debuginfo", "p-cpe:/a:zte:cgsl_core:python-perf", "p-cpe:/a:zte:cgsl_core:python-perf-debuginfo", "p-cpe:/a:zte:cgsl_main:kernel", "p-cpe:/a:zte:cgsl_main:kernel-abi-whitelists", "p-cpe:/a:zte:cgsl_main:kernel-debug", "p-cpe:/a:zte:cgsl_main:kernel-debug-debuginfo", "p-cpe:/a:zte:cgsl_main:kernel-debug-devel", "p-cpe:/a:zte:cgsl_main:kernel-debuginfo", "p-cpe:/a:zte:cgsl_main:kernel-debuginfo-common-x86_64", "p-cpe:/a:zte:cgsl_main:kernel-devel", "p-cpe:/a:zte:cgsl_main:kernel-headers", "p-cpe:/a:zte:cgsl_main:kernel-sign-keys", "p-cpe:/a:zte:cgsl_main:kernel-tools", "p-cpe:/a:zte:cgsl_main:kernel-tools-debuginfo", "p-cpe:/a:zte:cgsl_main:kernel-tools-libs", "p-cpe:/a:zte:cgsl_main:kernel-tools-libs-devel", "p-cpe:/a:zte:cgsl_main:perf", "p-cpe:/a:zte:cgsl_main:perf-debuginfo", "p-cpe:/a:zte:cgsl_main:python-perf", "p-cpe:/a:zte:cgsl_main:python-perf-debuginfo", "cpe:/o:zte:cgsl_core:5", "cpe:/o:zte:cgsl_main:5"], "id": "NEWSTART_CGSL_NS-SA-2022-0014_KERNEL.NASL", "href": "https://www.tenable.com/plugins/nessus/160850", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2022-0014. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160850);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2019-20934\",\n \"CVE-2020-11668\",\n \"CVE-2021-33033\",\n \"CVE-2021-33034\"\n );\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : kernel Multiple Vulnerabilities (NS-SA-2022-0014)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has kernel packages installed that are affected by\nmultiple vulnerabilities:\n\n - An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a\n use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka\n CID-16d51a590a8c. (CVE-2019-20934)\n\n - In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB\n driver) mishandles invalid descriptors, aka CID-a246b4d54770. (CVE-2020-11668)\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because\n the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads\n to writing an arbitrary value. (CVE-2021-33033)\n\n - In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an\n hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. (CVE-2021-33034)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2022-0014\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-20934\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-11668\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-33033\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-33034\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11668\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-33034\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-sign-keys\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-sign-keys\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_core:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:5\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL CORE 5.04': [\n 'kernel-3.10.0-693.21.1.el7.cgslv5_4.57.1012.ga0f80e7.lite',\n 'kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.57.1012.ga0f80e7.lite',\n 'kernel-core-3.10.0-693.21.1.el7.cgslv5_4.57.1012.ga0f80e7.lite',\n 'kernel-debug-core-3.10.0-693.21.1.el7.cgslv5_4.57.1012.ga0f80e7.lite',\n 'kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1012.ga0f80e7.lite',\n 'kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.57.1012.ga0f80e7.lite',\n 'kernel-debug-modules-3.10.0-693.21.1.el7.cgslv5_4.57.1012.ga0f80e7.lite',\n 'kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1012.ga0f80e7.lite',\n 'kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.57.1012.ga0f80e7.lite',\n 'kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.57.1012.ga0f80e7.lite',\n 'kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.57.1012.ga0f80e7.lite',\n 'kernel-modules-3.10.0-693.21.1.el7.cgslv5_4.57.1012.ga0f80e7.lite',\n 'kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.57.1012.ga0f80e7.lite',\n 'kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.57.1012.ga0f80e7.lite',\n 'kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1012.ga0f80e7.lite',\n 'kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.57.1012.ga0f80e7.lite',\n 'kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.57.1012.ga0f80e7.lite',\n 'perf-3.10.0-693.21.1.el7.cgslv5_4.57.1012.ga0f80e7.lite',\n 'perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1012.ga0f80e7.lite',\n 'python-perf-3.10.0-693.21.1.el7.cgslv5_4.57.1012.ga0f80e7.lite',\n 'python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.57.1012.ga0f80e7.lite'\n ],\n 'CGSL MAIN 5.04': [\n 'kernel-3.10.0-693.21.1.el7.cgslv5_4.55.1086.gd8e7f98',\n 'kernel-abi-whitelists-3.10.0-693.21.1.el7.cgslv5_4.55.1086.gd8e7f98',\n 'kernel-debug-3.10.0-693.21.1.el7.cgslv5_4.55.1086.gd8e7f98',\n 'kernel-debug-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1086.gd8e7f98',\n 'kernel-debug-devel-3.10.0-693.21.1.el7.cgslv5_4.55.1086.gd8e7f98',\n 'kernel-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1086.gd8e7f98',\n 'kernel-debuginfo-common-x86_64-3.10.0-693.21.1.el7.cgslv5_4.55.1086.gd8e7f98',\n 'kernel-devel-3.10.0-693.21.1.el7.cgslv5_4.55.1086.gd8e7f98',\n 'kernel-headers-3.10.0-693.21.1.el7.cgslv5_4.55.1086.gd8e7f98',\n 'kernel-sign-keys-3.10.0-693.21.1.el7.cgslv5_4.55.1086.gd8e7f98',\n 'kernel-tools-3.10.0-693.21.1.el7.cgslv5_4.55.1086.gd8e7f98',\n 'kernel-tools-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1086.gd8e7f98',\n 'kernel-tools-libs-3.10.0-693.21.1.el7.cgslv5_4.55.1086.gd8e7f98',\n 'kernel-tools-libs-devel-3.10.0-693.21.1.el7.cgslv5_4.55.1086.gd8e7f98',\n 'perf-3.10.0-693.21.1.el7.cgslv5_4.55.1086.gd8e7f98',\n 'perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1086.gd8e7f98',\n 'python-perf-3.10.0-693.21.1.el7.cgslv5_4.55.1086.gd8e7f98',\n 'python-perf-debuginfo-3.10.0-693.21.1.el7.cgslv5_4.55.1086.gd8e7f98'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');\n}\n", "cvss": {"score": 5.6, "vector": "AV:L/AC:L/Au:N/C:N/I:P/A:C"}}, {"lastseen": "2022-06-15T18:07:36", "description": "The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2021:2725-1 advisory.\n\n - kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909)\n\n - kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034)\n\n - kernel: use-after-free in show_numa_stats function (CVE-2019-20934)\n\n - kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668)\n\n - kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c (CVE-2021-33033)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-07-26T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL7.x x86_64 (2021:2725)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-20934", "CVE-2020-11668", "CVE-2021-33033", "CVE-2021-33034", "CVE-2021-33909"], "modified": "2021-07-30T00:00:00", "cpe": ["cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:bpftool", "p-cpe:/a:fermilab:scientific_linux:bpftool-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:kernel-tools", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo"], "id": "SL_20210721_KERNEL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/152089", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152089);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/30\");\n\n script_cve_id(\n \"CVE-2019-20934\",\n \"CVE-2020-11668\",\n \"CVE-2021-33033\",\n \"CVE-2021-33034\",\n \"CVE-2021-33909\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0350\");\n script_xref(name:\"RHSA\", value:\"RHSA-2021:2725\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL7.x x86_64 (2021:2725)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Scientific Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SLSA-2021:2725-1 advisory.\n\n - kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909)\n\n - kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034)\n\n - kernel: use-after-free in show_numa_stats function (CVE-2019-20934)\n\n - kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668)\n\n - kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c (CVE-2021-33033)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.scientificlinux.org/category/sl-errata/slsa-20212725-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-33909\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fermilab:scientific_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Scientific Linux' >!< release) audit(AUDIT_OS_NOT, 'Scientific Linux');\nvar os_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Scientific Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Scientific Linux 7.x', 'Scientific Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Scientific Linux', cpu);\n\nvar pkgs = [\n {'reference':'bpftool-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-debuginfo-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.36.2.el7', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-debuginfo-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-x86_64-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-debuginfo-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / bpftool-debuginfo / kernel / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-15T22:11:28", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-2725 advisory.\n\n - In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770. (CVE-2020-11668)\n\n - An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c. (CVE-2019-20934)\n\n - In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. (CVE-2021-33034)\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. (CVE-2021-33033)\n\n - fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. (CVE-2021-33909)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-07-22T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : kernel (ELSA-2021-2725)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-20934", "CVE-2020-11668", "CVE-2021-33033", "CVE-2021-33034", "CVE-2021-33909"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2021-2725.NASL", "href": "https://www.tenable.com/plugins/nessus/151926", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-2725.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151926);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2019-20934\",\n \"CVE-2020-11668\",\n \"CVE-2021-33033\",\n \"CVE-2021-33034\",\n \"CVE-2021-33909\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0350\");\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2021-2725)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-2725 advisory.\n\n - In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB\n driver) mishandles invalid descriptors, aka CID-a246b4d54770. (CVE-2020-11668)\n\n - An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a\n use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka\n CID-16d51a590a8c. (CVE-2019-20934)\n\n - In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an\n hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. (CVE-2021-33034)\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because\n the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads\n to writing an arbitrary value. (CVE-2021-33033)\n\n - fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer\n allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an\n unprivileged user, aka CID-8cae8cd89f05. (CVE-2021-33909)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-2725.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-33909\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.10.0-1160.36.2.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-2725');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.10';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-3.10.0'},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.36.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-3.10.0'},\n {'reference':'kernel-debug-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-3.10.0'},\n {'reference':'kernel-debug-devel-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-3.10.0'},\n {'reference':'kernel-devel-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-3.10.0'},\n {'reference':'kernel-headers-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-3.10.0'},\n {'reference':'kernel-tools-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-3.10.0'},\n {'reference':'kernel-tools-libs-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-3.10.0'},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-3.10.0'},\n {'reference':'perf-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-15T18:08:22", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2726 advisory.\n\n - kernel: use-after-free in show_numa_stats function (CVE-2019-20934)\n\n - kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668)\n\n - kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c (CVE-2021-33033)\n\n - kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034)\n\n - kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-07-21T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-rt (RHSA-2021:2726)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-20934", "CVE-2020-11668", "CVE-2021-33033", "CVE-2021-33034", "CVE-2021-33909"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm"], "id": "REDHAT-RHSA-2021-2726.NASL", "href": "https://www.tenable.com/plugins/nessus/151886", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2726. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151886);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/07\");\n\n script_cve_id(\n \"CVE-2019-20934\",\n \"CVE-2020-11668\",\n \"CVE-2021-33033\",\n \"CVE-2021-33034\",\n \"CVE-2021-33909\"\n );\n script_xref(name:\"RHSA\", value:\"2021:2726\");\n script_xref(name:\"IAVA\", value:\"2021-A-0350\");\n\n script_name(english:\"RHEL 7 : kernel-rt (RHSA-2021:2726)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:2726 advisory.\n\n - kernel: use-after-free in show_numa_stats function (CVE-2019-20934)\n\n - kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668)\n\n - kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c (CVE-2021-33033)\n\n - kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034)\n\n - kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/476.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/787.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-20934\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11668\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-33033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-33034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-33909\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2726\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1824792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1902788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1961300\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1961305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1970273\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-33909\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 416, 476, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_7_client': [\n 'rhel-7-desktop-debug-rpms',\n 'rhel-7-desktop-fastrack-debug-rpms',\n 'rhel-7-desktop-fastrack-rpms',\n 'rhel-7-desktop-fastrack-source-rpms',\n 'rhel-7-desktop-optional-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-rpms',\n 'rhel-7-desktop-optional-fastrack-source-rpms',\n 'rhel-7-desktop-optional-rpms',\n 'rhel-7-desktop-optional-source-rpms',\n 'rhel-7-desktop-rpms',\n 'rhel-7-desktop-source-rpms'\n ],\n 'enterprise_linux_7_computenode': [\n 'rhel-7-for-hpc-node-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-fastrack-rpms',\n 'rhel-7-for-hpc-node-fastrack-source-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-source-rpms',\n 'rhel-7-hpc-node-debug-rpms',\n 'rhel-7-hpc-node-optional-debug-rpms',\n 'rhel-7-hpc-node-optional-rpms',\n 'rhel-7-hpc-node-optional-source-rpms',\n 'rhel-7-hpc-node-rpms',\n 'rhel-7-hpc-node-source-rpms'\n ],\n 'enterprise_linux_7_server': [\n 'rhel-7-server-debug-rpms',\n 'rhel-7-server-fastrack-debug-rpms',\n 'rhel-7-server-fastrack-rpms',\n 'rhel-7-server-fastrack-source-rpms',\n 'rhel-7-server-optional-debug-rpms',\n 'rhel-7-server-optional-fastrack-debug-rpms',\n 'rhel-7-server-optional-fastrack-rpms',\n 'rhel-7-server-optional-fastrack-source-rpms',\n 'rhel-7-server-optional-rpms',\n 'rhel-7-server-optional-source-rpms',\n 'rhel-7-server-rpms',\n 'rhel-7-server-source-rpms',\n 'rhel-ha-for-rhel-7-server-debug-rpms',\n 'rhel-ha-for-rhel-7-server-rpms',\n 'rhel-ha-for-rhel-7-server-source-rpms',\n 'rhel-rs-for-rhel-7-server-debug-rpms',\n 'rhel-rs-for-rhel-7-server-rpms',\n 'rhel-rs-for-rhel-7-server-source-rpms'\n ],\n 'enterprise_linux_7_workstation': [\n 'rhel-7-workstation-debug-rpms',\n 'rhel-7-workstation-fastrack-debug-rpms',\n 'rhel-7-workstation-fastrack-rpms',\n 'rhel-7-workstation-fastrack-source-rpms',\n 'rhel-7-workstation-optional-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-rpms',\n 'rhel-7-workstation-optional-fastrack-source-rpms',\n 'rhel-7-workstation-optional-rpms',\n 'rhel-7-workstation-optional-source-rpms',\n 'rhel-7-workstation-rpms',\n 'rhel-7-workstation-source-rpms'\n ],\n 'rhel_extras_7': [\n 'rhel-7-desktop-supplementary-rpms',\n 'rhel-7-desktop-supplementary-source-rpms',\n 'rhel-7-for-hpc-node-supplementary-rpms',\n 'rhel-7-for-hpc-node-supplementary-source-rpms',\n 'rhel-7-hpc-node-eus-supplementary-rpms',\n 'rhel-7-server-eus-supplementary-rpms',\n 'rhel-7-server-supplementary-rpms',\n 'rhel-7-server-supplementary-source-rpms',\n 'rhel-7-workstation-supplementary-rpms',\n 'rhel-7-workstation-supplementary-source-rpms'\n ],\n 'rhel_extras_oracle_java_7': [\n 'rhel-7-desktop-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-for-hpc-node-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-hpc-node-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-server-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-server-eus-restricted-maintenance-oracle-java-source-rpms',\n 'rhel-7-server-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-workstation-restricted-maintenance-oracle-java-rpms'\n ],\n 'rhel_extras_rt_7': [\n 'rhel-7-server-nfv-debug-rpms',\n 'rhel-7-server-nfv-rpms',\n 'rhel-7-server-nfv-source-rpms',\n 'rhel-7-server-rt-debug-rpms',\n 'rhel-7-server-rt-rpms',\n 'rhel-7-server-rt-source-rpms'\n ],\n 'rhel_extras_sap_7': [\n 'rhel-sap-for-rhel-7-server-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-for-rhel-7-server-eus-rpms',\n 'rhel-sap-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-for-rhel-7-server-rpms',\n 'rhel-sap-for-rhel-7-server-source-rpms'\n ],\n 'rhel_extras_sap_hana_7': [\n 'rhel-sap-hana-for-rhel-7-server-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-rpms',\n 'rhel-sap-hana-for-rhel-7-server-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-20934', 'CVE-2020-11668', 'CVE-2021-33033', 'CVE-2021-33034', 'CVE-2021-33909');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:2726');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'reference':'kernel-rt-3.10.0-1160.36.2.rt56.1179.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-rt-debug-3.10.0-1160.36.2.rt56.1179.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-rt-debug-devel-3.10.0-1160.36.2.rt56.1179.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-rt-debug-kvm-3.10.0-1160.36.2.rt56.1179.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-rt-devel-3.10.0-1160.36.2.rt56.1179.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-rt-doc-3.10.0-1160.36.2.rt56.1179.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-rt-kvm-3.10.0-1160.36.2.rt56.1179.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-rt-trace-3.10.0-1160.36.2.rt56.1179.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-rt-trace-devel-3.10.0-1160.36.2.rt56.1179.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-rt-trace-kvm-3.10.0-1160.36.2.rt56.1179.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-debug / kernel-rt-debug-devel / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-15T20:22:37", "description": "The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:2725 advisory.\n\n - kernel: use-after-free in show_numa_stats function (CVE-2019-20934)\n\n - kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668)\n\n - kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c (CVE-2021-33033)\n\n - kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034)\n\n - kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-07-22T00:00:00", "type": "nessus", "title": "CentOS 7 : kernel (CESA-2021:2725)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-20934", "CVE-2020-11668", "CVE-2021-33033", "CVE-2021-33034", "CVE-2021-33909"], "modified": "2021-07-30T00:00:00", "cpe": ["p-cpe:/a:centos:centos:bpftool", "p-cpe:/a:centos:centos:kernel", "p-cpe:/a:centos:centos:kernel-abi-whitelists", "p-cpe:/a:centos:centos:kernel-debug", "p-cpe:/a:centos:centos:kernel-debug-devel", "p-cpe:/a:centos:centos:kernel-devel", "p-cpe:/a:centos:centos:kernel-headers", "p-cpe:/a:centos:centos:kernel-tools", "p-cpe:/a:centos:centos:kernel-tools-libs", "p-cpe:/a:centos:centos:kernel-tools-libs-devel", "p-cpe:/a:centos:centos:perf", "p-cpe:/a:centos:centos:python-perf", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2021-2725.NASL", "href": "https://www.tenable.com/plugins/nessus/151979", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2725 and\n# CentOS Errata and Security Advisory 2021:2725 respectively.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151979);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/30\");\n\n script_cve_id(\n \"CVE-2019-20934\",\n \"CVE-2020-11668\",\n \"CVE-2021-33033\",\n \"CVE-2021-33034\",\n \"CVE-2021-33909\"\n );\n script_xref(name:\"RHSA\", value:\"2021:2725\");\n script_xref(name:\"IAVA\", value:\"2021-A-0350\");\n\n script_name(english:\"CentOS 7 : kernel (CESA-2021:2725)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2021:2725 advisory.\n\n - kernel: use-after-free in show_numa_stats function (CVE-2019-20934)\n\n - kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668)\n\n - kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c (CVE-2021-33033)\n\n - kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034)\n\n - kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-announce/2021-July/048344.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?53b63f94\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/476.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/787.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-33909\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 416, 476, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'bpftool-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.36.2.el7', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-15T16:43:53", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2725 advisory.\n\n - kernel: use-after-free in show_numa_stats function (CVE-2019-20934)\n\n - kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668)\n\n - kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c (CVE-2021-33033)\n\n - kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034)\n\n - kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-07-21T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2021:2725)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-20934", "CVE-2020-11668", "CVE-2021-33033", "CVE-2021-33034", "CVE-2021-33909"], "modified": "2021-10-07T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2021-2725.NASL", "href": "https://www.tenable.com/plugins/nessus/151888", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:2725. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151888);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/07\");\n\n script_cve_id(\n \"CVE-2019-20934\",\n \"CVE-2020-11668\",\n \"CVE-2021-33033\",\n \"CVE-2021-33034\",\n \"CVE-2021-33909\"\n );\n script_xref(name:\"RHSA\", value:\"2021:2725\");\n script_xref(name:\"IAVA\", value:\"2021-A-0350\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2021:2725)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:2725 advisory.\n\n - kernel: use-after-free in show_numa_stats function (CVE-2019-20934)\n\n - kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668)\n\n - kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c (CVE-2021-33033)\n\n - kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034)\n\n - kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/476.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/787.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-20934\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11668\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-33033\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-33034\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-33909\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:2725\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1824792\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1902788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1961300\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1961305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1970273\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-33909\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(20, 416, 476, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_7_client': [\n 'rhel-7-desktop-debug-rpms',\n 'rhel-7-desktop-fastrack-debug-rpms',\n 'rhel-7-desktop-fastrack-rpms',\n 'rhel-7-desktop-fastrack-source-rpms',\n 'rhel-7-desktop-optional-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-rpms',\n 'rhel-7-desktop-optional-fastrack-source-rpms',\n 'rhel-7-desktop-optional-rpms',\n 'rhel-7-desktop-optional-source-rpms',\n 'rhel-7-desktop-rpms',\n 'rhel-7-desktop-source-rpms'\n ],\n 'enterprise_linux_7_computenode': [\n 'rhel-7-for-hpc-node-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-fastrack-rpms',\n 'rhel-7-for-hpc-node-fastrack-source-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-source-rpms',\n 'rhel-7-hpc-node-debug-rpms',\n 'rhel-7-hpc-node-optional-debug-rpms',\n 'rhel-7-hpc-node-optional-rpms',\n 'rhel-7-hpc-node-optional-source-rpms',\n 'rhel-7-hpc-node-rpms',\n 'rhel-7-hpc-node-source-rpms'\n ],\n 'enterprise_linux_7_server': [\n 'rhel-7-for-system-z-a-debug-rpms',\n 'rhel-7-for-system-z-a-optional-debug-rpms',\n 'rhel-7-for-system-z-a-optional-rpms',\n 'rhel-7-for-system-z-a-optional-source-rpms',\n 'rhel-7-for-system-z-a-rpms',\n 'rhel-7-for-system-z-a-source-rpms',\n 'rhel-7-for-system-z-debug-rpms',\n 'rhel-7-for-system-z-fastrack-debug-rpms',\n 'rhel-7-for-system-z-fastrack-rpms',\n 'rhel-7-for-system-z-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-rpms',\n 'rhel-7-for-system-z-optional-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-rpms',\n 'rhel-7-for-system-z-optional-source-rpms',\n 'rhel-7-for-system-z-rpms',\n 'rhel-7-for-system-z-source-rpms',\n 'rhel-7-server-debug-rpms',\n 'rhel-7-server-fastrack-debug-rpms',\n 'rhel-7-server-fastrack-rpms',\n 'rhel-7-server-fastrack-source-rpms',\n 'rhel-7-server-optional-debug-rpms',\n 'rhel-7-server-optional-fastrack-debug-rpms',\n 'rhel-7-server-optional-fastrack-rpms',\n 'rhel-7-server-optional-fastrack-source-rpms',\n 'rhel-7-server-optional-rpms',\n 'rhel-7-server-optional-source-rpms',\n 'rhel-7-server-rpms',\n 'rhel-7-server-source-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-source-rpms',\n 'rhel-ha-for-rhel-7-server-debug-rpms',\n 'rhel-ha-for-rhel-7-server-rpms',\n 'rhel-ha-for-rhel-7-server-source-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-source-rpms',\n 'rhel-rs-for-rhel-7-server-debug-rpms',\n 'rhel-rs-for-rhel-7-server-rpms',\n 'rhel-rs-for-rhel-7-server-source-rpms'\n ],\n 'enterprise_linux_7_workstation': [\n 'rhel-7-workstation-debug-rpms',\n 'rhel-7-workstation-fastrack-debug-rpms',\n 'rhel-7-workstation-fastrack-rpms',\n 'rhel-7-workstation-fastrack-source-rpms',\n 'rhel-7-workstation-optional-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-rpms',\n 'rhel-7-workstation-optional-fastrack-source-rpms',\n 'rhel-7-workstation-optional-rpms',\n 'rhel-7-workstation-optional-source-rpms',\n 'rhel-7-workstation-rpms',\n 'rhel-7-workstation-source-rpms'\n ],\n 'rhel_extras_7': [\n 'rhel-7-desktop-supplementary-rpms',\n 'rhel-7-desktop-supplementary-source-rpms',\n 'rhel-7-for-hpc-node-supplementary-rpms',\n 'rhel-7-for-hpc-node-supplementary-source-rpms',\n 'rhel-7-for-system-z-eus-supplementary-rpms',\n 'rhel-7-for-system-z-eus-supplementary-source-rpms',\n 'rhel-7-for-system-z-supplementary-debug-rpms',\n 'rhel-7-for-system-z-supplementary-rpms',\n 'rhel-7-for-system-z-supplementary-source-rpms',\n 'rhel-7-hpc-node-eus-supplementary-rpms',\n 'rhel-7-server-eus-supplementary-rpms',\n 'rhel-7-server-supplementary-rpms',\n 'rhel-7-server-supplementary-source-rpms',\n 'rhel-7-workstation-supplementary-rpms',\n 'rhel-7-workstation-supplementary-source-rpms'\n ],\n 'rhel_extras_oracle_java_7': [\n 'rhel-7-desktop-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-for-hpc-node-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-hpc-node-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-server-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-server-eus-restricted-maintenance-oracle-java-source-rpms',\n 'rhel-7-server-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-workstation-restricted-maintenance-oracle-java-rpms'\n ],\n 'rhel_extras_rt_7': [\n 'rhel-7-server-nfv-debug-rpms',\n 'rhel-7-server-nfv-rpms',\n 'rhel-7-server-nfv-source-rpms',\n 'rhel-7-server-rt-debug-rpms',\n 'rhel-7-server-rt-rpms',\n 'rhel-7-server-rt-source-rpms'\n ],\n 'rhel_extras_sap_7': [\n 'rhel-sap-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-debug-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-source-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-source-rpms',\n 'rhel-sap-for-rhel-7-server-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-for-rhel-7-server-eus-rpms',\n 'rhel-sap-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-for-rhel-7-server-rpms',\n 'rhel-sap-for-rhel-7-server-source-rpms'\n ],\n 'rhel_extras_sap_hana_7': [\n 'rhel-sap-hana-for-rhel-7-server-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-rpms',\n 'rhel-sap-hana-for-rhel-7-server-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-20934', 'CVE-2020-11668', 'CVE-2021-33033', 'CVE-2021-33034', 'CVE-2021-33909');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:2725');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'reference':'bpftool-3.10.0-1160.36.2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'bpftool-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-3.10.0-1160.36.2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.36.2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-debug-3.10.0-1160.36.2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-debug-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-debug-devel-3.10.0-1160.36.2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-debug-devel-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-devel-3.10.0-1160.36.2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-devel-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-kdump-3.10.0-1160.36.2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-kdump-devel-3.10.0-1160.36.2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-tools-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-tools-libs-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'perf-3.10.0-1160.36.2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'perf-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'python-perf-3.10.0-1160.36.2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'python-perf-3.10.0-1160.36.2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-15T16:47:35", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:3987 advisory.\n\n - kernel: use-after-free in show_numa_stats function (CVE-2019-20934)\n\n - kernel: use-after-free in drivers/infiniband/core/ucma.c ctx use-after-free (CVE-2020-36385)\n\n - kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks (CVE-2021-22543)\n\n - kernel: SVM nested virtualization issue in KVM (AVIC support) (CVE-2021-3653)\n\n - kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE) (CVE-2021-3656)\n\n - kernel: powerpc: KVM guest OS users can cause host OS memory corruption (CVE-2021-37576)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2021-10-28T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2021:3987)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-20934", "CVE-2020-36385", "CVE-2021-22543", "CVE-2021-3653", "CVE-2021-3656", "CVE-2021-37576"], "modified": "2022-05-09T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.7", "cpe:/o:redhat:rhel_e4s:7.6", "cpe:/o:redhat:rhel_e4s:7.7", "cpe:/o:redhat:rhel_tus:7.7", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2021-3987.NASL", "href": "https://www.tenable.com/plugins/nessus/154668", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:3987. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154668);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/09\");\n\n script_cve_id(\n \"CVE-2019-20934\",\n \"CVE-2020-36385\",\n \"CVE-2021-3653\",\n \"CVE-2021-3656\",\n \"CVE-2021-22543\",\n \"CVE-2021-37576\"\n );\n script_xref(name:\"RHSA\", value:\"2021:3987\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2021:3987)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:3987 advisory.\n\n - kernel: use-after-free in show_numa_stats function (CVE-2019-20934)\n\n - kernel: use-after-free in drivers/infiniband/core/ucma.c ctx use-after-free (CVE-2020-36385)\n\n - kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks (CVE-2021-22543)\n\n - kernel: SVM nested virtualization issue in KVM (AVIC support) (CVE-2021-3653)\n\n - kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE) (CVE-2021-3656)\n\n - kernel: powerpc: KVM guest OS users can cause host OS memory corruption (CVE-2021-37576)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/119.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/862.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/863.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-20934\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-36385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-22543\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-37576\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:3987\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1902788\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1965461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1974319\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1983686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1983988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1986506\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-37576\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3656\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 119, 416, 862, 863);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'rhel_aus_7_7_server': [\n 'rhel-7-server-aus-debug-rpms',\n 'rhel-7-server-aus-debug-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-aus-optional-debug-rpms',\n 'rhel-7-server-aus-optional-debug-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-aus-optional-rpms',\n 'rhel-7-server-aus-optional-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-aus-optional-source-rpms',\n 'rhel-7-server-aus-optional-source-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-aus-rpms',\n 'rhel-7-server-aus-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-aus-source-rpms',\n 'rhel-7-server-aus-source-rpms__7_DOT_7__x86_64'\n ],\n 'rhel_e4s_7_6_server': [\n 'rhel-7-server-aus-debug-rpms',\n 'rhel-7-server-aus-optional-debug-rpms',\n 'rhel-7-server-aus-optional-rpms',\n 'rhel-7-server-aus-optional-source-rpms',\n 'rhel-7-server-aus-rpms',\n 'rhel-7-server-aus-source-rpms',\n 'rhel-7-server-e4s-debug-rpms',\n 'rhel-7-server-e4s-debug-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-e4s-optional-debug-rpms',\n 'rhel-7-server-e4s-optional-debug-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-e4s-optional-rpms',\n 'rhel-7-server-e4s-optional-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-e4s-optional-source-rpms',\n 'rhel-7-server-e4s-optional-source-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-e4s-rpms',\n 'rhel-7-server-e4s-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-e4s-source-rpms',\n 'rhel-7-server-e4s-source-rpms__7_DOT_6__x86_64',\n 'rhel-7-server-tus-debug-rpms',\n 'rhel-7-server-tus-optional-debug-rpms',\n 'rhel-7-server-tus-optional-rpms',\n 'rhel-7-server-tus-optional-source-rpms',\n 'rhel-7-server-tus-source-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-debug-rpms__7_DOT_6__x86_64',\n 'rhel-ha-for-rhel-7-server-e4s-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-rpms__7_DOT_6__x86_64',\n 'rhel-ha-for-rhel-7-server-e4s-source-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-source-rpms__7_DOT_6__x86_64'\n ],\n 'rhel_e4s_7_7_server': [\n 'rhel-7-server-aus-debug-rpms',\n 'rhel-7-server-aus-optional-debug-rpms',\n 'rhel-7-server-aus-optional-rpms',\n 'rhel-7-server-aus-optional-source-rpms',\n 'rhel-7-server-aus-rpms',\n 'rhel-7-server-aus-source-rpms',\n 'rhel-7-server-e4s-debug-rpms',\n 'rhel-7-server-e4s-debug-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-e4s-optional-debug-rpms',\n 'rhel-7-server-e4s-optional-debug-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-e4s-optional-rpms',\n 'rhel-7-server-e4s-optional-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-e4s-optional-source-rpms',\n 'rhel-7-server-e4s-optional-source-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-e4s-rpms',\n 'rhel-7-server-e4s-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-e4s-source-rpms',\n 'rhel-7-server-e4s-source-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-tus-debug-rpms',\n 'rhel-7-server-tus-optional-debug-rpms',\n 'rhel-7-server-tus-optional-rpms',\n 'rhel-7-server-tus-optional-source-rpms',\n 'rhel-7-server-tus-rpms',\n 'rhel-7-server-tus-source-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-debug-rpms__7_DOT_7__x86_64',\n 'rhel-ha-for-rhel-7-server-e4s-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-rpms__7_DOT_7__x86_64',\n 'rhel-ha-for-rhel-7-server-e4s-source-rpms',\n 'rhel-ha-for-rhel-7-server-e4s-source-rpms__7_DOT_7__x86_64'\n ],\n 'rhel_extras_sap_e4s_7_7': [\n 'rhel-sap-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-debug-rpms__7_DOT_7__x86_64',\n 'rhel-sap-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-rpms__7_DOT_7__x86_64',\n 'rhel-sap-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-source-rpms__7_DOT_7__x86_64'\n ],\n 'rhel_extras_sap_hana_e4s_7_7': [\n 'rhel-sap-hana-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-debug-rpms__7_DOT_7__x86_64',\n 'rhel-sap-hana-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-rpms__7_DOT_7__x86_64',\n 'rhel-sap-hana-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-source-rpms__7_DOT_7__x86_64'\n ],\n 'rhel_tus_7_7_server': [\n 'rhel-7-server-tus-debug-rpms',\n 'rhel-7-server-tus-debug-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-tus-optional-debug-rpms',\n 'rhel-7-server-tus-optional-debug-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-tus-optional-rpms',\n 'rhel-7-server-tus-optional-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-tus-optional-source-rpms',\n 'rhel-7-server-tus-optional-source-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-tus-rpms',\n 'rhel-7-server-tus-rpms__7_DOT_7__x86_64',\n 'rhel-7-server-tus-source-rpms',\n 'rhel-7-server-tus-source-rpms__7_DOT_7__x86_64',\n 'rhel-ha-for-rhel-7-server-tus-debug-rpms',\n 'rhel-ha-for-rhel-7-server-tus-debug-rpms__7_DOT_7__x86_64',\n 'rhel-ha-for-rhel-7-server-tus-rpms',\n 'rhel-ha-for-rhel-7-server-tus-rpms__7_DOT_7__x86_64',\n 'rhel-ha-for-rhel-7-server-tus-source-rpms',\n 'rhel-ha-for-rhel-7-server-tus-source-rpms__7_DOT_7__x86_64'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2019-20934', 'CVE-2020-36385', 'CVE-2021-3653', 'CVE-2021-3656', 'CVE-2021-22543', 'CVE-2021-37576');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2021:3987');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'reference':'bpftool-3.10.0-1062.59.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_7_server', 'rhel_e4s_7_6_server', 'rhel_e4s_7_7_server', 'rhel_extras_sap_e4s_7_7', 'rhel_extras_sap_hana_e4s_7_7', 'rhel_tus_7_7_server']},\n {'reference':'kernel-3.10.0-1062.59.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_7_server', 'rhel_e4s_7_6_server', 'rhel_e4s_7_7_server', 'rhel_extras_sap_e4s_7_7', 'rhel_extras_sap_hana_e4s_7_7', 'rhel_tus_7_7_server']},\n {'reference':'kernel-abi-whitelists-3.10.0-1062.59.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_7_server', 'rhel_e4s_7_6_server', 'rhel_e4s_7_7_server', 'rhel_extras_sap_e4s_7_7', 'rhel_extras_sap_hana_e4s_7_7', 'rhel_tus_7_7_server']},\n {'reference':'kernel-debug-3.10.0-1062.59.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_7_server', 'rhel_e4s_7_6_server', 'rhel_e4s_7_7_server', 'rhel_extras_sap_e4s_7_7', 'rhel_extras_sap_hana_e4s_7_7', 'rhel_tus_7_7_server']},\n {'reference':'kernel-debug-devel-3.10.0-1062.59.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_7_server', 'rhel_e4s_7_6_server', 'rhel_e4s_7_7_server', 'rhel_extras_sap_e4s_7_7', 'rhel_extras_sap_hana_e4s_7_7', 'rhel_tus_7_7_server']},\n {'reference':'kernel-devel-3.10.0-1062.59.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_7_server', 'rhel_e4s_7_6_server', 'rhel_e4s_7_7_server', 'rhel_extras_sap_e4s_7_7', 'rhel_extras_sap_hana_e4s_7_7', 'rhel_tus_7_7_server']},\n {'reference':'kernel-headers-3.10.0-1062.59.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_7_server', 'rhel_e4s_7_6_server', 'rhel_e4s_7_7_server', 'rhel_extras_sap_e4s_7_7', 'rhel_extras_sap_hana_e4s_7_7', 'rhel_tus_7_7_server']},\n {'reference':'kernel-tools-3.10.0-1062.59.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_7_server', 'rhel_e4s_7_6_server', 'rhel_e4s_7_7_server', 'rhel_extras_sap_e4s_7_7', 'rhel_extras_sap_hana_e4s_7_7', 'rhel_tus_7_7_server']},\n {'reference':'kernel-tools-libs-3.10.0-1062.59.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_7_server', 'rhel_e4s_7_6_server', 'rhel_e4s_7_7_server', 'rhel_extras_sap_e4s_7_7', 'rhel_extras_sap_hana_e4s_7_7', 'rhel_tus_7_7_server']},\n {'reference':'kernel-tools-libs-devel-3.10.0-1062.59.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_7_server', 'rhel_e4s_7_6_server', 'rhel_e4s_7_7_server', 'rhel_extras_sap_e4s_7_7', 'rhel_extras_sap_hana_e4s_7_7', 'rhel_tus_7_7_server']},\n {'reference':'perf-3.10.0-1062.59.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_7_server', 'rhel_e4s_7_6_server', 'rhel_e4s_7_7_server', 'rhel_extras_sap_e4s_7_7', 'rhel_extras_sap_hana_e4s_7_7', 'rhel_tus_7_7_server']},\n {'reference':'python-perf-3.10.0-1062.59.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['rhel_aus_7_7_server', 'rhel_e4s_7_6_server', 'rhel_e4s_7_7_server', 'rhel_extras_sap_e4s_7_7', 'rhel_extras_sap_hana_e4s_7_7', 'rhel_tus_7_7_server']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-15T16:59:54", "description": "The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel packages installed that are affected by multiple vulnerabilities:\n\n - An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function allocate_trace_buffer in the file kernel/trace/trace.c. (CVE-2017-18595)\n\n - An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c. (CVE-2019-20934)\n\n - In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770. (CVE-2020-11668)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore. (CVE-2020-28374)\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads to writing an arbitrary value. (CVE-2021-33033)\n\n - In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. (CVE-2021-33034)\n\n - fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05. (CVE-2021-33909)\n\n - An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the system or possibly escalate their privileges on the system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3612)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2022-05-09T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2022-0040)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-18595", "CVE-2019-20934", "CVE-2020-11668", "CVE-2020-28374", "CVE-2021-33033", "CVE-2021-33034", "CVE-2021-33909", "CVE-2021-3612"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_core:bpftool", "p-cpe:/a:zte:cgsl_core:kernel", "p-cpe:/a:zte:cgsl_core:kernel-abi-whitelists", "p-cpe:/a:zte:cgsl_core:kernel-core", "p-cpe:/a:zte:cgsl_core:kernel-debug-core", "p-cpe:/a:zte:cgsl_core:kernel-debug-debuginfo", "p-cpe:/a:zte:cgsl_core:kernel-debug-devel", "p-cpe:/a:zte:cgsl_core:kernel-debug-modules", "p-cpe:/a:zte:cgsl_core:kernel-debuginfo", "p-cpe:/a:zte:cgsl_core:kernel-debuginfo-common-x86_64", "p-cpe:/a:zte:cgsl_core:kernel-devel", "p-cpe:/a:zte:cgsl_core:kernel-headers", "p-cpe:/a:zte:cgsl_core:kernel-modules", "p-cpe:/a:zte:cgsl_core:kernel-tools", "p-cpe:/a:zte:cgsl_core:kernel-tools-debuginfo", "p-cpe:/a:zte:cgsl_core:kernel-tools-libs", "p-cpe:/a:zte:cgsl_core:kernel-tools-libs-devel", "p-cpe:/a:zte:cgsl_core:perf", "p-cpe:/a:zte:cgsl_core:perf-debuginfo", "p-cpe:/a:zte:cgsl_core:python-perf", "p-cpe:/a:zte:cgsl_core:python-perf-debuginfo", "p-cpe:/a:zte:cgsl_main:bpftool", "p-cpe:/a:zte:cgsl_main:kernel", "p-cpe:/a:zte:cgsl_main:kernel-abi-whitelists", "p-cpe:/a:zte:cgsl_main:kernel-debug", "p-cpe:/a:zte:cgsl_main:kernel-debug-debuginfo", "p-cpe:/a:zte:cgsl_main:kernel-debug-devel", "p-cpe:/a:zte:cgsl_main:kernel-debuginfo", "p-cpe:/a:zte:cgsl_main:kernel-debuginfo-common-x86_64", "p-cpe:/a:zte:cgsl_main:kernel-devel", "p-cpe:/a:zte:cgsl_main:kernel-headers", "p-cpe:/a:zte:cgsl_main:kernel-tools", "p-cpe:/a:zte:cgsl_main:kernel-tools-debuginfo", "p-cpe:/a:zte:cgsl_main:kernel-tools-libs", "p-cpe:/a:zte:cgsl_main:kernel-tools-libs-devel", "p-cpe:/a:zte:cgsl_main:perf", "p-cpe:/a:zte:cgsl_main:perf-debuginfo", "p-cpe:/a:zte:cgsl_main:python-perf", "p-cpe:/a:zte:cgsl_main:python-perf-debuginfo", "cpe:/o:zte:cgsl_core:5", "cpe:/o:zte:cgsl_main:5"], "id": "NEWSTART_CGSL_NS-SA-2022-0040_KERNEL.NASL", "href": "https://www.tenable.com/plugins/nessus/160815", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2022-0040. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160815);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2017-18595\",\n \"CVE-2019-20934\",\n \"CVE-2020-11668\",\n \"CVE-2020-28374\",\n \"CVE-2021-3612\",\n \"CVE-2021-33033\",\n \"CVE-2021-33034\",\n \"CVE-2021-33909\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0350\");\n\n script_name(english:\"NewStart CGSL CORE 5.05 / MAIN 5.05 : kernel Multiple Vulnerabilities (NS-SA-2022-0040)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has kernel packages installed that are affected by\nmultiple vulnerabilities:\n\n - An issue was discovered in the Linux kernel before 4.14.11. A double free may be caused by the function\n allocate_trace_buffer in the file kernel/trace/trace.c. (CVE-2017-18595)\n\n - An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a\n use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka\n CID-16d51a590a8c. (CVE-2019-20934)\n\n - In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB\n driver) mishandles invalid descriptors, aka CID-a246b4d54770. (CVE-2020-11668)\n\n - In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier checking\n in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal\n in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker\n has access to one iSCSI LUN. The attacker gains control over file access because I/O operations are\n proxied via an attacker-selected backstore. (CVE-2020-28374)\n\n - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because\n the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads\n to writing an arbitrary value. (CVE-2021-33033)\n\n - In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an\n hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. (CVE-2021-33034)\n\n - fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer\n allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an\n unprivileged user, aka CID-8cae8cd89f05. (CVE-2021-33909)\n\n - An out-of-bounds memory write flaw was found in the Linux kernel's joystick devices subsystem in versions\n before 5.9-rc1, in the way the user calls ioctl JSIOCSBTNMAP. This flaw allows a local user to crash the\n system or possibly escalate their privileges on the system. The highest threat from this vulnerability is\n to confidentiality, integrity, as well as system availability. (CVE-2021-3612)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2022-0040\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2017-18595\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-20934\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-11668\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2020-28374\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-33033\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-33034\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-33909\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-3612\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL kernel packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3612\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-28374\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/09/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_core:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:5\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.05\" &&\n release !~ \"CGSL MAIN 5.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.05 / NewStart CGSL MAIN 5.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL CORE 5.05': [\n 'bpftool-3.10.0-957.27.2.el7.cgslv5_5.19.318.g3b87fe1.lite',\n 'kernel-3.10.0-957.27.2.el7.cgslv5_5.19.318.g3b87fe1.lite',\n 'kernel-abi-whitelists-3.10.0-957.27.2.el7.cgslv5_5.19.318.g3b87fe1.lite',\n 'kernel-core-3.10.0-957.27.2.el7.cgslv5_5.19.318.g3b87fe1.lite',\n 'kernel-debug-core-3.10.0-957.27.2.el7.cgslv5_5.19.318.g3b87fe1.lite',\n 'kernel-debug-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.19.318.g3b87fe1.lite',\n 'kernel-debug-devel-3.10.0-957.27.2.el7.cgslv5_5.19.318.g3b87fe1.lite',\n 'kernel-debug-modules-3.10.0-957.27.2.el7.cgslv5_5.19.318.g3b87fe1.lite',\n 'kernel-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.19.318.g3b87fe1.lite',\n 'kernel-debuginfo-common-x86_64-3.10.0-957.27.2.el7.cgslv5_5.19.318.g3b87fe1.lite',\n 'kernel-devel-3.10.0-957.27.2.el7.cgslv5_5.19.318.g3b87fe1.lite',\n 'kernel-headers-3.10.0-957.27.2.el7.cgslv5_5.19.318.g3b87fe1.lite',\n 'kernel-modules-3.10.0-957.27.2.el7.cgslv5_5.19.318.g3b87fe1.lite',\n 'kernel-tools-3.10.0-957.27.2.el7.cgslv5_5.19.318.g3b87fe1.lite',\n 'kernel-tools-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.19.318.g3b87fe1.lite',\n 'kernel-tools-libs-3.10.0-957.27.2.el7.cgslv5_5.19.318.g3b87fe1.lite',\n 'kernel-tools-libs-devel-3.10.0-957.27.2.el7.cgslv5_5.19.318.g3b87fe1.lite',\n 'perf-3.10.0-957.27.2.el7.cgslv5_5.19.318.g3b87fe1.lite',\n 'perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.19.318.g3b87fe1.lite',\n 'python-perf-3.10.0-957.27.2.el7.cgslv5_5.19.318.g3b87fe1.lite',\n 'python-perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.19.318.g3b87fe1.lite'\n ],\n 'CGSL MAIN 5.05': [\n 'bpftool-3.10.0-957.27.2.el7.cgslv5_5.20.382.g95b322d',\n 'kernel-3.10.0-957.27.2.el7.cgslv5_5.20.382.g95b322d',\n 'kernel-abi-whitelists-3.10.0-957.27.2.el7.cgslv5_5.20.382.g95b322d',\n 'kernel-debug-3.10.0-957.27.2.el7.cgslv5_5.20.382.g95b322d',\n 'kernel-debug-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.20.382.g95b322d',\n 'kernel-debug-devel-3.10.0-957.27.2.el7.cgslv5_5.20.382.g95b322d',\n 'kernel-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.20.382.g95b322d',\n 'kernel-debuginfo-common-x86_64-3.10.0-957.27.2.el7.cgslv5_5.20.382.g95b322d',\n 'kernel-devel-3.10.0-957.27.2.el7.cgslv5_5.20.382.g95b322d',\n 'kernel-headers-3.10.0-957.27.2.el7.cgslv5_5.20.382.g95b322d',\n 'kernel-tools-3.10.0-957.27.2.el7.cgslv5_5.20.382.g95b322d',\n 'kernel-tools-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.20.382.g95b322d',\n 'kernel-tools-libs-3.10.0-957.27.2.el7.cgslv5_5.20.382.g95b322d',\n 'kernel-tools-libs-devel-3.10.0-957.27.2.el7.cgslv5_5.20.382.g95b322d',\n 'perf-3.10.0-957.27.2.el7.cgslv5_5.20.382.g95b322d',\n 'perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.20.382.g95b322d',\n 'python-perf-3.10.0-957.27.2.el7.cgslv5_5.20.382.g95b322d',\n 'python-perf-debuginfo-3.10.0-957.27.2.el7.cgslv5_5.20.382.g95b322d'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-19T00:43:31", "description": "The SUSE Linux Enterprise 15-SP1 RT kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-20669: Fixed an improper check i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c (bsc#1122971).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c (bsc#1179663).\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).\n\nCVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)\n\nCVE-2020-27786: Fixed a use after free in kernel midi subsystem snd_rawmidi_kernel_read1() (bsc#1179601).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095 (bsc#1178589).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-12-15T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3798-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20669", "CVE-2019-20934", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25669", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29371", "CVE-2020-4788"], "modified": "2020-12-17T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt", "p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt-base", "p-cpe:/a:novell:suse_linux:kernel-rt-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt-devel", "p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-3798-1.NASL", "href": "https://www.tenable.com/plugins/nessus/144259", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3798-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144259);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/17\");\n\n script_cve_id(\"CVE-2018-20669\", \"CVE-2019-20934\", \"CVE-2020-15436\", \"CVE-2020-15437\", \"CVE-2020-25669\", \"CVE-2020-27777\", \"CVE-2020-27786\", \"CVE-2020-28915\", \"CVE-2020-28974\", \"CVE-2020-29371\", \"CVE-2020-4788\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2020:3798-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 15-SP1 RT kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-20669: Fixed an improper check i915_gem_execbuffer2_ioctl in\ndrivers/gpu/drm/i915/i915_gem_execbuffer.c (bsc#1122971).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because\nNUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c\n(bsc#1179663).\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c\nwhich could have allowed local users to gain privileges or cause a\ndenial of service (bsc#1179141).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have\nallowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit()\n(bsc#1178182).\n\nCVE-2020-27777: Restrict RTAS requests from userspace (bsc#1179107)\n\nCVE-2020-27786: Fixed a use after free in kernel midi subsystem\nsnd_rawmidi_kernel_read1() (bsc#1179601).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could\nhave been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could\nhave been used by local attackers to read privileged information or\npotentially crash the kernel, aka CID-3c4e0dff2095 (bsc#1178589).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace\n(bsc#1179429).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have\nallowed a local user to obtain sensitive information from the data in\nthe L1 cache under extenuating circumstances (bsc#1177666).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050549\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1067665\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104389\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122971\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139944\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170139\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170630\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175916\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176109\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176559\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176956\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177304\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177397\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177805\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177808\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177819\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177820\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178270\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178589\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178590\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178669\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178853\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178854\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178878\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178886\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178897\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178940\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178962\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179140\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179141\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179211\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179213\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179259\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179403\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179418\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179424\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179426\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179427\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179520\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179601\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179616\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179672\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179724\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20669/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-20934/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15436/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15437/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25669/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27777/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27786/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-28915/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-28974/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-29371/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-4788/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203798-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?84d49865\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Realtime 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-RT-15-SP1-2020-3798=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-debuginfo-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-debuginfo-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-debuginfo-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-base-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-base-debuginfo-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-debugsource-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-devel-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt-devel-debuginfo-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debuginfo-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debugsource-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-debuginfo-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"kernel-syms-rt-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-4.12.14-14.44.2\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-debuginfo-4.12.14-14.44.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:51:07", "description": "The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-20669: Fixed an improper check i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c (bsc#1122971).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c (bsc#1179663).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666).\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-01-13T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0098-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20669", "CVE-2019-20934", "CVE-2020-0444", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-15436", "CVE-2020-27068", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-27825", "CVE-2020-29371", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-4788"], "modified": "2021-01-15T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-base", "p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debugsource", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-0098-1.NASL", "href": "https://www.tenable.com/plugins/nessus/144914", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0098-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144914);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/15\");\n\n script_cve_id(\"CVE-2018-20669\", \"CVE-2019-20934\", \"CVE-2020-0444\", \"CVE-2020-0465\", \"CVE-2020-0466\", \"CVE-2020-15436\", \"CVE-2020-27068\", \"CVE-2020-27777\", \"CVE-2020-27786\", \"CVE-2020-27825\", \"CVE-2020-29371\", \"CVE-2020-29660\", \"CVE-2020-29661\", \"CVE-2020-4788\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0098-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2018-20669: Fixed an improper check i915_gem_execbuffer2_ioctl in\ndrivers/gpu/drm/i915/i915_gem_execbuffer.c (bsc#1122971).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because\nNUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c\n(bsc#1179663).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in\naudit_data_to_entry (bnc#1180027).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in\nhid-multitouch.c that could have led to local privilege escalation\n(bnc#1180029).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in\ndo_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have\nallowed a local user to obtain sensitive information from the data in\nthe L1 cache under extenuating circumstances (bsc#1177666).\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c\nwhich could have allowed local users to gain privileges or cause a\ndenial of service (bsc#1179141).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds\ncheck in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time\nAbstraction Services (RTAS) interface, affecting guests running on top\nof PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2020-27786: Fixed an out-of-bounds write in the MIDI\nimplementation (bnc#1179601).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls\n(bsc#1179960).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace\n(bsc#1179429).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem\nthat may have allowed a read-after-free attack against TIOCGSID\n(bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that\nallowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044767\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050242\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050536\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050545\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056787\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064802\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066129\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094840\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104389\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109695\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110096\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114648\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115431\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122971\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136460\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136461\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139944\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164780\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171078\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172538\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174784\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174852\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176558\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176559\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176956\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178270\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178401\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178590\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178762\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179014\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179015\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179045\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179082\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179141\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179142\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179204\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179403\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179406\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179418\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179419\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179421\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179429\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179520\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179578\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179601\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179616\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179666\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179670\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179671\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179672\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179673\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179711\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179713\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179714\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179722\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179723\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179724\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179745\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179810\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179888\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179895\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179896\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179960\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179963\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180027\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180028\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180029\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180030\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180031\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180032\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180052\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180086\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180117\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180258\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180506\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2018-20669/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-20934/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-0444/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-0465/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-0466/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15436/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27068/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27777/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27786/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27825/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-29371/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-29660/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-29661/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-4788/\"\n );\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210098-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b07b6a77\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-98=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-4.12.14-16.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-base-4.12.14-16.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-base-debuginfo-4.12.14-16.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-debuginfo-4.12.14-16.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-debugsource-4.12.14-16.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-devel-4.12.14-16.41.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-syms-azure-4.12.14-16.41.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:52:41", "description": "The remote OracleVM system is missing necessary patches to address security updates:\n\n - A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895)\n\n - ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero. (CVE-2019-19037)\n\n - In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c. (CVE-2019-19447)\n\n - An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c. (CVE-2019-20934)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7.\n This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service. (CVE-2020-10711)\n\n - usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925. (CVE-2020-12464)\n\n - The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a double fetch vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states The security impact of this bug is not as bad as it could have been because these operations are all privileged and root already has enormous destructive power. (CVE-2020-12652)\n\n - An out-of-bounds memory write flaw was found in how the Linux kernel's Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-14305)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14351)\n\n - Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.\n (CVE-2020-15436)\n\n - A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op. (CVE-2020-25668)\n\n - A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version (CVE-2020-25705)\n\n - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. (CVE-2020-28915)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-01-11T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : kernel-uek (OVMSA-2021-0001)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-14895", "CVE-2019-19037", "CVE-2019-19447", "CVE-2019-20934", "CVE-2020-10711", "CVE-2020-12464", "CVE-2020-12652", "CVE-2020-14305", "CVE-2020-14351", "CVE-2020-15436", "CVE-2020-25668", "CVE-2020-25705", "CVE-2020-28915", "CVE-2020-28974"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2021-0001.NASL", "href": "https://www.tenable.com/plugins/nessus/144837", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were\n# extracted from OracleVM Security Advisory OVMSA-2021-0001.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144837);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2019-14895\",\n \"CVE-2019-19037\",\n \"CVE-2019-19447\",\n \"CVE-2019-20934\",\n \"CVE-2020-10711\",\n \"CVE-2020-12464\",\n \"CVE-2020-12652\",\n \"CVE-2020-14305\",\n \"CVE-2020-14351\",\n \"CVE-2020-15436\",\n \"CVE-2020-25668\",\n \"CVE-2020-25705\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\"\n );\n\n script_name(english:\"OracleVM 3.4 : kernel-uek (OVMSA-2021-0001)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote OracleVM host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote OracleVM system is missing necessary patches to address security updates:\n\n - A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before\n 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection\n negotiation during the handling of the remote devices country settings. This could allow the remote device\n to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895)\n\n - ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference\n because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero. (CVE-2019-19037)\n\n - In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and\n unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list\n in fs/ext4/super.c. (CVE-2019-19447)\n\n - An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a\n use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka\n CID-16d51a590a8c. (CVE-2019-20934)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7.\n This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into\n the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO\n restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate\n that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer\n dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network\n user to crash the system kernel, resulting in a denial of service. (CVE-2020-10711)\n\n - usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because\n a transfer occurs without a reference, aka CID-056ad39ee925. (CVE-2020-12464)\n\n - The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows\n local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a\n double fetch vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states The security impact of this\n bug is not as bad as it could have been because these operations are all privileged and root already has\n enormous destructive power. (CVE-2020-12652)\n\n - An out-of-bounds memory write flaw was found in how the Linux kernel's Voice Over IP H.323 connection\n tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote\n user to crash the system, causing a denial of service. The highest threat from this vulnerability is to\n confidentiality, integrity, as well as system availability. (CVE-2020-14305)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem\n allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2020-14351)\n\n - Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain\n privileges or cause a denial of service by leveraging improper access to a certain error field.\n (CVE-2020-15436)\n\n - A flaw was found in Linux Kernel because access to the global variable fg_console is not properly\n synchronized leading to a use after free in con_font_op. (CVE-2020-25668)\n\n - A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw\n allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that\n relies on UDP source port randomization are indirectly affected as well on the Linux Based Products\n (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4,\n SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE\n W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All\n versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7\n LTE EU: Version (CVE-2020-25705)\n\n - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be\n used by local attackers to read kernel memory, aka CID-6735b4632def. (CVE-2020-28915)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to\n read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because\n KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2019-14895.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2019-19037.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2019-19447.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2019-20934.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2020-10711.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2020-12464.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2020-12652.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2020-14305.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2020-14351.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2020-15436.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2020-25668.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2020-25705.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2020-28915.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2020-28974.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/OVMSA-2021-0001.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek / kernel-uek-firmware packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14305\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-14895\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.46.3.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for OVMSA-2021-0001');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.46.3.el6uek', 'cpu':'x86_64', 'release':'3.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.46.3.el6uek', 'cpu':'x86_64', 'release':'3.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'OVS' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-firmware');\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2022-06-16T14:51:07", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9002 advisory.\n\n - A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7.\n This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service. (CVE-2020-10711)\n\n - usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925. (CVE-2020-12464)\n\n - The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a double fetch vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states The security impact of this bug is not as bad as it could have been because these operations are all privileged and root already has enormous destructive power. (CVE-2020-12652)\n\n - In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c. (CVE-2019-19447)\n\n - ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero. (CVE-2019-19037)\n\n - An out-of-bounds memory write flaw was found in how the Linux kernels Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-14305)\n\n - A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op. (CVE-2020-25668)\n\n - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. (CVE-2020-28915)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)\n\n - An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c. (CVE-2019-20934)\n\n - Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.\n (CVE-2020-15436)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-14351)\n\n - A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version (CVE-2020-25705)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-01-07T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9002)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-14895", "CVE-2019-19037", "CVE-2019-19447", "CVE-2019-20934", "CVE-2020-10711", "CVE-2020-12464", "CVE-2020-12652", "CVE-2020-14305", "CVE-2020-14351", "CVE-2020-15436", "CVE-2020-25668", "CVE-2020-25705", "CVE-2020-28915", "CVE-2020-28974"], "modified": "2022-05-11T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2021-9002.NASL", "href": "https://www.tenable.com/plugins/nessus/144802", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9002.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144802);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2019-14895\",\n \"CVE-2019-19037\",\n \"CVE-2019-19447\",\n \"CVE-2019-20934\",\n \"CVE-2020-10711\",\n \"CVE-2020-12464\",\n \"CVE-2020-12652\",\n \"CVE-2020-14305\",\n \"CVE-2020-14351\",\n \"CVE-2020-15436\",\n \"CVE-2020-25668\",\n \"CVE-2020-25705\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\"\n );\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9002)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2021-9002 advisory.\n\n - A heap-based buffer overflow was discovered in the Linux kernel, all versions 3.x.x and 4.x.x before\n 4.18.0, in Marvell WiFi chip driver. The flaw could occur when the station attempts a connection\n negotiation during the handling of the remote devices country settings. This could allow the remote device\n to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2019-14895)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7.\n This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into\n the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO\n restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate\n that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer\n dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network\n user to crash the system kernel, resulting in a denial of service. (CVE-2020-10711)\n\n - usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because\n a transfer occurs without a reference, aka CID-056ad39ee925. (CVE-2020-12464)\n\n - The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows\n local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a\n double fetch vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states The security impact of this\n bug is not as bad as it could have been because these operations are all privileged and root already has\n enormous destructive power. (CVE-2020-12652)\n\n - In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and\n unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list\n in fs/ext4/super.c. (CVE-2019-19447)\n\n - ext4_empty_dir in fs/ext4/namei.c in the Linux kernel through 5.3.12 allows a NULL pointer dereference\n because ext4_read_dirblock(inode,0,DIRENT_HTREE) can be zero. (CVE-2019-19037)\n\n - An out-of-bounds memory write flaw was found in how the Linux kernels Voice Over IP H.323 connection\n tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote\n user to crash the system, causing a denial of service. The highest threat from this vulnerability is to\n confidentiality, integrity, as well as system availability. (CVE-2020-14305)\n\n - A flaw was found in Linux Kernel because access to the global variable fg_console is not properly\n synchronized leading to a use after free in con_font_op. (CVE-2020-25668)\n\n - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be\n used by local attackers to read kernel memory, aka CID-6735b4632def. (CVE-2020-28915)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to\n read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because\n KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height. (CVE-2020-28974)\n\n - An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a\n use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka\n CID-16d51a590a8c. (CVE-2019-20934)\n\n - Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain\n privileges or cause a denial of service by leveraging improper access to a certain error field.\n (CVE-2020-15436)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem\n allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2020-14351)\n\n - A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw\n allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that\n relies on UDP source port randomization are indirectly affected as well on the Linux Based Products\n (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4,\n SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE\n W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All\n versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7\n LTE EU: Version (CVE-2020-25705)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9002.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14305\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-14895\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.46.3.el6uek', '4.1.12-124.46.3.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-9002');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.46.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.46.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.46.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.46.3.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.46.3.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.46.3.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.46.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.46.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.46.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.46.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.46.3.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.46.3.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2022-06-16T14:52:41", "description": "The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-28374: Fixed a LIO security issue (bsc#1178372).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c (bsc#1179663).\n\nCVE-2020-27786: Fixed a use after free in kernel midi subsystem snd_rawmidi_kernel_read1() (bsc#1179601).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666).\n\nCVE-2018-20669: Fixed an improper check i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c (bsc#1122971).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-01-20T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0133-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20669", "CVE-2019-20934", "CVE-2020-0444", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-27068", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-27825", "CVE-2020-28374", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158", "CVE-2020-4788"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-0133-1.NASL", "href": "https://www.tenable.com/plugins/nessus/145120", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0133-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145120);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2018-20669\",\n \"CVE-2019-20934\",\n \"CVE-2020-0444\",\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-4788\",\n \"CVE-2020-27068\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-27825\",\n \"CVE-2020-28374\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0133-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-28374: Fixed a LIO security issue (bsc#1178372).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell\nmwifiex driver (bsc#1180559).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls\n(bsc#1179960).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in\ndo_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds\ncheck in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in\nhid-multitouch.c that could have led to local privilege escalation\n(bnc#1180029).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in\naudit_data_to_entry (bnc#1180027).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem\nthat may have allowed a read-after-free attack against TIOCGSID\n(bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that\nallowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time\nAbstraction Services (RTAS) interface, affecting guests running on top\nof PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because\nNUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c\n(bsc#1179663).\n\nCVE-2020-27786: Fixed a use after free in kernel midi subsystem\nsnd_rawmidi_kernel_read1() (bsc#1179601).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have\nallowed a local user to obtain sensitive information from the data in\nthe L1 cache under extenuating circumstances (bsc#1177666).\n\nCVE-2018-20669: Fixed an improper check i915_gem_execbuffer2_ioctl in\ndrivers/gpu/drm/i915/i915_gem_execbuffer.c (bsc#1122971).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064802\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109837\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1114648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1122971\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139944\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144912\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178270\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179142\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179403\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179406\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179421\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179520\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179670\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179714\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179723\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179724\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180258\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20669/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-20934/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0444/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0465/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0466/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27068/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27786/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27825/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28374/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29661/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36158/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-4788/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210133-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9b2ee691\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP5 :\n\nzypper in -t patch SUSE-SLE-WE-12-SP5-2021-133=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2021-133=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-133=1\n\nSUSE Linux Enterprise Live Patching 12-SP5 :\n\nzypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-133=1\n\nSUSE Linux Enterprise High Availability 12-SP5 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP5-2021-133=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-28374\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-122.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-122.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-4.12.14-122.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-base-4.12.14-122.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-base-debuginfo-4.12.14-122.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-debuginfo-4.12.14-122.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-debugsource-4.12.14-122.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-devel-4.12.14-122.57.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-syms-4.12.14-122.57.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:51:38", "description": "The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c (bsc#1179663).\n\nCVE-2020-27786: Fixed a use after free in kernel midi subsystem snd_rawmidi_kernel_read1() (bsc#1179601).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-01-15T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:0118-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-20669", "CVE-2019-20934", "CVE-2020-0444", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-27068", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-27825", "CVE-2020-28374", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158", "CVE-2020-4788"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-0118-1.NASL", "href": "https://www.tenable.com/plugins/nessus/145018", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0118-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145018);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2018-20669\",\n \"CVE-2019-20934\",\n \"CVE-2020-0444\",\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-4788\",\n \"CVE-2020-27068\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-27825\",\n \"CVE-2020-28374\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\"\n );\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:0118-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell\nmwifiex driver (bsc#1180559).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls\n(bsc#1179960).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in\ndo_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds\ncheck in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in\nhid-multitouch.c that could have led to local privilege escalation\n(bnc#1180029).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in\naudit_data_to_entry (bnc#1180027).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem\nthat may have allowed a read-after-free attack against TIOCGSID\n(bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that\nallowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time\nAbstraction Services (RTAS) interface, affecting guests running on top\nof PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because\nNUMA fault statistics were inappropriately freed, aka CID-16d51a590a8c\n(bsc#1179663).\n\nCVE-2020-27786: Fixed a use after free in kernel midi subsystem\nsnd_rawmidi_kernel_read1() (bsc#1179601).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1040855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1044767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050242\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050536\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1050545\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1055117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1056787\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1064802\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1066129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104393\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109837\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1110096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1115431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1136461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1138374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139944\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144912\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1164780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178270\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179142\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179520\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179670\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179714\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179723\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179724\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180258\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-20669/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-20934/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0444/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0465/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0466/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27068/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27786/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27825/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28374/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29661/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36158/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-4788/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210118-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3fabc347\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-WE-15-SP1-2021-118=1\n\nSUSE Linux Enterprise Module for Live Patching 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-118=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-15-SP1-2021-118=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP1-2021-118=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2021-118=1\n\nSUSE Linux Enterprise High Availability 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-118=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-28374\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-debuginfo-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debuginfo-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debugsource-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-debuginfo-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-debugsource-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-syms-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-debuginfo-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-base-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-base-debuginfo-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-debuginfo-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-debugsource-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-devel-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-default-devel-debuginfo-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-obs-build-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-obs-build-debugsource-4.12.14-197.78.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"kernel-syms-4.12.14-197.78.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:53:07", "description": "The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-29568: An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable (bnc#1179508).\n\n - CVE-2020-29569: The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback (bnc#1179509).\n\n - CVE-2020-25639: Bail out of nouveau_channel_new if channel init fails (bsc#1176846).\n\n - CVE-2020-28374: In drivers/target/target_core_xcopy.c insufficient identifier checking in the LIO SCSI target code can be used by remote attackers to read or write files via directory traversal in an XCOPY request, aka CID-2896c93811e3. For example, an attack can occur over a network if the attacker has access to one iSCSI LUN.\n The attacker gains control over file access because I/O operations are proxied via an attacker-selected backstore (bnc#1178372 1180676).\n\n - CVE-2020-36158: mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332 (bnc#1180559).\n\n - CVE-2020-27825: A use-after-free flaw was found in kernel/trace/ring_buffer.c. There was a race problem in trace_open and resize of cpu buffer running parallely on different cpus, may cause a denial of service problem (DOS). This flaw could even allow a local attacker with special user privilege to a kernel information leak threat (bnc#1179960).\n\n - CVE-2020-0466: In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1180031).\n\n - CVE-2020-27068: In the nl80211_policy policy of nl80211.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not required for exploitation (bnc#1180086).\n\n - CVE-2020-0465: In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1180029).\n\n - CVE-2020-0444: In audit_free_lsm_field of auditfilter.c, there is a possible bad kfree due to a logic error in audit_data_to_entry. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1180027).\n\n - CVE-2020-29660: A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may have allowed a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24 (bnc#1179745).\n\n - CVE-2020-29661: A locking issue was discovered in the tty subsystem of the Linux kernel drivers/tty/tty_jobctrl.c allowed a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b (bnc#1179745).\n\n - CVE-2020-27777: A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel (bnc#1179107).\n\n - CVE-2020-11668: In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandled invalid descriptors, aka CID-a246b4d54770 (bnc#1168952).\n\n - CVE-2019-20934: An issue was discovered in the Linux kernel On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c (bnc#1179663).\n\n - CVE-2020-27786: A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation (bnc#1179601).\n\n - CVE-2020-4788: IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID: 189296 (bnc#1177666).\n\nThe following non-security bugs were fixed :\n\n - ACPI: PNP: compare the string length in the matching_id() (git-fixes).\n\n - ACPICA: Disassembler: create buffer fields in ACPI_PARSE_LOAD_PASS1 (git-fixes).\n\n - ACPICA: Do not increment operation_region reference counts for field units (git-fixes).\n\n - ALSA: ca0106: fix error code handling (git-fixes).\n\n - ALSA: ctl: allow TLV read operation for callback type of element in locked case (git-fixes).\n\n - ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO (git-fixes).\n\n - ALSA: hda/ca0132 - Change Input Source enum strings (git-fixes).\n\n - ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg (git-fixes).\n\n - ALSA: hda/generic: Add option to enforce preferred_dacs pairs (git-fixes).\n\n - ALSA: hda/hdmi: always check pin power status in i915 pin fixup (git-fixes).\n\n - ALSA: hda/realtek - Add new codec supported for ALC897 (git-fixes).\n\n - ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged (git-fixes).\n\n - ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255 (git-fixes).\n\n - ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model (git-fixes).\n\n - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220) (git-fixes).\n\n - ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation P520 (git-fixes).\n\n - ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294 (git-fixes).\n\n - ALSA: hda/via: Fix runtime PM for Clevo W35xSS (git-fixes).\n\n - ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table (git-fixes).\n\n - ALSA: hda: Fix potential race in unsol event handler (git-fixes).\n\n - ALSA: hda: Fix regressions on clear and reconfig sysfs (git-fixes).\n\n - ALSA: info: Drop WARN_ON() from buffer NULL sanity check (git-fixes).\n\n - ALSA: isa/wavefront: prevent out of bounds write in ioctl (git-fixes).\n\n - ALSA: line6: Perform sanity check for each URB creation (git-fixes).\n\n - ALSA: pcm: Clear the full allocated memory at hw_params (git-fixes).\n\n - ALSA: pcm: oss: Fix a few more UBSAN fixes (git-fixes).\n\n - ALSA: pcm: oss: Fix potential out-of-bounds shift (git-fixes).\n\n - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check (git-fixes).\n\n - ALSA: timer: Limit max amount of slave instances (git-fixes).\n\n - ALSA: usb-audio: Add delay quirk for H570e USB headsets (git-fixes).\n\n - ALSA: usb-audio: Add delay quirk for all Logitech USB devices (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes).\n\n - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Alpha S (git-fixes).\n\n - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight S (git-fixes).\n\n - ALSA: usb-audio: Disable sample read check if firmware does not give back (git-fixes).\n\n - ALSA: usb-audio: Fix OOB access of mixer element list (git-fixes).\n\n - ALSA: usb-audio: Fix control 'access overflow' errors from chmap (git-fixes).\n\n - ALSA: usb-audio: Fix potential out-of-bounds shift (git-fixes).\n\n - ALSA: usb-audio: Fix race against the error recovery URB submission (git-fixes).\n\n - ALSA: usb-audio: US16x08: fix value count for level meters (git-fixes).\n\n - ALSA: usb-audio: add quirk for Denon DCD-1500RE (git-fixes).\n\n - ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG) (git-fixes).\n\n - ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices (git-fixes).\n\n - ASoC: arizona: Fix a wrong free in wm8997_probe (git-fixes).\n\n - ASoC: cx2072x: Fix doubly definitions of Playback and Capture streams (git-fixes).\n\n - ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed (git-fixes).\n\n - ASoC: jz4740-i2s: add missed checks for clk_get() (git-fixes).\n\n - ASoC: pcm3168a: The codec does not support S32_LE (git-fixes).\n\n - ASoC: pcm: DRAIN support reactivation (git-fixes).\n\n - ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile (git-fixes).\n\n - ASoC: sti: fix possible sleep-in-atomic (git-fixes).\n\n - ASoC: wm8904: fix regcache handling (git-fixes).\n\n - ASoC: wm8998: Fix PM disable depth imbalance on error (git-fixes).\n\n - ASoC: wm_adsp: Do not generate kcontrols without READ flags (git-fixes).\n\n - ASoC: wm_adsp: remove 'ctl' from list on error in wm_adsp_create_control() (git-fixes).\n\n - Avoid a GCC warning about '/*' within a comment.\n\n - Bluetooth: Fix advertising duplicated flags (git-fixes).\n\n - Bluetooth: Fix NULL pointer dereference in hci_event_packet() (git-fixes).\n\n - Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt() (git-fixes).\n\n - Bluetooth: add a mutex lock to avoid UAF in do_enale_set (git-fixes).\n\n - Bluetooth: btusb: Fix detection of some fake CSR controllers with a bcdDevice val of 0x0134 (git-fixes).\n\n - Drop a backported uvcvideo patch that caused a regression (bsc#1180117) Also blacklisting the commit\n\n - EDAC/amd64: Fix PCI component registration (bsc#1112178).\n\n - HID: Add another Primax PIXART OEM mouse quirk (git-fixes).\n\n - HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052).\n\n - HID: Improve Windows Precision Touchpad detection (git-fixes).\n\n - HID: apple: Disable Fn-key key-re-mapping on clone keyboards (git-fixes).\n\n - HID: core: Correctly handle ReportSize being zero (git-fixes).\n\n - HID: core: check whether Usage Page item is after Usage ID items (git-fixes).\n\n - HID: cypress: Support Varmilo Keyboards' media hotkeys (git-fixes).\n\n - HID: hid-sensor-hub: Fix issue with devices with no report ID (git-fixes).\n\n - HID: intel-ish-hid: fix wrong error handling in ishtp_cl_alloc_tx_ring() (git-fixes).\n\n - HID: logitech-hidpp: Silence intermittent get_battery_capacity errors (git-fixes).\n\n - HSI: omap_ssi: Do not jump to free ID in ssi_add_controller() (git-fixes).\n\n - Input: ads7846 - fix integer overflow on Rt calculation (git-fixes).\n\n - Input: ads7846 - fix race that causes missing releases (git-fixes).\n\n - Input: ads7846 - fix unaligned access on 7845 (git-fixes).\n\n - Input: atmel_mxt_ts - disable IRQ across suspend (git-fixes).\n\n - Input: cm109 - do not stomp on control URB (git-fixes).\n\n - Input: cros_ec_keyb - send 'scancodes' in addition to key events (git-fixes).\n\n - Input: cyapa_gen6 - fix out-of-bounds stack access (git-fixes).\n\n - Input: goodix - add upside-down quirk for Teclast X98 Pro tablet (git-fixes).\n\n - Input: i8042 - add Acer laptops to the i8042 reset list (git-fixes).\n\n - Input: i8042 - add ByteSpeed touchpad to noloop table (git-fixes).\n\n - Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists (git-fixes).\n\n - Input: i8042 - allow insmod to succeed on devices without an i8042 controller (git-fixes).\n\n - Input: i8042 - fix error return code in i8042_setup_aux() (git-fixes).\n\n - Input: omap4-keypad - fix runtime PM error handling (git-fixes).\n\n - Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen (git-fixes).\n\n - Input: trackpoint - add new trackpoint variant IDs (git-fixes).\n\n - Input: trackpoint - enable Synaptics trackpoints (git-fixes).\n\n - Input: xpad - support Ardwiino Controllers (git-fixes).\n\n - KVM: x86: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits (bsc#1112178).\n\n - NFC: st95hf: Fix memleak in st95hf_in_send_cmd (git-fixes).\n\n - NFS: fix nfs_path in case of a rename retry (git-fixes).\n\n - NFSD: Add missing NFSv2 .pc_func methods (git-fixes).\n\n - NFSv4.2: fix client's attribute cache management for copy_file_range (git-fixes).\n\n - NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag (git-fixes).\n\n - PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges (git-fixes).\n\n - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge (git-fixes).\n\n - PCI: Do not disable decoding when mmio_always_on is set (git-fixes).\n\n - PCI: Fix pci_slot_release() NULL pointer dereference (git-fixes).\n\n - PM / hibernate: memory_bm_find_bit(): Tighten node optimisation (git-fixes).\n\n - PM: ACPI: Output correct message on target power state (git-fixes).\n\n - PM: hibernate: Freeze kernel threads in software_resume() (git-fixes).\n\n - PM: hibernate: remove the bogus call to get_gendisk() in software_resume() (git-fixes).\n\n - Revert 'ACPI / resources: Use AE_CTRL_TERMINATE to terminate resources walks' (git-fixes).\n\n - Revert 'ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A PRO' (git-fixes).\n\n - Revert 'PM / devfreq: Modify the device name as devfreq(X) for sysfs' (git-fixes).\n\n - Revert 'device property: Keep secondary firmware node secondary by type' (git-fixes).\n\n - Revert 'platform/x86: wmi: Destroy on cleanup rather than unregister' (git-fixes).\n\n - Revert 'powerpc/pseries/hotplug-cpu: Remove double free in error path' (bsc#1065729).\n\n - Revert 'serial: amba-pl011: Make sure we initialize the port.lock spinlock' (git-fixes).\n\n - SMB3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558).\n\n - SMB3: Honor 'posix' flag for multiuser mounts (bsc#1176559).\n\n - SMB3: Honor lease disabling for multiuser mounts (git-fixes).\n\n - SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment() (git-fixes).\n\n - SUNRPC: The RDMA back channel mustn't disappear while requests are outstanding (git-fixes).\n\n - USB: Fix: Do not skip endpoint descriptors with maxpacket=0 (git-fixes).\n\n - USB: Skip endpoints with 0 maxpacket length (git-fixes).\n\n - USB: UAS: introduce a quirk to set no_write_same (git-fixes).\n\n - USB: add RESET_RESUME quirk for Snapscan 1212 (git-fixes).\n\n - USB: dummy-hcd: Fix uninitialized array use in init() (git-fixes).\n\n - USB: gadget: f_acm: add support for SuperSpeed Plus (git-fixes).\n\n - USB: gadget: f_midi: setup SuperSpeed Plus descriptors (git-fixes).\n\n - USB: gadget: f_rndis: fix bitrate for SuperSpeed and above (git-fixes).\n\n - USB: gadget: legacy: fix return error code in acm_ms_bind() (git-fixes).\n\n - USB: ldusb: use unsigned size format specifiers (git-fixes).\n\n - USB: serial: ch341: add new Product ID for CH341A (git-fixes).\n\n - USB: serial: ch341: sort device-id entries (git-fixes).\n\n - USB: serial: digi_acceleport: clean up modem-control handling (git-fixes).\n\n - USB: serial: digi_acceleport: clean up set_termios (git-fixes).\n\n - USB: serial: digi_acceleport: fix write-wakeup deadlocks (git-fixes).\n\n - USB: serial: digi_acceleport: remove in_interrupt() usage.\n\n - USB: serial: digi_acceleport: remove redundant assignment to pointer priv (git-fixes).\n\n - USB: serial: digi_acceleport: rename tty flag variable (git-fixes).\n\n - USB: serial: digi_acceleport: use irqsave() in USB's complete callback (git-fixes).\n\n - USB: serial: iuu_phoenix: fix DMA from stack (git-fixes).\n\n - USB: serial: keyspan_pda: fix dropped unthrottle interrupts (git-fixes).\n\n - USB: serial: keyspan_pda: fix stalled writes (git-fixes).\n\n - USB: serial: keyspan_pda: fix tx-unthrottle use-after-free (git-fixes).\n\n - USB: serial: keyspan_pda: fix write deadlock (git-fixes).\n\n - USB: serial: keyspan_pda: fix write unthrottling (git-fixes).\n\n - USB: serial: keyspan_pda: fix write-wakeup use-after-free (git-fixes).\n\n - USB: serial: kl5kusb105: fix memleak on open (git-fixes).\n\n - USB: serial: mos7720: fix parallel-port state restore (git-fixes).\n\n - USB: serial: option: add Fibocom NL668 variants (git-fixes).\n\n - USB: serial: option: add interface-number sanity check to flag handling (git-fixes).\n\n - USB: serial: option: add support for Thales Cinterion EXS82 (git-fixes).\n\n - USB: serial: option: fix Quectel BG96 matching (git-fixes).\n\n - USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk set (git-fixes).\n\n - USB: yurex: fix control-URB timeout handling (git-fixes).\n\n - ata/libata: Fix usage of page address by page_address in ata_scsi_mode_select_xlat function (git-fixes).\n\n - ath10k: Fix an error handling path (git-fixes).\n\n - ath10k: Release some resources in an error handling path (git-fixes).\n\n - ath10k: Remove msdu from idr when management pkt send fails (git-fixes).\n\n - ath10k: fix backtrace on coredump (git-fixes).\n\n - ath10k: fix get invalid tx rate for Mesh metric (git-fixes).\n\n - ath10k: fix offchannel tx failure when no ath10k_mac_tx_frm_has_freq (git-fixes).\n\n - ath6kl: fix enum-conversion warning (git-fixes).\n\n - ath9k_htc: Discard undersized packets (git-fixes).\n\n - ath9k_htc: Modify byte order for an error message (git-fixes).\n\n - ath9k_htc: Silence undersized packet warnings (git-fixes).\n\n - ath9k_htc: Use appropriate rs_datalen type (git-fixes).\n\n - backlight: lp855x: Ensure regulators are disabled on probe failure (git-fixes).\n\n - btmrvl: Fix firmware filename for sd8997 chipset (bsc#1172694).\n\n - btrfs: fix use-after-free on readahead extent after failure to create it (bsc#1179963).\n\n - btrfs: qgroup: do not commit transaction when we already hold the handle (bsc#1178634).\n\n - btrfs: qgroup: do not try to wait flushing if we're already holding a transaction (bsc#1179575).\n\n - btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1174784).\n\n - bus: fsl-mc: fix error return code in fsl_mc_object_allocate() (git-fixes).\n\n - can: mcp251x: add error check when wq alloc failed (git-fixes).\n\n - can: softing: softing_netdev_open(): fix error handling (git-fixes).\n\n - cfg80211: initialize rekey_data (git-fixes).\n\n - cfg80211: regulatory: Fix inconsistent format argument (git-fixes).\n\n - cifs: add NULL check for ses->tcon_ipc (bsc#1178270).\n\n - cifs: allow syscalls to be restarted in\n __smb_send_rqst() (bsc#1176956).\n\n - cifs: fix check of tcon dfs in smb1 (bsc#1178270).\n\n - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944).\n\n - cirrus: cs89x0: remove set but not used variable 'lp' (git-fixes).\n\n - cirrus: cs89x0: use devm_platform_ioremap_resource() to simplify code (git-fixes).\n\n - clk: at91: usb: continue if clk_hw_round_rate() return zero (git-fixes).\n\n - clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 (git-fixes).\n\n - clk: qcom: Allow constant ratio freq tables for rcg (git-fixes).\n\n - clk: qcom: msm8916: Fix the address location of pll->config_reg (git-fixes).\n\n - clk: s2mps11: Fix a resource leak in error handling paths in the probe function (git-fixes).\n\n - clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1 (git-fixes).\n\n - clk: sunxi-ng: Make sure divider tables have sentinel (git-fixes).\n\n - clk: tegra: Fix Tegra PMC clock out parents (git-fixes).\n\n - clk: tegra: Fix duplicated SE clock entry (git-fixes).\n\n - clk: ti: Fix memleak in ti_fapll_synth_setup (git-fixes).\n\n - clk: ti: composite: fix memory leak (git-fixes).\n\n - clk: ti: dra7-atl-clock: Remove ti_clk_add_alias call (git-fixes).\n\n - clocksource/drivers/asm9260: Add a check for of_clk_get (git-fixes).\n\n - coredump: fix core_pattern parse error (git-fixes).\n\n - cpufreq: highbank: Add missing MODULE_DEVICE_TABLE (git-fixes).\n\n - cpufreq: loongson1: Add missing MODULE_ALIAS (git-fixes).\n\n - cpufreq: scpi: Add missing MODULE_ALIAS (git-fixes).\n\n - cpufreq: st: Add missing MODULE_DEVICE_TABLE (git-fixes).\n\n - crypto: af_alg - avoid undefined behavior accessing salg_name (git-fixes).\n\n - crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe (git-fixes).\n\n - crypto: qat - fix status check in qat_hal_put_rel_rd_xfer() (git-fixes).\n\n - crypto: talitos - Fix return type of current_desc_hdr() (git-fixes).\n\n - cw1200: fix missing destroy_workqueue() on error in cw1200_init_common (git-fixes).\n\n - dmaengine: xilinx_dma: check dma_async_device_register return value (git-fixes).\n\n - dmaengine: xilinx_dma: fix mixed_enum_type coverity warning (git-fixes).\n\n - docs: Fix reST markup when linking to sections (git-fixes).\n\n - drivers: base: Fix NULL pointer exception in\n __platform_driver_probe() if a driver developer is foolish (git-fixes).\n\n - drivers: soc: ti: knav_qmss_queue: Fix error return code in knav_queue_probe (git-fixes).\n\n - drm/amd/display: remove useless if/else (git-fixes).\n\n - drm/amdgpu: fix build_coefficients() argument (git-fixes).\n\n - drm/dp_aux_dev: check aux_dev before use in drm_dp_aux_dev_get_by_minor() (git-fixes).\n\n - drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[] (bsc#1129770)\n\n - drm/gma500: fix double free of gma_connector (git-fixes).\n\n - drm/meson: dw-hdmi: Register a callback to disable the regulator (git-fixes).\n\n - drm/msm/dpu: Add newline to printks (git-fixes).\n\n - drm/msm/dsi_phy_10nm: implement PHY disabling (git-fixes).\n\n - drm/omap: dmm_tiler: fix return error code in omap_dmm_probe() (git-fixes).\n\n - drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (git-fixes).\n\n - epoll: Keep a reference on files added to the check list (bsc#1180031).\n\n - ethernet: ucc_geth: fix use-after-free in ucc_geth_remove() (git-fixes).\n\n - ext4: correctly report 'not supported' for (usr,grp)jquota when !CONFIG_QUOTA (bsc#1179672).\n\n - ext4: fix bogus warning in ext4_update_dx_flag() (bsc#1179716).\n\n - ext4: fix error handling code in add_new_gdb (bsc#1179722).\n\n - ext4: fix invalid inode checksum (bsc#1179723).\n\n - ext4: fix leaking sysfs kobject after failed mount (bsc#1179670).\n\n - ext4: limit entries returned when counting fsmap records (bsc#1179671).\n\n - ext4: unlock xattr_sem properly in ext4_inline_data_truncate() (bsc#1179673).\n\n - extcon: max77693: Fix modalias string (git-fixes).\n\n - fbcon: Fix user font detection test at fbcon_resize().\n (bsc#1112178)\n\n - fbcon: Remove the superfluous break (bsc#1129770)\n\n - firmware: qcom: scm: Ensure 'a0' status code is treated as signed (git-fixes).\n\n - fix regression in 'epoll: Keep a reference on files added to the check list' (bsc#1180031, git-fixes).\n\n - forcedeth: use per cpu to collect xmit/recv statistics (git-fixes).\n\n - fs: Do not invalidate page buffers in block_write_full_page() (bsc#1179711).\n\n - geneve: change from tx_error to tx_dropped on missing metadata (git-fixes).\n\n - genirq/irqdomain: Add an irq_create_mapping_affinity() function (bsc#1065729).\n\n - gpio: arizona: handle pm_runtime_get_sync failure case (git-fixes).\n\n - gpio: gpio-grgpio: fix possible sleep-in-atomic-context bugs in grgpio_irq_map/unmap() (git-fixes).\n\n - gpio: max77620: Add missing dependency on GPIOLIB_IRQCHIP (git-fixes).\n\n - gpio: max77620: Fixup debounce delays (git-fixes).\n\n - gpio: max77620: Use correct unit for debounce times (git-fixes).\n\n - gpio: mpc8xxx: Add platform device to gpiochip->parent (git-fixes).\n\n - gpio: mvebu: fix potential user-after-free on probe (git-fixes).\n\n - gpiolib: acpi: Add honor_wakeup module-option + quirk mechanism (git-fixes).\n\n - gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 BYT + AXP288 model (git-fixes).\n\n - gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 CHT + AXP288 model (git-fixes).\n\n - gpiolib: acpi: Correct comment for HP x2 10 honor_wakeup quirk (git-fixes).\n\n - gpiolib: acpi: Rework honor_wakeup option into an ignore_wake option (git-fixes).\n\n - gpiolib: acpi: Turn dmi_system_id table into a generic quirk table (git-fixes).\n\n - gpiolib: fix up emulated open drain outputs (git-fixes).\n\n - hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow (git-fixes).\n\n - hwmon: (jc42) Fix name to have no illegal characters (git-fixes).\n\n - i2c: algo: pca: Reapply i2c bus settings after reset (git-fixes).\n\n - i2c: i801: Fix resume bug (git-fixes).\n\n - i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets (git-fixes).\n\n - i2c: pxa: clear all master action bits in i2c_pxa_stop_message() (git-fixes).\n\n - i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output (git-fixes).\n\n - i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc() (git-fixes).\n\n - ibmvnic: add some debugs (bsc#1179896 ltc#190255).\n\n - ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes).\n\n - ibmvnic: continue fatal error reset after passive init (bsc#1171078 ltc#184239 git-fixes).\n\n - ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098 git-fixes).\n\n - ibmvnic: enhance resetting status check during module exit (bsc#1065729).\n\n - ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes).\n\n - ibmvnic: fix call_netdevice_notifiers in do_reset (bsc#1115431 ltc#171853 git-fixes).\n\n - ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231 git-fixes).\n\n - ibmvnic: notify peers when failover and migration happen (bsc#1044120 ltc#155423 git-fixes).\n\n - ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432 git-fixes).\n\n - iio: adc: max1027: Reset the device at probe time (git-fixes).\n\n - iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error in rockchip_saradc_resume (git-fixes).\n\n - iio: bmp280: fix compensation of humidity (git-fixes).\n\n - iio: buffer: Fix demux update (git-fixes).\n\n - iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw() (git-fixes).\n\n - iio: fix center temperature of bmc150-accel-core (git-fixes).\n\n - iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel reporting (git-fixes).\n\n - iio: light: bh1750: Resolve compiler warning and make code more readable (git-fixes).\n\n - iio: srf04: fix wrong limitation in distance measuring (git-fixes).\n\n - iio:imu:bmi160: Fix too large a buffer (git-fixes).\n\n - iio:pressure:mpl3115: Force alignment of buffer (git-fixes).\n\n - inet_ecn: Fix endianness of checksum update when setting ECT(1) (git-fixes).\n\n - ipw2x00: Fix -Wcast-function-type (git-fixes).\n\n - irqchip/alpine-msi: Fix freeing of interrupts on allocation error path (git-fixes).\n\n - iwlwifi: mvm: fix kernel panic in case of assert during CSA (git-fixes).\n\n - iwlwifi: mvm: fix unaligned read of rx_pkt_status (git-fixes).\n\n - iwlwifi: pcie: limit memory read spin time (git-fixes).\n\n - kABI fix for g2d (git-fixes).\n\n - kABI workaround for HD-audio generic parser (git-fixes).\n\n - kABI workaround for dsa/b53 changes (git-fixes).\n\n - kABI workaround for net/ipvlan changes (git-fixes).\n\n - kABI: ath10k: move a new structure member to the end (git-fixes).\n\n - kABI: genirq: add back irq_create_mapping (bsc#1065729).\n\n - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015).\n\n - kernel-(binary,source).spec.in: do not create loop symlinks (bsc#1179082)\n\n - kgdb: Fix spurious true from in_dbg_master() (git-fixes).\n\n - mac80211: Check port authorization in the ieee80211_tx_dequeue() case (git-fixes).\n\n - mac80211: allow rx of mesh eapol frames with default rx key (git-fixes).\n\n - mac80211: do not set set TDLS STA bandwidth wider than possible (git-fixes).\n\n - mac80211: fix authentication with iwlwifi/mvm (git-fixes).\n\n - mac80211: fix use of skb payload instead of header (git-fixes).\n\n - mac80211: mesh: fix mesh_pathtbl_init() error path (git-fixes).\n\n - matroxfb: avoid -Warray-bounds warning (git-fixes).\n\n - md-cluster: fix rmmod issue when md_cluster convert bitmap to none (bsc#1163727).\n\n - md-cluster: fix safemode_delay value when converting to clustered bitmap (bsc#1163727).\n\n - md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727).\n\n - md/bitmap: fix memory leak of temporary bitmap (bsc#1163727).\n\n - md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727).\n\n - md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727).\n\n - md/cluster: block reshape with remote resync job (bsc#1163727).\n\n - md/cluster: fix deadlock when node is doing resync job (bsc#1163727).\n\n - md/raid5: fix oops during stripe resizing (git-fixes).\n\n - media: am437x-vpfe: Setting STD to current value is not an error (git-fixes).\n\n - media: cec-funcs.h: add status_req checks (git-fixes).\n\n - media: cx88: Fix some error handling path in 'cx8800_initdev()' (git-fixes).\n\n - media: gp8psk: initialize stats at power control logic (git-fixes).\n\n - media: gspca: Fix memory leak in probe (git-fixes).\n\n - media: i2c: mt9v032: fix enum mbus codes and frame sizes (git-fixes).\n\n - media: i2c: ov2659: Fix missing 720p register config (git-fixes).\n\n - media: i2c: ov2659: fix s_stream return value (git-fixes).\n\n - media: msi2500: assign SPI bus number dynamically (git-fixes).\n\n - media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes).\n\n - media: mtk-vcodec: add missing put_device() call in mtk_vcodec_release_dec_pm() (git-fixes).\n\n - media: platform: add missing put_device() call in mtk_jpeg_probe() and mtk_jpeg_remove() (git-patches).\n\n - media: pvrusb2: Fix oops on tear-down when radio support is not present (git-fixes).\n\n - media: s5p-g2d: Fix a memory leak in an error handling path in 'g2d_probe()' (git-fixes).\n\n - media: saa7146: fix array overflow in vidioc_s_audio() (git-fixes).\n\n - media: si470x-i2c: add missed operations in remove (git-fixes).\n\n - media: siano: fix memory leak of debugfs members in smsdvb_hotplug (git-fixes).\n\n - media: solo6x10: fix missing snd_card_free in error handling case (git-fixes).\n\n - media: sti: bdisp: fix a possible sleep-in-atomic-context bug in bdisp_device_run() (git-fixes).\n\n - media: sunxi-cir: ensure IR is handled when it is continuous (git-fixes).\n\n - media: ti-vpe: vpe: Make sure YUYV is set as default format (git-fixes).\n\n - media: ti-vpe: vpe: ensure buffers are cleaned up properly in abort cases (git-fixes).\n\n - media: ti-vpe: vpe: fix a v4l2-compliance failure about frame sequence number (git-fixes).\n\n - media: ti-vpe: vpe: fix a v4l2-compliance failure about invalid sizeimage (git-fixes).\n\n - media: ti-vpe: vpe: fix a v4l2-compliance failure causing a kernel panic (git-fixes).\n\n - media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel format (git-fixes).\n\n - media: uvcvideo: Set media controller entity functions (git-fixes).\n\n - media: uvcvideo: Silence shift-out-of-bounds warning (git-fixes).\n\n - media: v4l2-async: Fix trivial documentation typo (git-fixes).\n\n - media: v4l2-core: fix touch support in v4l_g_fmt (git-fixes).\n\n - media: v4l2-device.h: Explicitly compare grp(id,mask) to zero in v4l2_device macros (git-fixes).\n\n - mei: bus: do not clean driver pointer (git-fixes).\n\n - mei: protect mei_cl_mtu from null dereference (git-fixes).\n\n - memstick: fix a double-free bug in memstick_check (git-fixes).\n\n - memstick: r592: Fix error return in r592_probe() (git-fixes).\n\n - mfd: rt5033: Fix errorneous defines (git-fixes).\n\n - mfd: wm8994: Fix driver operation if loaded as modules (git-fixes).\n\n - misc: vmw_vmci: fix kernel info-leak by initializing dbells in vmci_ctx_get_chkpt_doorbells() (git-fixes).\n\n - mm,memory_failure: always pin the page in madvise_inject_error (bsc#1180258).\n\n - mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() (bsc#1179204).\n\n - mm: do not wake kswapd prematurely when watermark boosting is disabled (git fixes (mm/vmscan)).\n\n - mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure (git-fixes).\n\n - net/smc: fix valid DMBE buffer sizes (git-fixes).\n\n - net/x25: prevent a couple of overflows (bsc#1178590).\n\n - net: aquantia: Fix aq_vec_isr_legacy() return value (git-fixes).\n\n - net: aquantia: fix LRO with FCS error (git-fixes).\n\n - net: bcmgenet: reapply manual settings to the PHY (git-fixes).\n\n - net: broadcom/bcmsysport: Fix signedness in bcm_sysport_probe() (git-fixes).\n\n - net: dsa: b53: Always use dev->vlan_enabled in b53_configure_vlan() (git-fixes).\n\n - net: dsa: b53: Ensure the default VID is untagged (git-fixes).\n\n - net: dsa: b53: Fix default VLAN ID (git-fixes).\n\n - net: dsa: b53: Properly account for VLAN filtering (git-fixes).\n\n - net: dsa: bcm_sf2: Do not assume DSA master supports WoL (git-fixes).\n\n - net: dsa: bcm_sf2: potential array overflow in bcm_sf2_sw_suspend() (git-fixes).\n\n - net: dsa: qca8k: remove leftover phy accessors (git-fixes).\n\n - net: ethernet: stmmac: Fix signedness bug in ipq806x_gmac_of_parse() (git-fixes).\n\n - net: ethernet: ti: cpsw: clear all entries when delete vid (git-fixes).\n\n - net: ethernet: ti: cpsw: fix runtime_pm while add/kill vlan (git-fixes).\n\n - net: hisilicon: Fix signedness bug in hix5hd2_dev_probe() (git-fixes).\n\n - net: macb: add missing barriers when reading descriptors (git-fixes).\n\n - net: macb: fix dropped RX frames due to a race (git-fixes).\n\n - net: macb: fix error format in dev_err() (git-fixes).\n\n - net: macb: fix random memory corruption on RX with 64-bit DMA (git-fixes). - blacklist.conf :\n\n - net: pasemi: fix an use-after-free in pasemi_mac_phy_init() (git-fixes).\n\n - net: phy: Avoid multiple suspends (git-fixes).\n\n - net: phy: micrel: Discern KSZ8051 and KSZ8795 PHYs (git-fixes).\n\n - net: phy: micrel: make sure the factory test bit is cleared (git-fixes).\n\n - net: qca_spi: Move reset_count to struct qcaspi (git-fixes).\n\n - net: seeq: Fix the function used to release some memory in an error handling path (git-fixes).\n\n - net: sh_eth: fix a missing check of of_get_phy_mode (git-fixes).\n\n - net: sonic: replace dev_kfree_skb in sonic_send_packet (git-fixes).\n\n - net: sonic: return NETDEV_TX_OK if failed to map buffer (git-fixes).\n\n - net: stmmac: Fix reception of Broadcom switches tags (git-fixes).\n\n - net: stmmac: dwmac-meson8b: Fix signedness bug in probe (git-fixes).\n\n - net: stmmac: fix csr_clk can't be zero issue (git-fixes).\n\n - net: stmmac: fix length of PTP clock's name string (git-fixes).\n\n - net: stmmac: gmac4+: Not all Unicast addresses may be available (git-fixes).\n\n - net: usb: sr9800: fix uninitialized local variable (git-fixes).\n\n - net:ethernet:aquantia: Extra spinlocks removed (git-fixes).\n\n - nfc: s3fwrn5: Release the nfc firmware (git-fixes).\n\n - nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame (git-fixes).\n\n - ocfs2: fix unbalanced locking (bsc#1180506).\n\n - ocfs2: initialize ip_next_orphan (bsc#1179724).\n\n - orinoco: Move context allocation after processing the skb (git-fixes).\n\n - pNFS/flexfiles: Fix list corruption if the mirror count changes (git-fixes).\n\n - parport: load lowlevel driver if ports not found (git-fixes).\n\n - phy: Revert toggling reset changes (git-fixes).\n\n - pinctrl: amd: fix __iomem annotation in amd_gpio_irq_handler() (git-fixes).\n\n - pinctrl: amd: fix npins for uart0 in kerncz_groups (git-fixes).\n\n - pinctrl: amd: remove debounce filter setting in IRQ type setting (git-fixes).\n\n - pinctrl: baytrail: Avoid clearing debounce value when turning it off (git-fixes).\n\n - pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe() (git-fixes).\n\n - pinctrl: merrifield: Set default bias in case no particular value given (git-fixes).\n\n - pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B (git-fixes).\n\n - platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE (git-fixes).\n\n - platform/x86: dell-smbios-base: Fix error return code in dell_smbios_init (git-fixes).\n\n - platform/x86: mlx-platform: Fix item counter assignment for MSN2700, MSN24xx systems (git-fixes).\n\n - platform/x86: mlx-platform: Remove PSU EEPROM from MSN274x platform configuration (git-fixes).\n\n - platform/x86: mlx-platform: Remove PSU EEPROM from default platform configuration (git-fixes).\n\n - platform/x86: mlx-platform: remove an unused variable (git-fixes).\n\n - power: supply: bq24190_charger: fix reference leak (git-fixes).\n\n - power: supply: bq27xxx_battery: Silence deferred-probe error (git-fixes).\n\n - powerpc/64: Set up a kernel stack for secondaries before cpu_restore() (bsc#1065729).\n\n - powerpc/64s/pseries: Fix hash tlbiel_all_isa300 for guest kernels (bsc#1179888 ltc#190253).\n\n - powerpc/64s: Fix hash ISA v3.0 TLBIEL instruction generation (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253).\n\n - powerpc/pci: Fix broken INTx configuration via OF (bsc#1172145 ltc#184630).\n\n - powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145 ltc#184630).\n\n - powerpc/pci: Remove legacy debug code (bsc#1172145 ltc#184630 git-fixes).\n\n - powerpc/pci: Use of_irq_parse_and_map_pci() helper (bsc#1172145 ltc#184630).\n\n - powerpc/perf: Add generic compat mode pmu driver (bsc#1178900 ltc#189284).\n\n - powerpc/perf: Fix crash with is_sier_available when pmu is not set (bsc#1179578 ltc#189313).\n\n - powerpc/perf: Fix crashes with generic_compat_pmu & BHRB (bsc#1178900 ltc#189284 git-fixes).\n\n - powerpc/perf: init pmu from core-book3s (bsc#1178900 ltc#189284).\n\n - powerpc/pseries/hibernation: remove redundant cacheinfo update (bsc#1138374 ltc#178199 git-fixes).\n\n - powerpc/pseries: Pass MSI affinity to irq_create_mapping() (bsc#1065729).\n\n - powerpc/smp: Add __init to init_big_cores() (bsc#1109695 ltc#171067 git-fixes).\n\n - powerpc/xmon: Change printk() to pr_cont() (bsc#1065729).\n\n - powerpc: Convert to using %pOF instead of full_name (bsc#1172145 ltc#184630).\n\n - powerpc: Fix incorrect stw(, ux, u, x) instructions in\n __set_pte_at (bsc#1065729).\n\n - ppp: remove the PPPIOCDETACH ioctl (git-fixes).\n\n - pwm: lp3943: Dynamically allocate PWM chip base (git-fixes).\n\n - quota: clear padding in v2r1_mem2diskdqb() (bsc#1179714).\n\n - radeon: insert 10ms sleep in dce5_crtc_load_lut (git-fixes).\n\n - ravb: Fix use-after-free ravb_tstamp_skb (git-fixes).\n\n - regmap: Remove duplicate `type` field from regmap `regcache_sync` trace event (git-fixes).\n\n - regmap: debugfs: check count when read regmap file (git-fixes).\n\n - regmap: dev_get_regmap_match(): fix string comparison (git-fixes).\n\n - regulator: max8907: Fix the usage of uninitialized variable in max8907_regulator_probe() (git-fixes).\n\n - regulator: pfuze100-regulator: Variable 'val' in pfuze100_regulator_probe() could be uninitialized (git-fixes).\n\n - regulator: ti-abb: Fix timeout in ti_abb_wait_txdone/ti_abb_clear_all_txdone (git-fixes).\n\n - reiserfs: Fix oops during mount (bsc#1179715).\n\n - reiserfs: Initialize inode keys properly (bsc#1179713).\n\n - remoteproc: Fix wrong rvring index computation (git-fixes).\n\n - rfkill: Fix incorrect check to avoid NULL pointer dereference (git-fixes).\n\n - rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014) \n\n - rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014) \n\n - rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045) \n\n - rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls (bsc#1178401)\n\n - rpm/kernel-(source,binary).spec: do not include ghost symlinks (boo#1179082).\n\n - rtc: 88pm860x: fix possible race condition (git-fixes).\n\n - rtc: hym8563: enable wakeup when applicable (git-fixes).\n\n - rtl8xxxu: fix RTL8723BU connection failure issue after warm reboot (git-fixes).\n\n - rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt() (git-fixes).\n\n - s390/bpf: Fix multiple tail calls (git-fixes).\n\n - s390/cpuinfo: show processor physical address (git-fixes).\n\n - s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes).\n\n - s390/dasd: fix hanging device offline processing (bsc#1144912).\n\n - s390/dasd: fix NULL pointer dereference for ERP requests (git-fixes).\n\n - s390/pci: fix CPU address in MSI for directed IRQ (git-fixes).\n\n - s390/qeth: fix af_iucv notification race (git-fixes).\n\n - s390/qeth: fix tear down of async TX buffers (git-fixes).\n\n - s390/qeth: make af_iucv TX notification call more robust (git-fixes).\n\n - s390/stp: add locking to sysfs functions (git-fixes).\n\n - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (git-fixes).\n\n - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros:\n section\n\n - scsi: Remove unneeded break statements (bsc#1164780).\n\n - scsi: core: Fix VPD LUN ID designator priorities (bsc#1178049, git-fixes).\n\n - scsi: lpfc: Add FDMI Vendor MIB support (bsc#1164780).\n\n - scsi: lpfc: Convert SCSI I/O completions to SLI-3 and SLI-4 handlers (bsc#1164780).\n\n - scsi: lpfc: Convert SCSI path to use common I/O submission path (bsc#1164780).\n\n - scsi: lpfc: Convert abort handling to SLI-3 and SLI-4 handlers (bsc#1164780).\n\n - scsi: lpfc: Correct null ndlp reference on routine exit (bsc#1164780).\n\n - scsi: lpfc: Drop nodelist reference on error in lpfc_gen_req() (bsc#1164780).\n\n - scsi: lpfc: Enable common send_io interface for SCSI and NVMe (bsc#1164780).\n\n - scsi: lpfc: Enable common wqe_template support for both SCSI and NVMe (bsc#1164780).\n\n - scsi: lpfc: Enlarge max_sectors in scsi host templates (bsc#1164780).\n\n - scsi: lpfc: Extend the RDF FPIN Registration descriptor for additional events (bsc#1164780).\n\n - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery (bsc#1164780).\n\n - scsi: lpfc: Fix NPIV Fabric Node reference counting (bsc#1164780).\n\n - scsi: lpfc: Fix NPIV discovery and Fabric Node detection (bsc#1164780).\n\n - scsi: lpfc: Fix duplicate wq_create_version check (bsc#1164780).\n\n - scsi: lpfc: Fix fall-through warnings for Clang (bsc#1164780).\n\n - scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc() (bsc#1164780).\n\n - scsi: lpfc: Fix memory leak on lcb_context (bsc#1164780).\n\n - scsi: lpfc: Fix missing prototype for lpfc_nvmet_prep_abort_wqe() (bsc#1164780).\n\n - scsi: lpfc: Fix missing prototype warning for lpfc_fdmi_vendor_attr_mi() (bsc#1164780).\n\n - scsi: lpfc: Fix pointer defereference before it is null checked issue (bsc#1164780).\n\n - scsi: lpfc: Fix refcounting around SCSI and NVMe transport APIs (bsc#1164780).\n\n - scsi: lpfc: Fix removal of SCSI transport device get and put on dev structure (bsc#1164780).\n\n - scsi: lpfc: Fix scheduling call while in softirq context in lpfc_unreg_rpi (bsc#1164780).\n\n - scsi: lpfc: Fix set but not used warnings from Rework remote port lock handling (bsc#1164780).\n\n - scsi: lpfc: Fix set but unused variables in lpfc_dev_loss_tmo_handler() (bsc#1164780).\n\n - scsi: lpfc: Fix spelling mistake 'Cant' -> 'Can't' (bsc#1164780).\n\n - scsi: lpfc: Fix variable 'vport' set but not used in lpfc_sli4_abts_err_handler() (bsc#1164780).\n\n - scsi: lpfc: Refactor WQE structure definitions for common use (bsc#1164780).\n\n - scsi: lpfc: Reject CT request for MIB commands (bsc#1164780).\n\n - scsi: lpfc: Remove dead code on second !ndlp check (bsc#1164780).\n\n - scsi: lpfc: Remove ndlp when a PLOGI/ADISC/PRLI/REG_RPI ultimately fails (bsc#1164780).\n\n - scsi: lpfc: Remove set but not used 'qp' (bsc#1164780).\n\n - scsi: lpfc: Remove unneeded variable 'status' in lpfc_fcp_cpu_map_store() (bsc#1164780).\n\n - scsi: lpfc: Removed unused macros in lpfc_attr.c (bsc#1164780).\n\n - scsi: lpfc: Rework locations of ndlp reference taking (bsc#1164780).\n\n - scsi: lpfc: Rework remote port lock handling (bsc#1164780).\n\n - scsi: lpfc: Rework remote port ref counting and node freeing (bsc#1164780).\n\n - scsi: lpfc: Unsolicited ELS leaves node in incorrect state while dropping it (bsc#1164780).\n\n - scsi: lpfc: Update changed file copyrights for 2020 (bsc#1164780).\n\n - scsi: lpfc: Update lpfc version to 12.8.0.4 (bsc#1164780).\n\n - scsi: lpfc: Update lpfc version to 12.8.0.5 (bsc#1164780).\n\n - scsi: lpfc: Update lpfc version to 12.8.0.6 (bsc#1164780).\n\n - scsi: lpfc: Use generic power management (bsc#1164780).\n\n - scsi: lpfc: lpfc_attr: Demote kernel-doc format for redefined functions (bsc#1164780).\n\n - scsi: lpfc: lpfc_attr: Fix-up a bunch of kernel-doc misdemeanours (bsc#1164780).\n\n - scsi: lpfc: lpfc_debugfs: Fix a couple of function documentation issues (bsc#1164780).\n\n - scsi: lpfc: lpfc_scsi: Fix a whole host of kernel-doc issues (bsc#1164780).\n\n - scsi: qla2xxx: Change post del message from debug level to log level (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Convert to DEFINE_SHOW_ATTRIBUTE (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Do not check for fw_started while posting NVMe command (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Do not consume srb greedily (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Fix FW initialization error on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Fix N2N and NVMe connect retry failure (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Fix compilation issue in PPC systems (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Fix crash during driver load on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Fix device loss on 4G and older HBAs (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Fix return of uninitialized value in rval (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Fix the call trace for flush workqueue (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Handle aborts correctly for port undergoing deletion (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Limit interrupt vectors to number of CPUs (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Move sess cmd list/lock to driver (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Remove trailing semicolon in macro definition (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Return EBUSY on fcport deletion (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Tear down session if FW say it is down (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Update version to 10.02.00.104-k (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Use constant when it is known (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: remove incorrect sparse #ifdef (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: storvsc: Fix error return in storvsc_probe() (git-fixes).\n\n - scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access (git-fixes).\n\n - serial: 8250_pci: Add Realtek 816a and 816b (git-fixes).\n\n - serial: amba-pl011: Make sure we initialize the port.lock spinlock (git-fixes).\n\n - serial: ar933x_uart: set UART_CS_(RX,TX)_READY_ORIDE (git-fixes).\n\n - serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (git-fixes).\n\n - serial_core: Check for port state when tty is in error state (git-fixes).\n\n - soc/tegra: fuse: Fix index bug in get_process_id (git-fixes).\n\n - soc: imx: gpc: fix power up sequencing (git-fixes).\n\n - soc: mediatek: Check if power domains can be powered on at boot time (git-fixes).\n\n - soc: qcom: smp2p: Safely acquire spinlock without IRQs (git-fixes).\n\n - soc: ti: Fix reference imbalance in knav_dma_probe (git-fixes).\n\n - soc: ti: knav_qmss: fix reference leak in knav_queue_probe (git-fixes).\n\n - spi: Add call to spi_slave_abort() function when spidev driver is released (git-fixes).\n\n - spi: Fix memory leak on splited transfers (git-fixes).\n\n - spi: bcm63xx-hsspi: fix missing clk_disable_unprepare() on error in bcm63xx_hsspi_resume (git-fixes).\n\n - spi: davinci: Fix use-after-free on unbind (git-fixes).\n\n - spi: dw: Enable interrupts in accordance with DMA xfer mode (git-fixes).\n\n - spi: dw: Fix Rx-only DMA transfers (git-fixes).\n\n - spi: dw: Return any value retrieved from the dma_transfer callback (git-fixes).\n\n - spi: img-spfi: fix potential double release (git-fixes).\n\n - spi: img-spfi: fix reference leak in img_spfi_resume (git-fixes).\n\n - spi: pic32: Do not leak DMA channels in probe error path (git-fixes).\n\n - spi: pxa2xx: Add missed security checks (git-fixes).\n\n - spi: spi-cavium-thunderx: Add missing pci_release_regions() (git-fixes).\n\n - spi: spi-loopback-test: Fix out-of-bounds read (git-fixes).\n\n - spi: spi-mem: Fix passing zero to 'PTR_ERR' warning (git-fixes).\n\n - spi: spi-mem: fix reference leak in spi_mem_access_start (git-fixes).\n\n - spi: spi-ti-qspi: fix reference leak in ti_qspi_setup (git-fixes).\n\n - spi: spidev: fix a potential use-after-free in spidev_release() (git-fixes).\n\n - spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path (git-fixes).\n\n - spi: st-ssc4: add missed pm_runtime_disable (git-fixes).\n\n - spi: tegra114: fix reference leak in tegra spi ops (git-fixes).\n\n - spi: tegra20-sflash: fix reference leak in tegra_sflash_resume (git-fixes).\n\n - spi: tegra20-slink: add missed clk_unprepare (git-fixes).\n\n - spi: tegra20-slink: fix reference leak in slink ops of tegra20 (git-fixes).\n\n - splice: only read in as much information as there is pipe buffer space (bsc#1179520).\n\n - staging: comedi: check validity of wMaxPacketSize of usb endpoints found (git-fixes).\n\n - staging: comedi: gsc_hpdi: check dma_alloc_coherent() return value (git-fixes).\n\n - staging: comedi: mf6x4: Fix AI end-of-conversion detection (git-fixes).\n\n - staging: olpc_dcon: Do not call platform_device_unregister() in dcon_probe() (git-fixes).\n\n - staging: olpc_dcon: add a missing dependency (git-fixes).\n\n - staging: rtl8188eu: Add device code for TP-Link TL-WN727N v5.21 (git-fixes).\n\n - staging: rtl8188eu: Add device id for MERCUSYS MW150US v2 (git-fixes).\n\n - staging: rtl8188eu: fix possible null dereference (git-fixes).\n\n - staging: rtl8192u: fix multiple memory leaks on error path (git-fixes).\n\n - staging: vt6656: set usb_set_intfdata on driver fail (git-fixes).\n\n - staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb() (git-fixes).\n\n - staging: wlan-ng: properly check endpoint types (git-fixes).\n\n - sunrpc: fixed rollback in rpc_gssd_dummy_populate() (git-fixes).\n\n - thunderbolt: Use 32-bit writes when writing ring producer/consumer (git-fixes).\n\n - timer: Fix wheel index calculation on last level (git fixes)\n\n - timer: Prevent base->clk from moving backward (git-fixes)\n\n - tty: Fix ->pgrp locking in tiocspgrp() (git-fixes).\n\n - tty: always relink the port (git-fixes).\n\n - tty: link tty and port before configuring it as console (git-fixes).\n\n - tty: synclink_gt: Adjust indentation in several functions (git-fixes).\n\n - tty: synclinkmp: Adjust indentation in several functions (git-fixes).\n\n - tty:serial:mvebu-uart:fix a wrong return (git-fixes).\n\n - uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define (git-fixes).\n\n - uapi/if_ether.h: prevent redefinition of struct ethhdr (git-fixes).\n\n - usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul (git-fixes).\n\n - usb: chipidea: ci_hdrc_imx: add missing put_device() call in usbmisc_get_init_data() (git-fixes).\n\n - usb: dwc2: Fix IN FIFO allocation (git-fixes).\n\n - usb: dwc3: remove the call trace of USBx_GFLADJ (git-fixes).\n\n - usb: dwc3: ulpi: Use VStsDone to detect PHY regs access completion (git-fixes).\n\n - usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe (git-fixes).\n\n - usb: fsl: Check memory resource before releasing it (git-fixes).\n\n - usb: gadget: composite: Fix possible double free memory bug (git-fixes).\n\n - usb: gadget: configfs: Fix missing spin_lock_init() (git-fixes).\n\n - usb: gadget: configfs: Preserve function ordering after bind failure (git-fixes).\n\n - usb: gadget: configfs: fix concurrent issue between composite APIs (git-fixes).\n\n - usb: gadget: f_fs: Use local copy of descriptors for userspace copy (git-fixes).\n\n - usb: gadget: f_uac2: reset wMaxPacketSize (git-fixes).\n\n - usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags (git-fixes).\n\n - usb: gadget: fix wrong endpoint desc (git-fixes).\n\n - usb: gadget: goku_udc: fix potential crashes in probe (git-fixes).\n\n - usb: gadget: net2280: fix memory leak on probe error handling paths (git-fixes).\n\n - usb: gadget: select CONFIG_CRC32 (git-fixes).\n\n - usb: gadget: serial: fix Tx stall after buffer overflow (git-fixes).\n\n - usb: gadget: udc: fix possible sleep-in-atomic-context bugs in gr_probe() (git-fixes).\n\n - usb: gadget: udc: gr_udc: fix memleak on error handling path in gr_ep_init() (git-fixes).\n\n - usb: hso: Fix debug compile warning on sparc32 (git-fixes).\n\n - usb: musb: omap2430: Get rid of musb .set_vbus for omap2430 glue (git-fixes).\n\n - usb: oxu210hp-hcd: Fix memory leak in oxu_create (git-fixes).\n\n - usb: usbfs: Suppress problematic bind and unbind uevents (git-fixes).\n\n - usblp: poison URBs upon disconnect (git-fixes).\n\n - usbnet: ipheth: fix connectivity with iOS 14 (git-fixes).\n\n - video: fbdev: neofb: fix memory leak in neo_scan_monitor() (git-fixes).\n\n - vt: Reject zero-sized screen buffer size (git-fixes).\n\n - vt: do not hardcode the mem allocation upper bound (git-fixes).\n\n - wan: ds26522: select CONFIG_BITREVERSE (git-fixes).\n\n - watchdog: coh901327: add COMMON_CLK dependency (git-fixes).\n\n - watchdog: da9062: No need to ping manually before setting timeout (git-fixes).\n\n - watchdog: da9062: do not ping the hw during stop() (git-fixes).\n\n - watchdog: qcom: Avoid context switch in restart handler (git-fixes).\n\n - watchdog: sirfsoc: Add missing dependency on HAS_IOMEM (git-fixes).\n\n - wil6210: select CONFIG_CRC32 (git-fixes).\n\n - wimax: fix duplicate initializer warning (git-fixes).\n\n - wireless: Use linux/stddef.h instead of stddef.h (git-fixes).\n\n - wireless: Use offsetof instead of custom macro (git-fixes).\n\n - x86/apic: Fix integer overflow on 10 bit left shift of cpu_khz (bsc#1112178).\n\n - x86/i8259: Use printk_deferred() to prevent deadlock (bsc#1112178).\n\n - x86/insn-eval: Use new for_each_insn_prefix() macro to loop over prefixes bytes (bsc#1112178).\n\n - x86/mm/ident_map: Check for errors from ident_pud_init() (bsc#1112178).\n\n - x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP (bsc#1112178).\n\n - x86/mm/numa: Remove uninitialized_var() usage (bsc#1112178).\n\n - x86/mm: Fix leak of pmd ptlock (bsc#1112178).\n\n - x86/mtrr: Correct the range check before performing MTRR type lookups (bsc#1112178).\n\n - x86/resctrl: Add necessary kernfs_put() calls to prevent refcount leak (bsc#1112178).\n\n - x86/resctrl: Do not move a task to the same resource group (bsc#1112178).\n\n - x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled (bsc#1112178).\n\n - x86/resctrl: Remove superfluous kernfs_get() calls to prevent refcount leak (bsc#1112178).\n\n - x86/resctrl: Remove unused struct mbm_state::chunks_bw (bsc#1112178).\n\n - x86/resctrl: Use an IPI instead of task_work_add() to update PQR_ASSOC MSR (bsc#1112178).\n\n - x86/speculation: Fix prctl() when spectre_v2_user=(seccomp,prctl),ibpb (bsc#1112178).\n\n - x86/tracing: Introduce a static key for exception tracing (bsc#1179895).\n\n - x86/traps: Simplify pagefault tracing logic (bsc#1179895).\n\n - x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes (bsc#1112178).\n\n - xhci: Give USB2 ports time to enter U3 in bus suspend (git-fixes).\n\n - xprtrdma: fix incorrect header size calculations (git-fixes).", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2021-01-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2021-75)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-20934", "CVE-2020-0444", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-11668", "CVE-2020-25639", "CVE-2020-27068", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-27825", "CVE-2020-28374", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158", "CVE-2020-4788"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-base", "p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "p-cpe:/a:novell:opensuse:kernel-vanilla", "p-cpe:/a:novell:opensuse:kernel-vanilla-base", "p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo", "p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel", "p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2021-75.NASL", "href": "https://www.tenable.com/plugins/nessus/145287", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-75.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145287);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2019-20934\",\n \"CVE-2020-0444\",\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-4788\",\n \"CVE-2020-11668\",\n \"CVE-2020-25639\",\n \"CVE-2020-27068\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-27825\",\n \"CVE-2020-28374\",\n \"CVE-2020-29568\",\n \"CVE-2020-29569\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\"\n );\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2021-75)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The openSUSE Leap 15.1 kernel was updated to receive various security\nand bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2020-29568: An issue was discovered in Xen through\n 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD)\n are processing watch events using a single thread. If\n the events are received faster than the thread is able\n to handle, they will get queued. As the queue is\n unbounded, a guest may be able to trigger an OOM in the\n backend. All systems with a FreeBSD, Linux, or NetBSD\n (any version) dom0 are vulnerable (bnc#1179508).\n\n - CVE-2020-29569: The Linux kernel PV block backend\n expects the kernel thread handler to reset ring->xenblkd\n to NULL when stopped. However, the handler may not have\n time to run if the frontend quickly toggles between the\n states connect and disconnect. As a consequence, the\n block backend may re-use a pointer after it was freed. A\n misbehaving guest can trigger a dom0 crash by\n continuously connecting / disconnecting a block\n frontend. Privilege escalation and information leaks\n cannot be ruled out. This only affects systems with a\n Linux blkback (bnc#1179509).\n\n - CVE-2020-25639: Bail out of nouveau_channel_new if\n channel init fails (bsc#1176846).\n\n - CVE-2020-28374: In drivers/target/target_core_xcopy.c\n insufficient identifier checking in the LIO SCSI target\n code can be used by remote attackers to read or write\n files via directory traversal in an XCOPY request, aka\n CID-2896c93811e3. For example, an attack can occur over\n a network if the attacker has access to one iSCSI LUN.\n The attacker gains control over file access because I/O\n operations are proxied via an attacker-selected\n backstore (bnc#1178372 1180676).\n\n - CVE-2020-36158: mwifiex_cmd_802_11_ad_hoc_start in\n drivers/net/wireless/marvell/mwifiex/join.c might allow\n remote attackers to execute arbitrary code via a long\n SSID value, aka CID-5c455c5ab332 (bnc#1180559).\n\n - CVE-2020-27825: A use-after-free flaw was found in\n kernel/trace/ring_buffer.c. There was a race problem in\n trace_open and resize of cpu buffer running parallely on\n different cpus, may cause a denial of service problem\n (DOS). This flaw could even allow a local attacker with\n special user privilege to a kernel information leak\n threat (bnc#1179960).\n\n - CVE-2020-0466: In do_epoll_ctl and ep_loop_check_proc of\n eventpoll.c, there is a possible use after free due to a\n logic error. This could lead to local escalation of\n privilege with no additional execution privileges\n needed. User interaction is not needed for exploitation\n (bnc#1180031).\n\n - CVE-2020-27068: In the nl80211_policy policy of\n nl80211.c, there is a possible out of bounds read due to\n a missing bounds check. This could lead to local\n information disclosure with System execution privileges\n needed. User interaction is not required for\n exploitation (bnc#1180086).\n\n - CVE-2020-0465: In various methods of hid-multitouch.c,\n there is a possible out of bounds write due to a missing\n bounds check. This could lead to local escalation of\n privilege with no additional execution privileges\n needed. User interaction is not needed for exploitation\n (bnc#1180029).\n\n - CVE-2020-0444: In audit_free_lsm_field of auditfilter.c,\n there is a possible bad kfree due to a logic error in\n audit_data_to_entry. This could lead to local escalation\n of privilege with no additional execution privileges\n needed. User interaction is not needed for exploitation\n (bnc#1180027).\n\n - CVE-2020-29660: A locking inconsistency issue was\n discovered in the tty subsystem of the Linux kernel\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may\n have allowed a read-after-free attack against TIOCGSID,\n aka CID-c8bcd9c5be24 (bnc#1179745).\n\n - CVE-2020-29661: A locking issue was discovered in the\n tty subsystem of the Linux kernel\n drivers/tty/tty_jobctrl.c allowed a use-after-free\n attack against TIOCSPGRP, aka CID-54ffccbf053b\n (bnc#1179745).\n\n - CVE-2020-27777: A flaw was found in the way RTAS handled\n memory accesses in userspace to kernel communication. On\n a locked down (usually due to Secure Boot) guest system\n running on top of PowerVM or KVM hypervisors (pseries\n platform) a root like local user could use this flaw to\n further increase their privileges to that of a running\n kernel (bnc#1179107).\n\n - CVE-2020-11668: In the Linux kernel before 5.6.1,\n drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink\n camera USB driver) mishandled invalid descriptors, aka\n CID-a246b4d54770 (bnc#1168952).\n\n - CVE-2019-20934: An issue was discovered in the Linux\n kernel On NUMA systems, the Linux fair scheduler has a\n use-after-free in show_numa_stats() because NUMA fault\n statistics are inappropriately freed, aka\n CID-16d51a590a8c (bnc#1179663).\n\n - CVE-2020-27786: A flaw was found in the Linux kernels\n implementation of MIDI, where an attacker with a local\n account and the permissions to issue an ioctl commands\n to midi devices, could trigger a use-after-free. A write\n to this specific memory while freed and before use could\n cause the flow of execution to change and possibly allow\n for memory corruption or privilege escalation\n (bnc#1179601).\n\n - CVE-2020-4788: IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1)\n processors could allow a local user to obtain sensitive\n information from the data in the L1 cache under\n extenuating circumstances. IBM X-Force ID: 189296\n (bnc#1177666).\n\nThe following non-security bugs were fixed :\n\n - ACPI: PNP: compare the string length in the\n matching_id() (git-fixes).\n\n - ACPICA: Disassembler: create buffer fields in\n ACPI_PARSE_LOAD_PASS1 (git-fixes).\n\n - ACPICA: Do not increment operation_region reference\n counts for field units (git-fixes).\n\n - ALSA: ca0106: fix error code handling (git-fixes).\n\n - ALSA: ctl: allow TLV read operation for callback type of\n element in locked case (git-fixes).\n\n - ALSA: hda - Fix silent audio output and corrupted input\n on MSI X570-A PRO (git-fixes).\n\n - ALSA: hda/ca0132 - Change Input Source enum strings\n (git-fixes).\n\n - ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg\n (git-fixes).\n\n - ALSA: hda/generic: Add option to enforce preferred_dacs\n pairs (git-fixes).\n\n - ALSA: hda/hdmi: always check pin power status in i915\n pin fixup (git-fixes).\n\n - ALSA: hda/realtek - Add new codec supported for ALC897\n (git-fixes).\n\n - ALSA: hda/realtek - Couldn't detect Mic if booting with\n headset plugged (git-fixes).\n\n - ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK\n with ALC255 (git-fixes).\n\n - ALSA: hda/realtek: Add mute LED quirk to yet another HP\n x360 model (git-fixes).\n\n - ALSA: hda/realtek: Add some Clove SSID in the\n ALC293(ALC1220) (git-fixes).\n\n - ALSA: hda/realtek: Enable front panel headset LED on\n Lenovo ThinkStation P520 (git-fixes).\n\n - ALSA: hda/realtek: Enable headset of ASUS UX482EG &\n B9400CEA with ALC294 (git-fixes).\n\n - ALSA: hda/via: Fix runtime PM for Clevo W35xSS\n (git-fixes).\n\n - ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to\n patch table (git-fixes).\n\n - ALSA: hda: Fix potential race in unsol event handler\n (git-fixes).\n\n - ALSA: hda: Fix regressions on clear and reconfig sysfs\n (git-fixes).\n\n - ALSA: info: Drop WARN_ON() from buffer NULL sanity check\n (git-fixes).\n\n - ALSA: isa/wavefront: prevent out of bounds write in\n ioctl (git-fixes).\n\n - ALSA: line6: Perform sanity check for each URB creation\n (git-fixes).\n\n - ALSA: pcm: Clear the full allocated memory at hw_params\n (git-fixes).\n\n - ALSA: pcm: oss: Fix a few more UBSAN fixes (git-fixes).\n\n - ALSA: pcm: oss: Fix potential out-of-bounds shift\n (git-fixes).\n\n - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw\n sanity check (git-fixes).\n\n - ALSA: timer: Limit max amount of slave instances\n (git-fixes).\n\n - ALSA: usb-audio: Add delay quirk for H570e USB headsets\n (git-fixes).\n\n - ALSA: usb-audio: Add delay quirk for all Logitech USB\n devices (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for MODX\n (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for Qu-16\n (git-fixes).\n\n - ALSA: usb-audio: Add implicit feedback quirk for Zoom\n UAC-2 (git-fixes).\n\n - ALSA: usb-audio: Add registration quirk for Kingston\n HyperX Cloud Alpha S (git-fixes).\n\n - ALSA: usb-audio: Add registration quirk for Kingston\n HyperX Cloud Flight S (git-fixes).\n\n - ALSA: usb-audio: Disable sample read check if firmware\n does not give back (git-fixes).\n\n - ALSA: usb-audio: Fix OOB access of mixer element list\n (git-fixes).\n\n - ALSA: usb-audio: Fix control 'access overflow' errors\n from chmap (git-fixes).\n\n - ALSA: usb-audio: Fix potential out-of-bounds shift\n (git-fixes).\n\n - ALSA: usb-audio: Fix race against the error recovery URB\n submission (git-fixes).\n\n - ALSA: usb-audio: US16x08: fix value count for level\n meters (git-fixes).\n\n - ALSA: usb-audio: add quirk for Denon DCD-1500RE\n (git-fixes).\n\n - ALSA: usb-audio: add quirk for Samsung USBC Headset\n (AKG) (git-fixes).\n\n - ALSA: usb-audio: add usb vendor id as DSD-capable for\n Khadas devices (git-fixes).\n\n - ASoC: arizona: Fix a wrong free in wm8997_probe\n (git-fixes).\n\n - ASoC: cx2072x: Fix doubly definitions of Playback and\n Capture streams (git-fixes).\n\n - ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA\n channel failed (git-fixes).\n\n - ASoC: jz4740-i2s: add missed checks for clk_get()\n (git-fixes).\n\n - ASoC: pcm3168a: The codec does not support S32_LE\n (git-fixes).\n\n - ASoC: pcm: DRAIN support reactivation (git-fixes).\n\n - ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile\n (git-fixes).\n\n - ASoC: sti: fix possible sleep-in-atomic (git-fixes).\n\n - ASoC: wm8904: fix regcache handling (git-fixes).\n\n - ASoC: wm8998: Fix PM disable depth imbalance on error\n (git-fixes).\n\n - ASoC: wm_adsp: Do not generate kcontrols without READ\n flags (git-fixes).\n\n - ASoC: wm_adsp: remove 'ctl' from list on error in\n wm_adsp_create_control() (git-fixes).\n\n - Avoid a GCC warning about '/*' within a comment.\n\n - Bluetooth: Fix advertising duplicated flags (git-fixes).\n\n - Bluetooth: Fix NULL pointer dereference in\n hci_event_packet() (git-fixes).\n\n - Bluetooth: Fix slab-out-of-bounds read in\n hci_le_direct_adv_report_evt() (git-fixes).\n\n - Bluetooth: add a mutex lock to avoid UAF in do_enale_set\n (git-fixes).\n\n - Bluetooth: btusb: Fix detection of some fake CSR\n controllers with a bcdDevice val of 0x0134 (git-fixes).\n\n - Drop a backported uvcvideo patch that caused a\n regression (bsc#1180117) Also blacklisting the commit\n\n - EDAC/amd64: Fix PCI component registration\n (bsc#1112178).\n\n - HID: Add another Primax PIXART OEM mouse quirk\n (git-fixes).\n\n - HID: Fix slab-out-of-bounds read in hid_field_extract\n (bsc#1180052).\n\n - HID: Improve Windows Precision Touchpad detection\n (git-fixes).\n\n - HID: apple: Disable Fn-key key-re-mapping on clone\n keyboards (git-fixes).\n\n - HID: core: Correctly handle ReportSize being zero\n (git-fixes).\n\n - HID: core: check whether Usage Page item is after Usage\n ID items (git-fixes).\n\n - HID: cypress: Support Varmilo Keyboards' media hotkeys\n (git-fixes).\n\n - HID: hid-sensor-hub: Fix issue with devices with no\n report ID (git-fixes).\n\n - HID: intel-ish-hid: fix wrong error handling in\n ishtp_cl_alloc_tx_ring() (git-fixes).\n\n - HID: logitech-hidpp: Silence intermittent\n get_battery_capacity errors (git-fixes).\n\n - HSI: omap_ssi: Do not jump to free ID in\n ssi_add_controller() (git-fixes).\n\n - Input: ads7846 - fix integer overflow on Rt calculation\n (git-fixes).\n\n - Input: ads7846 - fix race that causes missing releases\n (git-fixes).\n\n - Input: ads7846 - fix unaligned access on 7845\n (git-fixes).\n\n - Input: atmel_mxt_ts - disable IRQ across suspend\n (git-fixes).\n\n - Input: cm109 - do not stomp on control URB (git-fixes).\n\n - Input: cros_ec_keyb - send 'scancodes' in addition to\n key events (git-fixes).\n\n - Input: cyapa_gen6 - fix out-of-bounds stack access\n (git-fixes).\n\n - Input: goodix - add upside-down quirk for Teclast X98\n Pro tablet (git-fixes).\n\n - Input: i8042 - add Acer laptops to the i8042 reset list\n (git-fixes).\n\n - Input: i8042 - add ByteSpeed touchpad to noloop table\n (git-fixes).\n\n - Input: i8042 - add Entroware Proteus EL07R4 to nomux and\n reset lists (git-fixes).\n\n - Input: i8042 - allow insmod to succeed on devices\n without an i8042 controller (git-fixes).\n\n - Input: i8042 - fix error return code in\n i8042_setup_aux() (git-fixes).\n\n - Input: omap4-keypad - fix runtime PM error handling\n (git-fixes).\n\n - Input: synaptics - enable InterTouch for ThinkPad X1E\n 1st gen (git-fixes).\n\n - Input: trackpoint - add new trackpoint variant IDs\n (git-fixes).\n\n - Input: trackpoint - enable Synaptics trackpoints\n (git-fixes).\n\n - Input: xpad - support Ardwiino Controllers (git-fixes).\n\n - KVM: x86: reinstate vendor-agnostic check on SPEC_CTRL\n cpuid bits (bsc#1112178).\n\n - NFC: st95hf: Fix memleak in st95hf_in_send_cmd\n (git-fixes).\n\n - NFS: fix nfs_path in case of a rename retry (git-fixes).\n\n - NFSD: Add missing NFSv2 .pc_func methods (git-fixes).\n\n - NFSv4.2: fix client's attribute cache management for\n copy_file_range (git-fixes).\n\n - NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2\n EXCHANGE_ID flag (git-fixes).\n\n - PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X\n Bridges (git-fixes).\n\n - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085\n PCIe-to-PCI bridge (git-fixes).\n\n - PCI: Do not disable decoding when mmio_always_on is set\n (git-fixes).\n\n - PCI: Fix pci_slot_release() NULL pointer dereference\n (git-fixes).\n\n - PM / hibernate: memory_bm_find_bit(): Tighten node\n optimisation (git-fixes).\n\n - PM: ACPI: Output correct message on target power state\n (git-fixes).\n\n - PM: hibernate: Freeze kernel threads in\n software_resume() (git-fixes).\n\n - PM: hibernate: remove the bogus call to get_gendisk() in\n software_resume() (git-fixes).\n\n - Revert 'ACPI / resources: Use AE_CTRL_TERMINATE to\n terminate resources walks' (git-fixes).\n\n - Revert 'ALSA: hda - Fix silent audio output and\n corrupted input on MSI X570-A PRO' (git-fixes).\n\n - Revert 'PM / devfreq: Modify the device name as\n devfreq(X) for sysfs' (git-fixes).\n\n - Revert 'device property: Keep secondary firmware node\n secondary by type' (git-fixes).\n\n - Revert 'platform/x86: wmi: Destroy on cleanup rather\n than unregister' (git-fixes).\n\n - Revert 'powerpc/pseries/hotplug-cpu: Remove double free\n in error path' (bsc#1065729).\n\n - Revert 'serial: amba-pl011: Make sure we initialize the\n port.lock spinlock' (git-fixes).\n\n - SMB3: Honor 'handletimeout' flag for multiuser mounts\n (bsc#1176558).\n\n - SMB3: Honor 'posix' flag for multiuser mounts\n (bsc#1176559).\n\n - SMB3: Honor lease disabling for multiuser mounts\n (git-fixes).\n\n - SUNRPC: Properly set the @subbuf parameter of\n xdr_buf_subsegment() (git-fixes).\n\n - SUNRPC: The RDMA back channel mustn't disappear while\n requests are outstanding (git-fixes).\n\n - USB: Fix: Do not skip endpoint descriptors with\n maxpacket=0 (git-fixes).\n\n - USB: Skip endpoints with 0 maxpacket length (git-fixes).\n\n - USB: UAS: introduce a quirk to set no_write_same\n (git-fixes).\n\n - USB: add RESET_RESUME quirk for Snapscan 1212\n (git-fixes).\n\n - USB: dummy-hcd: Fix uninitialized array use in init()\n (git-fixes).\n\n - USB: gadget: f_acm: add support for SuperSpeed Plus\n (git-fixes).\n\n - USB: gadget: f_midi: setup SuperSpeed Plus descriptors\n (git-fixes).\n\n - USB: gadget: f_rndis: fix bitrate for SuperSpeed and\n above (git-fixes).\n\n - USB: gadget: legacy: fix return error code in\n acm_ms_bind() (git-fixes).\n\n - USB: ldusb: use unsigned size format specifiers\n (git-fixes).\n\n - USB: serial: ch341: add new Product ID for CH341A\n (git-fixes).\n\n - USB: serial: ch341: sort device-id entries (git-fixes).\n\n - USB: serial: digi_acceleport: clean up modem-control\n handling (git-fixes).\n\n - USB: serial: digi_acceleport: clean up set_termios\n (git-fixes).\n\n - USB: serial: digi_acceleport: fix write-wakeup deadlocks\n (git-fixes).\n\n - USB: serial: digi_acceleport: remove in_interrupt()\n usage.\n\n - USB: serial: digi_acceleport: remove redundant\n assignment to pointer priv (git-fixes).\n\n - USB: serial: digi_acceleport: rename tty flag variable\n (git-fixes).\n\n - USB: serial: digi_acceleport: use irqsave() in USB's\n complete callback (git-fixes).\n\n - USB: serial: iuu_phoenix: fix DMA from stack\n (git-fixes).\n\n - USB: serial: keyspan_pda: fix dropped unthrottle\n interrupts (git-fixes).\n\n - USB: serial: keyspan_pda: fix stalled writes\n (git-fixes).\n\n - USB: serial: keyspan_pda: fix tx-unthrottle\n use-after-free (git-fixes).\n\n - USB: serial: keyspan_pda: fix write deadlock\n (git-fixes).\n\n - USB: serial: keyspan_pda: fix write unthrottling\n (git-fixes).\n\n - USB: serial: keyspan_pda: fix write-wakeup\n use-after-free (git-fixes).\n\n - USB: serial: kl5kusb105: fix memleak on open\n (git-fixes).\n\n - USB: serial: mos7720: fix parallel-port state restore\n (git-fixes).\n\n - USB: serial: option: add Fibocom NL668 variants\n (git-fixes).\n\n - USB: serial: option: add interface-number sanity check\n to flag handling (git-fixes).\n\n - USB: serial: option: add support for Thales Cinterion\n EXS82 (git-fixes).\n\n - USB: serial: option: fix Quectel BG96 matching\n (git-fixes).\n\n - USB: xhci: fix U1/U2 handling for hardware with\n XHCI_INTEL_HOST quirk set (git-fixes).\n\n - USB: yurex: fix control-URB timeout handling\n (git-fixes).\n\n - ata/libata: Fix usage of page address by page_address in\n ata_scsi_mode_select_xlat function (git-fixes).\n\n - ath10k: Fix an error handling path (git-fixes).\n\n - ath10k: Release some resources in an error handling path\n (git-fixes).\n\n - ath10k: Remove msdu from idr when management pkt send\n fails (git-fixes).\n\n - ath10k: fix backtrace on coredump (git-fixes).\n\n - ath10k: fix get invalid tx rate for Mesh metric\n (git-fixes).\n\n - ath10k: fix offchannel tx failure when no\n ath10k_mac_tx_frm_has_freq (git-fixes).\n\n - ath6kl: fix enum-conversion warning (git-fixes).\n\n - ath9k_htc: Discard undersized packets (git-fixes).\n\n - ath9k_htc: Modify byte order for an error message\n (git-fixes).\n\n - ath9k_htc: Silence undersized packet warnings\n (git-fixes).\n\n - ath9k_htc: Use appropriate rs_datalen type (git-fixes).\n\n - backlight: lp855x: Ensure regulators are disabled on\n probe failure (git-fixes).\n\n - btmrvl: Fix firmware filename for sd8997 chipset\n (bsc#1172694).\n\n - btrfs: fix use-after-free on readahead extent after\n failure to create it (bsc#1179963).\n\n - btrfs: qgroup: do not commit transaction when we already\n hold the handle (bsc#1178634).\n\n - btrfs: qgroup: do not try to wait flushing if we're\n already holding a transaction (bsc#1179575).\n\n - btrfs: remove a BUG_ON() from merge_reloc_roots()\n (bsc#1174784).\n\n - bus: fsl-mc: fix error return code in\n fsl_mc_object_allocate() (git-fixes).\n\n - can: mcp251x: add error check when wq alloc failed\n (git-fixes).\n\n - can: softing: softing_netdev_open(): fix error handling\n (git-fixes).\n\n - cfg80211: initialize rekey_data (git-fixes).\n\n - cfg80211: regulatory: Fix inconsistent format argument\n (git-fixes).\n\n - cifs: add NULL check for ses->tcon_ipc (bsc#1178270).\n\n - cifs: allow syscalls to be restarted in\n __smb_send_rqst() (bsc#1176956).\n\n - cifs: fix check of tcon dfs in smb1 (bsc#1178270).\n\n - cifs: fix potential use-after-free in\n cifs_echo_request() (bsc#1139944).\n\n - cirrus: cs89x0: remove set but not used variable 'lp'\n (git-fixes).\n\n - cirrus: cs89x0: use devm_platform_ioremap_resource() to\n simplify code (git-fixes).\n\n - clk: at91: usb: continue if clk_hw_round_rate() return\n zero (git-fixes).\n\n - clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9\n (git-fixes).\n\n - clk: qcom: Allow constant ratio freq tables for rcg\n (git-fixes).\n\n - clk: qcom: msm8916: Fix the address location of\n pll->config_reg (git-fixes).\n\n - clk: s2mps11: Fix a resource leak in error handling\n paths in the probe function (git-fixes).\n\n - clk: samsung: exynos5433: Add IGNORE_UNUSED flag to\n sclk_i2s1 (git-fixes).\n\n - clk: sunxi-ng: Make sure divider tables have sentinel\n (git-fixes).\n\n - clk: tegra: Fix Tegra PMC clock out parents (git-fixes).\n\n - clk: tegra: Fix duplicated SE clock entry (git-fixes).\n\n - clk: ti: Fix memleak in ti_fapll_synth_setup\n (git-fixes).\n\n - clk: ti: composite: fix memory leak (git-fixes).\n\n - clk: ti: dra7-atl-clock: Remove ti_clk_add_alias call\n (git-fixes).\n\n - clocksource/drivers/asm9260: Add a check for of_clk_get\n (git-fixes).\n\n - coredump: fix core_pattern parse error (git-fixes).\n\n - cpufreq: highbank: Add missing MODULE_DEVICE_TABLE\n (git-fixes).\n\n - cpufreq: loongson1: Add missing MODULE_ALIAS\n (git-fixes).\n\n - cpufreq: scpi: Add missing MODULE_ALIAS (git-fixes).\n\n - cpufreq: st: Add missing MODULE_DEVICE_TABLE\n (git-fixes).\n\n - crypto: af_alg - avoid undefined behavior accessing\n salg_name (git-fixes).\n\n - crypto: omap-aes - Fix PM disable depth imbalance in\n omap_aes_probe (git-fixes).\n\n - crypto: qat - fix status check in\n qat_hal_put_rel_rd_xfer() (git-fixes).\n\n - crypto: talitos - Fix return type of current_desc_hdr()\n (git-fixes).\n\n - cw1200: fix missing destroy_workqueue() on error in\n cw1200_init_common (git-fixes).\n\n - dmaengine: xilinx_dma: check dma_async_device_register\n return value (git-fixes).\n\n - dmaengine: xilinx_dma: fix mixed_enum_type coverity\n warning (git-fixes).\n\n - docs: Fix reST markup when linking to sections\n (git-fixes).\n\n - drivers: base: Fix NULL pointer exception in\n __platform_driver_probe() if a driver developer is\n foolish (git-fixes).\n\n - drivers: soc: ti: knav_qmss_queue: Fix error return code\n in knav_queue_probe (git-fixes).\n\n - drm/amd/display: remove useless if/else (git-fixes).\n\n - drm/amdgpu: fix build_coefficients() argument\n (git-fixes).\n\n - drm/dp_aux_dev: check aux_dev before use in\n drm_dp_aux_dev_get_by_minor() (git-fixes).\n\n - drm/gma500: Fix out-of-bounds access to struct\n drm_device.vblank[] (bsc#1129770)\n\n - drm/gma500: fix double free of gma_connector\n (git-fixes).\n\n - drm/meson: dw-hdmi: Register a callback to disable the\n regulator (git-fixes).\n\n - drm/msm/dpu: Add newline to printks (git-fixes).\n\n - drm/msm/dsi_phy_10nm: implement PHY disabling\n (git-fixes).\n\n - drm/omap: dmm_tiler: fix return error code in\n omap_dmm_probe() (git-fixes).\n\n - drm/rockchip: Avoid uninitialized use of endpoint id in\n LVDS (git-fixes).\n\n - epoll: Keep a reference on files added to the check list\n (bsc#1180031).\n\n - ethernet: ucc_geth: fix use-after-free in\n ucc_geth_remove() (git-fixes).\n\n - ext4: correctly report 'not supported' for\n (usr,grp)jquota when !CONFIG_QUOTA (bsc#1179672).\n\n - ext4: fix bogus warning in ext4_update_dx_flag()\n (bsc#1179716).\n\n - ext4: fix error handling code in add_new_gdb\n (bsc#1179722).\n\n - ext4: fix invalid inode checksum (bsc#1179723).\n\n - ext4: fix leaking sysfs kobject after failed mount\n (bsc#1179670).\n\n - ext4: limit entries returned when counting fsmap records\n (bsc#1179671).\n\n - ext4: unlock xattr_sem properly in\n ext4_inline_data_truncate() (bsc#1179673).\n\n - extcon: max77693: Fix modalias string (git-fixes).\n\n - fbcon: Fix user font detection test at fbcon_resize().\n (bsc#1112178)\n\n - fbcon: Remove the superfluous break (bsc#1129770)\n\n - firmware: qcom: scm: Ensure 'a0' status code is treated\n as signed (git-fixes).\n\n - fix regression in 'epoll: Keep a reference on files\n added to the check list' (bsc#1180031, git-fixes).\n\n - forcedeth: use per cpu to collect xmit/recv statistics\n (git-fixes).\n\n - fs: Do not invalidate page buffers in\n block_write_full_page() (bsc#1179711).\n\n - geneve: change from tx_error to tx_dropped on missing\n metadata (git-fixes).\n\n - genirq/irqdomain: Add an irq_create_mapping_affinity()\n function (bsc#1065729).\n\n - gpio: arizona: handle pm_runtime_get_sync failure case\n (git-fixes).\n\n - gpio: gpio-grgpio: fix possible sleep-in-atomic-context\n bugs in grgpio_irq_map/unmap() (git-fixes).\n\n - gpio: max77620: Add missing dependency on\n GPIOLIB_IRQCHIP (git-fixes).\n\n - gpio: max77620: Fixup debounce delays (git-fixes).\n\n - gpio: max77620: Use correct unit for debounce times\n (git-fixes).\n\n - gpio: mpc8xxx: Add platform device to gpiochip->parent\n (git-fixes).\n\n - gpio: mvebu: fix potential user-after-free on probe\n (git-fixes).\n\n - gpiolib: acpi: Add honor_wakeup module-option + quirk\n mechanism (git-fixes).\n\n - gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2\n 10 BYT + AXP288 model (git-fixes).\n\n - gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2\n 10 CHT + AXP288 model (git-fixes).\n\n - gpiolib: acpi: Correct comment for HP x2 10 honor_wakeup\n quirk (git-fixes).\n\n - gpiolib: acpi: Rework honor_wakeup option into an\n ignore_wake option (git-fixes).\n\n - gpiolib: acpi: Turn dmi_system_id table into a generic\n quirk table (git-fixes).\n\n - gpiolib: fix up emulated open drain outputs (git-fixes).\n\n - hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow\n (git-fixes).\n\n - hwmon: (jc42) Fix name to have no illegal characters\n (git-fixes).\n\n - i2c: algo: pca: Reapply i2c bus settings after reset\n (git-fixes).\n\n - i2c: i801: Fix resume bug (git-fixes).\n\n - i2c: piix4: Detect secondary SMBus controller on AMD AM4\n chipsets (git-fixes).\n\n - i2c: pxa: clear all master action bits in\n i2c_pxa_stop_message() (git-fixes).\n\n - i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output\n (git-fixes).\n\n - i2c: qup: Fix error return code in\n qup_i2c_bam_schedule_desc() (git-fixes).\n\n - ibmvnic: add some debugs (bsc#1179896 ltc#190255).\n\n - ibmvnic: avoid memset null scrq msgs (bsc#1044767\n ltc#155231 git-fixes).\n\n - ibmvnic: continue fatal error reset after passive init\n (bsc#1171078 ltc#184239 git-fixes).\n\n - ibmvnic: delay next reset if hard reset fails\n (bsc#1094840 ltc#167098 git-fixes).\n\n - ibmvnic: enhance resetting status check during module\n exit (bsc#1065729).\n\n - ibmvnic: fix NULL pointer dereference in\n reset_sub_crq_queues (bsc#1040855 ltc#155067 git-fixes).\n\n - ibmvnic: fix call_netdevice_notifiers in do_reset\n (bsc#1115431 ltc#171853 git-fixes).\n\n - ibmvnic: fix: NULL pointer dereference (bsc#1044767\n ltc#155231 git-fixes).\n\n - ibmvnic: notify peers when failover and migration happen\n (bsc#1044120 ltc#155423 git-fixes).\n\n - ibmvnic: restore adapter state on failed reset\n (bsc#1152457 ltc#174432 git-fixes).\n\n - iio: adc: max1027: Reset the device at probe time\n (git-fixes).\n\n - iio: adc: rockchip_saradc: fix missing\n clk_disable_unprepare() on error in\n rockchip_saradc_resume (git-fixes).\n\n - iio: bmp280: fix compensation of humidity (git-fixes).\n\n - iio: buffer: Fix demux update (git-fixes).\n\n - iio: dac: ad5592r: fix unbalanced mutex unlocks in\n ad5592r_read_raw() (git-fixes).\n\n - iio: fix center temperature of bmc150-accel-core\n (git-fixes).\n\n - iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel\n reporting (git-fixes).\n\n - iio: light: bh1750: Resolve compiler warning and make\n code more readable (git-fixes).\n\n - iio: srf04: fix wrong limitation in distance measuring\n (git-fixes).\n\n - iio:imu:bmi160: Fix too large a buffer (git-fixes).\n\n - iio:pressure:mpl3115: Force alignment of buffer\n (git-fixes).\n\n - inet_ecn: Fix endianness of checksum update when setting\n ECT(1) (git-fixes).\n\n - ipw2x00: Fix -Wcast-function-type (git-fixes).\n\n - irqchip/alpine-msi: Fix freeing of interrupts on\n allocation error path (git-fixes).\n\n - iwlwifi: mvm: fix kernel panic in case of assert during\n CSA (git-fixes).\n\n - iwlwifi: mvm: fix unaligned read of rx_pkt_status\n (git-fixes).\n\n - iwlwifi: pcie: limit memory read spin time (git-fixes).\n\n - kABI fix for g2d (git-fixes).\n\n - kABI workaround for HD-audio generic parser (git-fixes).\n\n - kABI workaround for dsa/b53 changes (git-fixes).\n\n - kABI workaround for net/ipvlan changes (git-fixes).\n\n - kABI: ath10k: move a new structure member to the end\n (git-fixes).\n\n - kABI: genirq: add back irq_create_mapping (bsc#1065729).\n\n - kernel-source.spec: Fix build with rpm 4.16\n (boo#1179015).\n\n - kernel-(binary,source).spec.in: do not create loop\n symlinks (bsc#1179082)\n\n - kgdb: Fix spurious true from in_dbg_master()\n (git-fixes).\n\n - mac80211: Check port authorization in the\n ieee80211_tx_dequeue() case (git-fixes).\n\n - mac80211: allow rx of mesh eapol frames with default rx\n key (git-fixes).\n\n - mac80211: do not set set TDLS STA bandwidth wider than\n possible (git-fixes).\n\n - mac80211: fix authentication with iwlwifi/mvm\n (git-fixes).\n\n - mac80211: fix use of skb payload instead of header\n (git-fixes).\n\n - mac80211: mesh: fix mesh_pathtbl_init() error path\n (git-fixes).\n\n - matroxfb: avoid -Warray-bounds warning (git-fixes).\n\n - md-cluster: fix rmmod issue when md_cluster convert\n bitmap to none (bsc#1163727).\n\n - md-cluster: fix safemode_delay value when converting to\n clustered bitmap (bsc#1163727).\n\n - md-cluster: fix wild pointer of unlock_all_bitmaps()\n (bsc#1163727).\n\n - md/bitmap: fix memory leak of temporary bitmap\n (bsc#1163727).\n\n - md/bitmap: md_bitmap_get_counter returns wrong blocks\n (bsc#1163727).\n\n - md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks\n (bsc#1163727).\n\n - md/cluster: block reshape with remote resync job\n (bsc#1163727).\n\n - md/cluster: fix deadlock when node is doing resync job\n (bsc#1163727).\n\n - md/raid5: fix oops during stripe resizing (git-fixes).\n\n - media: am437x-vpfe: Setting STD to current value is not\n an error (git-fixes).\n\n - media: cec-funcs.h: add status_req checks (git-fixes).\n\n - media: cx88: Fix some error handling path in\n 'cx8800_initdev()' (git-fixes).\n\n - media: gp8psk: initialize stats at power control logic\n (git-fixes).\n\n - media: gspca: Fix memory leak in probe (git-fixes).\n\n - media: i2c: mt9v032: fix enum mbus codes and frame sizes\n (git-fixes).\n\n - media: i2c: ov2659: Fix missing 720p register config\n (git-fixes).\n\n - media: i2c: ov2659: fix s_stream return value\n (git-fixes).\n\n - media: msi2500: assign SPI bus number dynamically\n (git-fixes).\n\n - media: mtk-mdp: Fix a refcounting bug on error in init\n (git-fixes).\n\n - media: mtk-vcodec: add missing put_device() call in\n mtk_vcodec_release_dec_pm() (git-fixes).\n\n - media: platform: add missing put_device() call in\n mtk_jpeg_probe() and mtk_jpeg_remove() (git-patches).\n\n - media: pvrusb2: Fix oops on tear-down when radio support\n is not present (git-fixes).\n\n - media: s5p-g2d: Fix a memory leak in an error handling\n path in 'g2d_probe()' (git-fixes).\n\n - media: saa7146: fix array overflow in vidioc_s_audio()\n (git-fixes).\n\n - media: si470x-i2c: add missed operations in remove\n (git-fixes).\n\n - media: siano: fix memory leak of debugfs members in\n smsdvb_hotplug (git-fixes).\n\n - media: solo6x10: fix missing snd_card_free in error\n handling case (git-fixes).\n\n - media: sti: bdisp: fix a possible\n sleep-in-atomic-context bug in bdisp_device_run()\n (git-fixes).\n\n - media: sunxi-cir: ensure IR is handled when it is\n continuous (git-fixes).\n\n - media: ti-vpe: vpe: Make sure YUYV is set as default\n format (git-fixes).\n\n - media: ti-vpe: vpe: ensure buffers are cleaned up\n properly in abort cases (git-fixes).\n\n - media: ti-vpe: vpe: fix a v4l2-compliance failure about\n frame sequence number (git-fixes).\n\n - media: ti-vpe: vpe: fix a v4l2-compliance failure about\n invalid sizeimage (git-fixes).\n\n - media: ti-vpe: vpe: fix a v4l2-compliance failure\n causing a kernel panic (git-fixes).\n\n - media: ti-vpe: vpe: fix a v4l2-compliance warning about\n invalid pixel format (git-fixes).\n\n - media: uvcvideo: Set media controller entity functions\n (git-fixes).\n\n - media: uvcvideo: Silence shift-out-of-bounds warning\n (git-fixes).\n\n - media: v4l2-async: Fix trivial documentation typo\n (git-fixes).\n\n - media: v4l2-core: fix touch support in v4l_g_fmt\n (git-fixes).\n\n - media: v4l2-device.h: Explicitly compare grp(id,mask) to\n zero in v4l2_device macros (git-fixes).\n\n - mei: bus: do not clean driver pointer (git-fixes).\n\n - mei: protect mei_cl_mtu from null dereference\n (git-fixes).\n\n - memstick: fix a double-free bug in memstick_check\n (git-fixes).\n\n - memstick: r592: Fix error return in r592_probe()\n (git-fixes).\n\n - mfd: rt5033: Fix errorneous defines (git-fixes).\n\n - mfd: wm8994: Fix driver operation if loaded as modules\n (git-fixes).\n\n - misc: vmw_vmci: fix kernel info-leak by initializing\n dbells in vmci_ctx_get_chkpt_doorbells() (git-fixes).\n\n - mm,memory_failure: always pin the page in\n madvise_inject_error (bsc#1180258).\n\n - mm/userfaultfd: do not access vma->vm_mm after calling\n handle_userfault() (bsc#1179204).\n\n - mm: do not wake kswapd prematurely when watermark\n boosting is disabled (git fixes (mm/vmscan)).\n\n - mwifiex: fix mwifiex_shutdown_sw() causing sw reset\n failure (git-fixes).\n\n - net/smc: fix valid DMBE buffer sizes (git-fixes).\n\n - net/x25: prevent a couple of overflows (bsc#1178590).\n\n - net: aquantia: Fix aq_vec_isr_legacy() return value\n (git-fixes).\n\n - net: aquantia: fix LRO with FCS error (git-fixes).\n\n - net: bcmgenet: reapply manual settings to the PHY\n (git-fixes).\n\n - net: broadcom/bcmsysport: Fix signedness in\n bcm_sysport_probe() (git-fixes).\n\n - net: dsa: b53: Always use dev->vlan_enabled in\n b53_configure_vlan() (git-fixes).\n\n - net: dsa: b53: Ensure the default VID is untagged\n (git-fixes).\n\n - net: dsa: b53: Fix default VLAN ID (git-fixes).\n\n - net: dsa: b53: Properly account for VLAN filtering\n (git-fixes).\n\n - net: dsa: bcm_sf2: Do not assume DSA master supports WoL\n (git-fixes).\n\n - net: dsa: bcm_sf2: potential array overflow in\n bcm_sf2_sw_suspend() (git-fixes).\n\n - net: dsa: qca8k: remove leftover phy accessors\n (git-fixes).\n\n - net: ethernet: stmmac: Fix signedness bug in\n ipq806x_gmac_of_parse() (git-fixes).\n\n - net: ethernet: ti: cpsw: clear all entries when delete\n vid (git-fixes).\n\n - net: ethernet: ti: cpsw: fix runtime_pm while add/kill\n vlan (git-fixes).\n\n - net: hisilicon: Fix signedness bug in\n hix5hd2_dev_probe() (git-fixes).\n\n - net: macb: add missing barriers when reading descriptors\n (git-fixes).\n\n - net: macb: fix dropped RX frames due to a race\n (git-fixes).\n\n - net: macb: fix error format in dev_err() (git-fixes).\n\n - net: macb: fix random memory corruption on RX with\n 64-bit DMA (git-fixes). - blacklist.conf :\n\n - net: pasemi: fix an use-after-free in\n pasemi_mac_phy_init() (git-fixes).\n\n - net: phy: Avoid multiple suspends (git-fixes).\n\n - net: phy: micrel: Discern KSZ8051 and KSZ8795 PHYs\n (git-fixes).\n\n - net: phy: micrel: make sure the factory test bit is\n cleared (git-fixes).\n\n - net: qca_spi: Move reset_count to struct qcaspi\n (git-fixes).\n\n - net: seeq: Fix the function used to release some memory\n in an error handling path (git-fixes).\n\n - net: sh_eth: fix a missing check of of_get_phy_mode\n (git-fixes).\n\n - net: sonic: replace dev_kfree_skb in sonic_send_packet\n (git-fixes).\n\n - net: sonic: return NETDEV_TX_OK if failed to map buffer\n (git-fixes).\n\n - net: stmmac: Fix reception of Broadcom switches tags\n (git-fixes).\n\n - net: stmmac: dwmac-meson8b: Fix signedness bug in probe\n (git-fixes).\n\n - net: stmmac: fix csr_clk can't be zero issue\n (git-fixes).\n\n - net: stmmac: fix length of PTP clock's name string\n (git-fixes).\n\n - net: stmmac: gmac4+: Not all Unicast addresses may be\n available (git-fixes).\n\n - net: usb: sr9800: fix uninitialized local variable\n (git-fixes).\n\n - net:ethernet:aquantia: Extra spinlocks removed\n (git-fixes).\n\n - nfc: s3fwrn5: Release the nfc firmware (git-fixes).\n\n - nfc: s3fwrn5: add missing release on skb in\n s3fwrn5_recv_frame (git-fixes).\n\n - ocfs2: fix unbalanced locking (bsc#1180506).\n\n - ocfs2: initialize ip_next_orphan (bsc#1179724).\n\n - orinoco: Move context allocation after processing the\n skb (git-fixes).\n\n - pNFS/flexfiles: Fix list corruption if the mirror count\n changes (git-fixes).\n\n - parport: load lowlevel driver if ports not found\n (git-fixes).\n\n - phy: Revert toggling reset changes (git-fixes).\n\n - pinctrl: amd: fix __iomem annotation in\n amd_gpio_irq_handler() (git-fixes).\n\n - pinctrl: amd: fix npins for uart0 in kerncz_groups\n (git-fixes).\n\n - pinctrl: amd: remove debounce filter setting in IRQ type\n setting (git-fixes).\n\n - pinctrl: baytrail: Avoid clearing debounce value when\n turning it off (git-fixes).\n\n - pinctrl: falcon: add missing put_device() call in\n pinctrl_falcon_probe() (git-fixes).\n\n - pinctrl: merrifield: Set default bias in case no\n particular value given (git-fixes).\n\n - pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B\n (git-fixes).\n\n - platform/x86: acer-wmi: add automatic keyboard\n background light toggle key as KEY_LIGHTS_TOGGLE\n (git-fixes).\n\n - platform/x86: dell-smbios-base: Fix error return code in\n dell_smbios_init (git-fixes).\n\n - platform/x86: mlx-platform: Fix item counter assignment\n for MSN2700, MSN24xx systems (git-fixes).\n\n - platform/x86: mlx-platform: Remove PSU EEPROM from\n MSN274x platform configuration (git-fixes).\n\n - platform/x86: mlx-platform: Remove PSU EEPROM from\n default platform configuration (git-fixes).\n\n - platform/x86: mlx-platform: remove an unused variable\n (git-fixes).\n\n - power: supply: bq24190_charger: fix reference leak\n (git-fixes).\n\n - power: supply: bq27xxx_battery: Silence deferred-probe\n error (git-fixes).\n\n - powerpc/64: Set up a kernel stack for secondaries before\n cpu_restore() (bsc#1065729).\n\n - powerpc/64s/pseries: Fix hash tlbiel_all_isa300 for\n guest kernels (bsc#1179888 ltc#190253).\n\n - powerpc/64s: Fix hash ISA v3.0 TLBIEL instruction\n generation (bsc#1055117 ltc#159753 git-fixes bsc#1179888\n ltc#190253).\n\n - powerpc/pci: Fix broken INTx configuration via OF\n (bsc#1172145 ltc#184630).\n\n - powerpc/pci: Remove LSI mappings on device teardown\n (bsc#1172145 ltc#184630).\n\n - powerpc/pci: Remove legacy debug code (bsc#1172145\n ltc#184630 git-fixes).\n\n - powerpc/pci: Use of_irq_parse_and_map_pci() helper\n (bsc#1172145 ltc#184630).\n\n - powerpc/perf: Add generic compat mode pmu driver\n (bsc#1178900 ltc#189284).\n\n - powerpc/perf: Fix crash with is_sier_available when pmu\n is not set (bsc#1179578 ltc#189313).\n\n - powerpc/perf: Fix crashes with generic_compat_pmu & BHRB\n (bsc#1178900 ltc#189284 git-fixes).\n\n - powerpc/perf: init pmu from core-book3s (bsc#1178900\n ltc#189284).\n\n - powerpc/pseries/hibernation: remove redundant cacheinfo\n update (bsc#1138374 ltc#178199 git-fixes).\n\n - powerpc/pseries: Pass MSI affinity to\n irq_create_mapping() (bsc#1065729).\n\n - powerpc/smp: Add __init to init_big_cores() (bsc#1109695\n ltc#171067 git-fixes).\n\n - powerpc/xmon: Change printk() to pr_cont()\n (bsc#1065729).\n\n - powerpc: Convert to using %pOF instead of full_name\n (bsc#1172145 ltc#184630).\n\n - powerpc: Fix incorrect stw(, ux, u, x) instructions in\n __set_pte_at (bsc#1065729).\n\n - ppp: remove the PPPIOCDETACH ioctl (git-fixes).\n\n - pwm: lp3943: Dynamically allocate PWM chip base\n (git-fixes).\n\n - quota: clear padding in v2r1_mem2diskdqb()\n (bsc#1179714).\n\n - radeon: insert 10ms sleep in dce5_crtc_load_lut\n (git-fixes).\n\n - ravb: Fix use-after-free ravb_tstamp_skb (git-fixes).\n\n - regmap: Remove duplicate `type` field from regmap\n `regcache_sync` trace event (git-fixes).\n\n - regmap: debugfs: check count when read regmap file\n (git-fixes).\n\n - regmap: dev_get_regmap_match(): fix string comparison\n (git-fixes).\n\n - regulator: max8907: Fix the usage of uninitialized\n variable in max8907_regulator_probe() (git-fixes).\n\n - regulator: pfuze100-regulator: Variable 'val' in\n pfuze100_regulator_probe() could be uninitialized\n (git-fixes).\n\n - regulator: ti-abb: Fix timeout in\n ti_abb_wait_txdone/ti_abb_clear_all_txdone (git-fixes).\n\n - reiserfs: Fix oops during mount (bsc#1179715).\n\n - reiserfs: Initialize inode keys properly (bsc#1179713).\n\n - remoteproc: Fix wrong rvring index computation\n (git-fixes).\n\n - rfkill: Fix incorrect check to avoid NULL pointer\n dereference (git-fixes).\n\n - rpm/kernel-binary.spec.in: avoid using barewords\n (bsc#1179014) \n\n - rpm/kernel-binary.spec.in: avoid using more barewords\n (bsc#1179014) \n\n - rpm/kernel-binary.spec.in: use grep -E instead of egrep\n (bsc#1179045) \n\n - rpm/kernel-obs-build.spec.in: Add -q option to modprobe\n calls (bsc#1178401)\n\n - rpm/kernel-(source,binary).spec: do not include ghost\n symlinks (boo#1179082).\n\n - rtc: 88pm860x: fix possible race condition (git-fixes).\n\n - rtc: hym8563: enable wakeup when applicable (git-fixes).\n\n - rtl8xxxu: fix RTL8723BU connection failure issue after\n warm reboot (git-fixes).\n\n - rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt()\n (git-fixes).\n\n - s390/bpf: Fix multiple tail calls (git-fixes).\n\n - s390/cpuinfo: show processor physical address\n (git-fixes).\n\n - s390/cpum_sf.c: fix file permission for cpum_sfb_size\n (git-fixes).\n\n - s390/dasd: fix hanging device offline processing\n (bsc#1144912).\n\n - s390/dasd: fix NULL pointer dereference for ERP requests\n (git-fixes).\n\n - s390/pci: fix CPU address in MSI for directed IRQ\n (git-fixes).\n\n - s390/qeth: fix af_iucv notification race (git-fixes).\n\n - s390/qeth: fix tear down of async TX buffers\n (git-fixes).\n\n - s390/qeth: make af_iucv TX notification call more robust\n (git-fixes).\n\n - s390/stp: add locking to sysfs functions (git-fixes).\n\n - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (git-fixes).\n\n - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros:\n section\n\n - scsi: Remove unneeded break statements (bsc#1164780).\n\n - scsi: core: Fix VPD LUN ID designator priorities\n (bsc#1178049, git-fixes).\n\n - scsi: lpfc: Add FDMI Vendor MIB support (bsc#1164780).\n\n - scsi: lpfc: Convert SCSI I/O completions to SLI-3 and\n SLI-4 handlers (bsc#1164780).\n\n - scsi: lpfc: Convert SCSI path to use common I/O\n submission path (bsc#1164780).\n\n - scsi: lpfc: Convert abort handling to SLI-3 and SLI-4\n handlers (bsc#1164780).\n\n - scsi: lpfc: Correct null ndlp reference on routine exit\n (bsc#1164780).\n\n - scsi: lpfc: Drop nodelist reference on error in\n lpfc_gen_req() (bsc#1164780).\n\n - scsi: lpfc: Enable common send_io interface for SCSI and\n NVMe (bsc#1164780).\n\n - scsi: lpfc: Enable common wqe_template support for both\n SCSI and NVMe (bsc#1164780).\n\n - scsi: lpfc: Enlarge max_sectors in scsi host templates\n (bsc#1164780).\n\n - scsi: lpfc: Extend the RDF FPIN Registration descriptor\n for additional events (bsc#1164780).\n\n - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in\n pt2pt discovery (bsc#1164780).\n\n - scsi: lpfc: Fix NPIV Fabric Node reference counting\n (bsc#1164780).\n\n - scsi: lpfc: Fix NPIV discovery and Fabric Node detection\n (bsc#1164780).\n\n - scsi: lpfc: Fix duplicate wq_create_version check\n (bsc#1164780).\n\n - scsi: lpfc: Fix fall-through warnings for Clang\n (bsc#1164780).\n\n - scsi: lpfc: Fix invalid sleeping context in\n lpfc_sli4_nvmet_alloc() (bsc#1164780).\n\n - scsi: lpfc: Fix memory leak on lcb_context\n (bsc#1164780).\n\n - scsi: lpfc: Fix missing prototype for\n lpfc_nvmet_prep_abort_wqe() (bsc#1164780).\n\n - scsi: lpfc: Fix missing prototype warning for\n lpfc_fdmi_vendor_attr_mi() (bsc#1164780).\n\n - scsi: lpfc: Fix pointer defereference before it is null\n checked issue (bsc#1164780).\n\n - scsi: lpfc: Fix refcounting around SCSI and NVMe\n transport APIs (bsc#1164780).\n\n - scsi: lpfc: Fix removal of SCSI transport device get and\n put on dev structure (bsc#1164780).\n\n - scsi: lpfc: Fix scheduling call while in softirq context\n in lpfc_unreg_rpi (bsc#1164780).\n\n - scsi: lpfc: Fix set but not used warnings from Rework\n remote port lock handling (bsc#1164780).\n\n - scsi: lpfc: Fix set but unused variables in\n lpfc_dev_loss_tmo_handler() (bsc#1164780).\n\n - scsi: lpfc: Fix spelling mistake 'Cant' -> 'Can't'\n (bsc#1164780).\n\n - scsi: lpfc: Fix variable 'vport' set but not used in\n lpfc_sli4_abts_err_handler() (bsc#1164780).\n\n - scsi: lpfc: Refactor WQE structure definitions for\n common use (bsc#1164780).\n\n - scsi: lpfc: Reject CT request for MIB commands\n (bsc#1164780).\n\n - scsi: lpfc: Remove dead code on second !ndlp check\n (bsc#1164780).\n\n - scsi: lpfc: Remove ndlp when a PLOGI/ADISC/PRLI/REG_RPI\n ultimately fails (bsc#1164780).\n\n - scsi: lpfc: Remove set but not used 'qp' (bsc#1164780).\n\n - scsi: lpfc: Remove unneeded variable 'status' in\n lpfc_fcp_cpu_map_store() (bsc#1164780).\n\n - scsi: lpfc: Removed unused macros in lpfc_attr.c\n (bsc#1164780).\n\n - scsi: lpfc: Rework locations of ndlp reference taking\n (bsc#1164780).\n\n - scsi: lpfc: Rework remote port lock handling\n (bsc#1164780).\n\n - scsi: lpfc: Rework remote port ref counting and node\n freeing (bsc#1164780).\n\n - scsi: lpfc: Unsolicited ELS leaves node in incorrect\n state while dropping it (bsc#1164780).\n\n - scsi: lpfc: Update changed file copyrights for 2020\n (bsc#1164780).\n\n - scsi: lpfc: Update lpfc version to 12.8.0.4\n (bsc#1164780).\n\n - scsi: lpfc: Update lpfc version to 12.8.0.5\n (bsc#1164780).\n\n - scsi: lpfc: Update lpfc version to 12.8.0.6\n (bsc#1164780).\n\n - scsi: lpfc: Use generic power management (bsc#1164780).\n\n - scsi: lpfc: lpfc_attr: Demote kernel-doc format for\n redefined functions (bsc#1164780).\n\n - scsi: lpfc: lpfc_attr: Fix-up a bunch of kernel-doc\n misdemeanours (bsc#1164780).\n\n - scsi: lpfc: lpfc_debugfs: Fix a couple of function\n documentation issues (bsc#1164780).\n\n - scsi: lpfc: lpfc_scsi: Fix a whole host of kernel-doc\n issues (bsc#1164780).\n\n - scsi: qla2xxx: Change post del message from debug level\n to log level (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Convert to DEFINE_SHOW_ATTRIBUTE\n (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Do not check for fw_started while posting\n NVMe command (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Do not consume srb greedily (bsc#1172538\n bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG\n (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Fix FW initialization error on big endian\n machines (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Fix N2N and NVMe connect retry failure\n (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Fix compilation issue in PPC systems\n (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Fix crash during driver load on big\n endian machines (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Fix device loss on 4G and older HBAs\n (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Fix flash update in 28XX adapters on big\n endian machines (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Fix return of uninitialized value in rval\n (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Fix the call trace for flush workqueue\n (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Handle aborts correctly for port\n undergoing deletion (bsc#1172538 bsc#1179142\n bsc#1179810).\n\n - scsi: qla2xxx: Handle incorrect entry_type entries\n (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: If fcport is undergoing deletion complete\n I/O with retry (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Initialize variable in qla8044_poll_reg()\n (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Limit interrupt vectors to number of CPUs\n (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Move sess cmd list/lock to driver\n (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Remove in_interrupt() from\n qla82xx-specific code (bsc#1172538 bsc#1179142\n bsc#1179810).\n\n - scsi: qla2xxx: Remove in_interrupt() from\n qla83xx-specific code (bsc#1172538 bsc#1179142\n bsc#1179810).\n\n - scsi: qla2xxx: Remove trailing semicolon in macro\n definition (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Return EBUSY on fcport deletion\n (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Tear down session if FW say it is down\n (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Update version to 10.02.00.104-k\n (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: Use constant when it is known\n (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: qla2xxx: remove incorrect sparse #ifdef\n (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - scsi: storvsc: Fix error return in storvsc_probe()\n (git-fixes).\n\n - scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt())\n (bsc#1172538 bsc#1179142 bsc#1179810).\n\n - serial: 8250_omap: Avoid FIFO corruption caused by MDR1\n access (git-fixes).\n\n - serial: 8250_pci: Add Realtek 816a and 816b (git-fixes).\n\n - serial: amba-pl011: Make sure we initialize the\n port.lock spinlock (git-fixes).\n\n - serial: ar933x_uart: set UART_CS_(RX,TX)_READY_ORIDE\n (git-fixes).\n\n - serial: txx9: add missing platform_driver_unregister()\n on error in serial_txx9_init (git-fixes).\n\n - serial_core: Check for port state when tty is in error\n state (git-fixes).\n\n - soc/tegra: fuse: Fix index bug in get_process_id\n (git-fixes).\n\n - soc: imx: gpc: fix power up sequencing (git-fixes).\n\n - soc: mediatek: Check if power domains can be powered on\n at boot time (git-fixes).\n\n - soc: qcom: smp2p: Safely acquire spinlock without IRQs\n (git-fixes).\n\n - soc: ti: Fix reference imbalance in knav_dma_probe\n (git-fixes).\n\n - soc: ti: knav_qmss: fix reference leak in\n knav_queue_probe (git-fixes).\n\n - spi: Add call to spi_slave_abort() function when spidev\n driver is released (git-fixes).\n\n - spi: Fix memory leak on splited transfers (git-fixes).\n\n - spi: bcm63xx-hsspi: fix missing clk_disable_unprepare()\n on error in bcm63xx_hsspi_resume (git-fixes).\n\n - spi: davinci: Fix use-after-free on unbind (git-fixes).\n\n - spi: dw: Enable interrupts in accordance with DMA xfer\n mode (git-fixes).\n\n - spi: dw: Fix Rx-only DMA transfers (git-fixes).\n\n - spi: dw: Return any value retrieved from the\n dma_transfer callback (git-fixes).\n\n - spi: img-spfi: fix potential double release (git-fixes).\n\n - spi: img-spfi: fix reference leak in img_spfi_resume\n (git-fixes).\n\n - spi: pic32: Do not leak DMA channels in probe error path\n (git-fixes).\n\n - spi: pxa2xx: Add missed security checks (git-fixes).\n\n - spi: spi-cavium-thunderx: Add missing\n pci_release_regions() (git-fixes).\n\n - spi: spi-loopback-test: Fix out-of-bounds read\n (git-fixes).\n\n - spi: spi-mem: Fix passing zero to 'PTR_ERR' warning\n (git-fixes).\n\n - spi: spi-mem: fix reference leak in spi_mem_access_start\n (git-fixes).\n\n - spi: spi-ti-qspi: fix reference leak in ti_qspi_setup\n (git-fixes).\n\n - spi: spidev: fix a potential use-after-free in\n spidev_release() (git-fixes).\n\n - spi: st-ssc4: Fix unbalanced pm_runtime_disable() in\n probe error path (git-fixes).\n\n - spi: st-ssc4: add missed pm_runtime_disable (git-fixes).\n\n - spi: tegra114: fix reference leak in tegra spi ops\n (git-fixes).\n\n - spi: tegra20-sflash: fix reference leak in\n tegra_sflash_resume (git-fixes).\n\n - spi: tegra20-slink: add missed clk_unprepare\n (git-fixes).\n\n - spi: tegra20-slink: fix reference leak in slink ops of\n tegra20 (git-fixes).\n\n - splice: only read in as much information as there is\n pipe buffer space (bsc#1179520).\n\n - staging: comedi: check validity of wMaxPacketSize of usb\n endpoints found (git-fixes).\n\n - staging: comedi: gsc_hpdi: check dma_alloc_coherent()\n return value (git-fixes).\n\n - staging: comedi: mf6x4: Fix AI end-of-conversion\n detection (git-fixes).\n\n - staging: olpc_dcon: Do not call\n platform_device_unregister() in dcon_probe()\n (git-fixes).\n\n - staging: olpc_dcon: add a missing dependency\n (git-fixes).\n\n - staging: rtl8188eu: Add device code for TP-Link\n TL-WN727N v5.21 (git-fixes).\n\n - staging: rtl8188eu: Add device id for MERCUSYS MW150US\n v2 (git-fixes).\n\n - staging: rtl8188eu: fix possible null dereference\n (git-fixes).\n\n - staging: rtl8192u: fix multiple memory leaks on error\n path (git-fixes).\n\n - staging: vt6656: set usb_set_intfdata on driver fail\n (git-fixes).\n\n - staging: wlan-ng: fix out of bounds read in\n prism2sta_probe_usb() (git-fixes).\n\n - staging: wlan-ng: properly check endpoint types\n (git-fixes).\n\n - sunrpc: fixed rollback in rpc_gssd_dummy_populate()\n (git-fixes).\n\n - thunderbolt: Use 32-bit writes when writing ring\n producer/consumer (git-fixes).\n\n - timer: Fix wheel index calculation on last level (git\n fixes)\n\n - timer: Prevent base->clk from moving backward\n (git-fixes)\n\n - tty: Fix ->pgrp locking in tiocspgrp() (git-fixes).\n\n - tty: always relink the port (git-fixes).\n\n - tty: link tty and port before configuring it as console\n (git-fixes).\n\n - tty: synclink_gt: Adjust indentation in several\n functions (git-fixes).\n\n - tty: synclinkmp: Adjust indentation in several functions\n (git-fixes).\n\n - tty:serial:mvebu-uart:fix a wrong return (git-fixes).\n\n - uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define\n (git-fixes).\n\n - uapi/if_ether.h: prevent redefinition of struct ethhdr\n (git-fixes).\n\n - usb: chipidea: ci_hdrc_imx: Pass\n DISABLE_DEVICE_STREAMING flag to imx6ul (git-fixes).\n\n - usb: chipidea: ci_hdrc_imx: add missing put_device()\n call in usbmisc_get_init_data() (git-fixes).\n\n - usb: dwc2: Fix IN FIFO allocation (git-fixes).\n\n - usb: dwc3: remove the call trace of USBx_GFLADJ\n (git-fixes).\n\n - usb: dwc3: ulpi: Use VStsDone to detect PHY regs access\n completion (git-fixes).\n\n - usb: ehci-omap: Fix PM disable depth umbalance in\n ehci_hcd_omap_probe (git-fixes).\n\n - usb: fsl: Check memory resource before releasing it\n (git-fixes).\n\n - usb: gadget: composite: Fix possible double free memory\n bug (git-fixes).\n\n - usb: gadget: configfs: Fix missing spin_lock_init()\n (git-fixes).\n\n - usb: gadget: configfs: Preserve function ordering after\n bind failure (git-fixes).\n\n - usb: gadget: configfs: fix concurrent issue between\n composite APIs (git-fixes).\n\n - usb: gadget: f_fs: Use local copy of descriptors for\n userspace copy (git-fixes).\n\n - usb: gadget: f_uac2: reset wMaxPacketSize (git-fixes).\n\n - usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ\n flags (git-fixes).\n\n - usb: gadget: fix wrong endpoint desc (git-fixes).\n\n - usb: gadget: goku_udc: fix potential crashes in probe\n (git-fixes).\n\n - usb: gadget: net2280: fix memory leak on probe error\n handling paths (git-fixes).\n\n - usb: gadget: select CONFIG_CRC32 (git-fixes).\n\n - usb: gadget: serial: fix Tx stall after buffer overflow\n (git-fixes).\n\n - usb: gadget: udc: fix possible sleep-in-atomic-context\n bugs in gr_probe() (git-fixes).\n\n - usb: gadget: udc: gr_udc: fix memleak on error handling\n path in gr_ep_init() (git-fixes).\n\n - usb: hso: Fix debug compile warning on sparc32\n (git-fixes).\n\n - usb: musb: omap2430: Get rid of musb .set_vbus for\n omap2430 glue (git-fixes).\n\n - usb: oxu210hp-hcd: Fix memory leak in oxu_create\n (git-fixes).\n\n - usb: usbfs: Suppress problematic bind and unbind uevents\n (git-fixes).\n\n - usblp: poison URBs upon disconnect (git-fixes).\n\n - usbnet: ipheth: fix connectivity with iOS 14\n (git-fixes).\n\n - video: fbdev: neofb: fix memory leak in\n neo_scan_monitor() (git-fixes).\n\n - vt: Reject zero-sized screen buffer size (git-fixes).\n\n - vt: do not hardcode the mem allocation upper bound\n (git-fixes).\n\n - wan: ds26522: select CONFIG_BITREVERSE (git-fixes).\n\n - watchdog: coh901327: add COMMON_CLK dependency\n (git-fixes).\n\n - watchdog: da9062: No need to ping manually before\n setting timeout (git-fixes).\n\n - watchdog: da9062: do not ping the hw during stop()\n (git-fixes).\n\n - watchdog: qcom: Avoid context switch in restart handler\n (git-fixes).\n\n - watchdog: sirfsoc: Add missing dependency on HAS_IOMEM\n (git-fixes).\n\n - wil6210: select CONFIG_CRC32 (git-fixes).\n\n - wimax: fix duplicate initializer warning (git-fixes).\n\n - wireless: Use linux/stddef.h instead of stddef.h\n (git-fixes).\n\n - wireless: Use offsetof instead of custom macro\n (git-fixes).\n\n - x86/apic: Fix integer overflow on 10 bit left shift of\n cpu_khz (bsc#1112178).\n\n - x86/i8259: Use printk_deferred() to prevent deadlock\n (bsc#1112178).\n\n - x86/insn-eval: Use new for_each_insn_prefix() macro to\n loop over prefixes bytes (bsc#1112178).\n\n - x86/mm/ident_map: Check for errors from ident_pud_init()\n (bsc#1112178).\n\n - x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP\n (bsc#1112178).\n\n - x86/mm/numa: Remove uninitialized_var() usage\n (bsc#1112178).\n\n - x86/mm: Fix leak of pmd ptlock (bsc#1112178).\n\n - x86/mtrr: Correct the range check before performing MTRR\n type lookups (bsc#1112178).\n\n - x86/resctrl: Add necessary kernfs_put() calls to prevent\n refcount leak (bsc#1112178).\n\n - x86/resctrl: Do not move a task to the same resource\n group (bsc#1112178).\n\n - x86/resctrl: Fix incorrect local bandwidth when mba_sc\n is enabled (bsc#1112178).\n\n - x86/resctrl: Remove superfluous kernfs_get() calls to\n prevent refcount leak (bsc#1112178).\n\n - x86/resctrl: Remove unused struct mbm_state::chunks_bw\n (bsc#1112178).\n\n - x86/resctrl: Use an IPI instead of task_work_add() to\n update PQR_ASSOC MSR (bsc#1112178).\n\n - x86/speculation: Fix prctl() when\n spectre_v2_user=(seccomp,prctl),ibpb (bsc#1112178).\n\n - x86/tracing: Introduce a static key for exception\n tracing (bsc#1179895).\n\n - x86/traps: Simplify pagefault tracing logic\n (bsc#1179895).\n\n - x86/uprobes: Do not use prefixes.nbytes when looping\n over prefixes.bytes (bsc#1112178).\n\n - xhci: Give USB2 ports time to enter U3 in bus suspend\n (git-fixes).\n\n - xprtrdma: fix incorrect header size calculations\n (git-fixes).\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1040855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1044120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1044767\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1055117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1109695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1112178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1115431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1129770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1138374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1139944\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1144912\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1163727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1164780\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1168952\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1171078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172694\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174784\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176846\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176956\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178049\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178270\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179142\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179508\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179520\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179578\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179670\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179673\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179711\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179713\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179714\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179722\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179723\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179724\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179888\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179963\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1180027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1180029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1180031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1180052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1180086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1180117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1180258\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1180506\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1180559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1180676\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected the Linux Kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-36158\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-29569\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-vanilla-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-4.12.14-lp151.28.91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-base-4.12.14-lp151.28.91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-base-debuginfo-4.12.14-lp151.28.91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-debuginfo-4.12.14-lp151.28.91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-debugsource-4.12.14-lp151.28.91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-devel-4.12.14-lp151.28.91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-debug-devel-debuginfo-4.12.14-lp151.28.91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-4.12.14-lp151.28.91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-base-4.12.14-lp151.28.91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-base-debuginfo-4.12.14-lp151.28.91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-debuginfo-4.12.14-lp151.28.91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-debugsource-4.12.14-lp151.28.91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-devel-4.12.14-lp151.28.91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-default-devel-debuginfo-4.12.14-lp151.28.91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-devel-4.12.14-lp151.28.91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-docs-html-4.12.14-lp151.28.91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-4.12.14-lp151.28.91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-base-4.12.14-lp151.28.91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-base-debuginfo-4.12.14-lp151.28.91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-debuginfo-4.12.14-lp151.28.91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-debugsource-4.12.14-lp151.28.91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-devel-4.12.14-lp151.28.91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-kvmsmall-devel-debuginfo-4.12.14-lp151.28.91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-macros-4.12.14-lp151.28.91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-build-4.12.14-lp151.28.91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-build-debugsource-4.12.14-lp151.28.91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-obs-qa-4.12.14-lp151.28.91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-source-4.12.14-lp151.28.91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-source-vanilla-4.12.14-lp151.28.91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-syms-4.12.14-lp151.28.91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-4.12.14-lp151.28.91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-base-4.12.14-lp151.28.91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-lp151.28.91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-debuginfo-4.12.14-lp151.28.91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-debugsource-4.12.14-lp151.28.91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-devel-4.12.14-lp151.28.91.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"kernel-vanilla-devel-debuginfo-4.12.14-lp151.28.91.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-base / kernel-debug-base-debuginfo / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-23T15:14:59", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc.Security Fix(es):An issue was discovered in\n __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.(CVE-2020-29368)An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.(CVE-2020-29370)An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.(CVE-2020-29371)An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.(CVE-2019-20934)kernel:use-after-free read in sunkbd_reinit in drivers/input/keyboard/sunkbd.c(CVE-2020-25669)A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.(CVE-2020-28915)IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID:\n 189296.(CVE-2020-4788)kernel: powerpc: RTAS calls can be used to compromise kernel integrity(CVE-2020-27777)There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.(CVE-2020-10690)An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x. Guest OS users can cause a denial of service (host OS hang) via a high rate of events to dom0, aka CID-e99502f76271.(CVE-2020-27673)An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x.\n drivers/xen/events/events_base.c allows event-channel removal during the event-handling loop (a race condition). This can cause a use-after-free or NULL pointer dereference, as demonstrated by a dom0 crash via events for an in-reconfiguration paravirtualized device, aka CID-073d0552ead5.(CVE-2020-27675)A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.(CVE-2020-25704)Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2020-8694)kernel: race condition in fg_console can lead to use-after-free in con_font_op(CVE-2020-25668)A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allows to quickly scan open UDP ports.\n This flaw allows an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Kernel versions before 5.10 may be vulnerable to this issue.(CVE-2020-25705)A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095.\n This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.(CVE-2020-28974)A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.(CVE-2020-25656)In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459(CVE-2020-0431)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-12-14T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-2514)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-20934", "CVE-2020-0431", "CVE-2020-10690", "CVE-2020-25656", "CVE-2020-25668", "CVE-2020-25669", "CVE-2020-25704", "CVE-2020-25705", "CVE-2020-27673", "CVE-2020-27675", "CVE-2020-27777", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29368", "CVE-2020-29370", "CVE-2020-29371", "CVE-2020-4788", "CVE-2020-8694"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:bpftool", "p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-source", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2514.NASL", "href": "https://www.tenable.com/plugins/nessus/144168", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144168);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2019-20934\",\n \"CVE-2020-0431\",\n \"CVE-2020-4788\",\n \"CVE-2020-8694\",\n \"CVE-2020-10690\",\n \"CVE-2020-25656\",\n \"CVE-2020-25668\",\n \"CVE-2020-25669\",\n \"CVE-2020-25704\",\n \"CVE-2020-25705\",\n \"CVE-2020-27673\",\n \"CVE-2020-27675\",\n \"CVE-2020-27777\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\",\n \"CVE-2020-29368\",\n \"CVE-2020-29370\",\n \"CVE-2020-29371\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-2514)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc.Security Fix(es):An issue was discovered in\n __split_huge_pmd in mm/huge_memory.c in the Linux\n kernel before 5.7.5. The copy-on-write implementation\n can grant unintended write access because of a race\n condition in a THP mapcount check, aka\n CID-c444eb564fb1.(CVE-2020-29368)An issue was\n discovered in kmem_cache_alloc_bulk in mm/slub.c in the\n Linux kernel before 5.5.11. The slowpath lacks the\n required TID increment, aka\n CID-fd4d9c7d0c71.(CVE-2020-29370)An issue was\n discovered in romfs_dev_read in fs/romfs/storage.c in\n the Linux kernel before 5.8.4. Uninitialized memory\n leaks to userspace, aka\n CID-bcf85fcedfdd.(CVE-2020-29371)An issue was\n discovered in the Linux kernel before 5.2.6. On NUMA\n systems, the Linux fair scheduler has a use-after-free\n in show_numa_stats() because NUMA fault statistics are\n inappropriately freed, aka\n CID-16d51a590a8c.(CVE-2019-20934)kernel:use-after-free\n read in sunkbd_reinit in\n drivers/input/keyboard/sunkbd.c(CVE-2020-25669)A buffer\n over-read (at the framebuffer layer) in the fbcon code\n in the Linux kernel before 5.8.15 could be used by\n local attackers to read kernel memory, aka\n CID-6735b4632def.(CVE-2020-28915)IBM Power9 (AIX 7.1,\n 7.2, and VIOS 3.1) processors could allow a local user\n to obtain sensitive information from the data in the L1\n cache under extenuating circumstances. IBM X-Force ID:\n 189296.(CVE-2020-4788)kernel: powerpc: RTAS calls can\n be used to compromise kernel\n integrity(CVE-2020-27777)There is a use-after-free in\n kernel versions before 5.5 due to a race condition\n between the release of ptp_clock and cdev while\n resource deallocation. When a (high privileged) process\n allocates a ptp device file (like /dev/ptpX) and\n voluntarily goes to sleep. During this time if the\n underlying device is removed, it can cause an\n exploitable condition as the process wakes up to\n terminate and clean all attached files. The system\n crashes due to the cdev structure being invalid (as\n already freed) which is pointed to by the\n inode.(CVE-2020-10690)An issue was discovered in the\n Linux kernel through 5.9.1, as used with Xen through\n 4.14.x. Guest OS users can cause a denial of service\n (host OS hang) via a high rate of events to dom0, aka\n CID-e99502f76271.(CVE-2020-27673)An issue was\n discovered in the Linux kernel through 5.9.1, as used\n with Xen through 4.14.x.\n drivers/xen/events/events_base.c allows event-channel\n removal during the event-handling loop (a race\n condition). This can cause a use-after-free or NULL\n pointer dereference, as demonstrated by a dom0 crash\n via events for an in-reconfiguration paravirtualized\n device, aka CID-073d0552ead5.(CVE-2020-27675)A flaw\n memory leak in the Linux kernel performance monitoring\n subsystem was found in the way if using\n PERF_EVENT_IOC_SET_FILTER. A local user could use this\n flaw to starve the resources causing denial of\n service.(CVE-2020-25704)Insufficient access control in\n the Linux kernel driver for some Intel(R) Processors\n may allow an authenticated user to potentially enable\n information disclosure via local\n access.(CVE-2020-8694)kernel: race condition in\n fg_console can lead to use-after-free in\n con_font_op(CVE-2020-25668)A flaw in the way reply ICMP\n packets are limited in the Linux kernel functionality\n was found that allows to quickly scan open UDP ports.\n This flaw allows an off-path remote user to effectively\n bypassing source port UDP randomization. The highest\n threat from this vulnerability is to confidentiality\n and possibly integrity, because software that relies on\n UDP source port randomization are indirectly affected\n as well. Kernel versions before 5.10 may be vulnerable\n to this issue.(CVE-2020-25705)A slab-out-of-bounds read\n in fbcon in the Linux kernel before 5.9.7 could be used\n by local attackers to read privileged information or\n potentially crash the kernel, aka CID-3c4e0dff2095.\n This occurs because KD_FONT_OP_COPY in\n drivers/tty/vt/vt.c can be used for manipulations such\n as font height.(CVE-2020-28974)A flaw was found in the\n Linux kernel. A use-after-free was found in the way the\n console subsystem was using ioctls KDGKBSENT and\n KDSKBSENT. A local user could use this flaw to get read\n memory access out of bounds. The highest threat from\n this vulnerability is to data\n confidentiality.(CVE-2020-25656)In kbd_keycode of\n keyboard.c, there is a possible out of bounds write due\n to a missing bounds check. This could lead to local\n escalation of privilege with no additional execution\n privileges needed. User interaction is not needed for\n exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-144161459(CVE-2020-0431)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2514\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bc260590\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27777\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-25669\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"bpftool-4.19.36-vhulk1907.1.0.h906.eulerosv2r8\",\n \"kernel-4.19.36-vhulk1907.1.0.h906.eulerosv2r8\",\n \"kernel-devel-4.19.36-vhulk1907.1.0.h906.eulerosv2r8\",\n \"kernel-headers-4.19.36-vhulk1907.1.0.h906.eulerosv2r8\",\n \"kernel-source-4.19.36-vhulk1907.1.0.h906.eulerosv2r8\",\n \"kernel-tools-4.19.36-vhulk1907.1.0.h906.eulerosv2r8\",\n \"kernel-tools-libs-4.19.36-vhulk1907.1.0.h906.eulerosv2r8\",\n \"perf-4.19.36-vhulk1907.1.0.h906.eulerosv2r8\",\n \"python-perf-4.19.36-vhulk1907.1.0.h906.eulerosv2r8\",\n \"python3-perf-4.19.36-vhulk1907.1.0.h906.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:54:48", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.(CVE-2020-36158)\n\n - A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.(CVE-2020-25656)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14351)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.(CVE-2020-27777)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.(CVE-2020-29661)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.(CVE-2020-29660)\n\n - An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.(CVE-2019-20934)\n\n - A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation.(CVE-2020-27786)\n\n - An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4.\n Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.(CVE-2020-29371)\n\n - In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.(CVE-2019-9456)\n\n - A stack information leak flaw was found in s390/s390x in the Linux kernel's memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data.(CVE-2020-10773)\n\n - A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter.(CVE-2020-12114)\n\n - An out-of-bounds memory write flaw was found in how the Linux kernel's Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720.\n This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-14305)\n\n - Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.(CVE-2020-15436)\n\n - The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.(CVE-2020-15437)\n\n - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.(CVE-2020-28915)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.(CVE-2020-28974)\n\n - In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:\n Android-10Android ID: A-153467744(CVE-2020-0305)\n\n - Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.(CVE-2020-12352)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-02-22T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : kernel (EulerOS-SA-2021-1311)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-20934", "CVE-2019-9456", "CVE-2020-0305", "CVE-2020-10773", "CVE-2020-12114", "CVE-2020-12352", "CVE-2020-14305", "CVE-2020-14351", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25656", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29371", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158"], "modified": "2021-02-24T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debug", "p-cpe:/a:huawei:euleros:kernel-debug-devel", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1311.NASL", "href": "https://www.tenable.com/plugins/nessus/146701", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146701);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/24\");\n\n script_cve_id(\n \"CVE-2019-20934\",\n \"CVE-2019-9456\",\n \"CVE-2020-0305\",\n \"CVE-2020-10773\",\n \"CVE-2020-12114\",\n \"CVE-2020-12352\",\n \"CVE-2020-14305\",\n \"CVE-2020-14351\",\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25656\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\",\n \"CVE-2020-29371\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : kernel (EulerOS-SA-2021-1311)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - mwifiex_cmd_802_11_ad_hoc_start in\n drivers/net/wireless/marvell/mwifiex/join.c in the\n Linux kernel through 5.10.4 might allow remote\n attackers to execute arbitrary code via a long SSID\n value, aka CID-5c455c5ab332.(CVE-2020-36158)\n\n - A flaw was found in the Linux kernel. A use-after-free\n was found in the way the console subsystem was using\n ioctls KDGKBSENT and KDSKBSENT. A local user could use\n this flaw to get read memory access out of bounds. The\n highest threat from this vulnerability is to data\n confidentiality.(CVE-2020-25656)\n\n - A flaw was found in the Linux kernel. A use-after-free\n memory flaw was found in the perf subsystem allowing a\n local attacker with permission to monitor perf events\n to corrupt memory and possibly escalate privileges. The\n highest threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability.(CVE-2020-14351)\n\n - A flaw was found in the way RTAS handled memory\n accesses in userspace to kernel communication. On a\n locked down (usually due to Secure Boot) guest system\n running on top of PowerVM or KVM hypervisors (pseries\n platform) a root like local user could use this flaw to\n further increase their privileges to that of a running\n kernel.(CVE-2020-27777)\n\n - A locking issue was discovered in the tty subsystem of\n the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free\n attack against TIOCSPGRP, aka\n CID-54ffccbf053b.(CVE-2020-29661)\n\n - A locking inconsistency issue was discovered in the tty\n subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may\n allow a read-after-free attack against TIOCGSID, aka\n CID-c8bcd9c5be24.(CVE-2020-29660)\n\n - An issue was discovered in the Linux kernel before\n 5.2.6. On NUMA systems, the Linux fair scheduler has a\n use-after-free in show_numa_stats() because NUMA fault\n statistics are inappropriately freed, aka\n CID-16d51a590a8c.(CVE-2019-20934)\n\n - A flaw was found in the Linux kernels implementation of\n MIDI, where an attacker with a local account and the\n permissions to issue an ioctl commands to midi devices,\n could trigger a use-after-free. A write to this\n specific memory while freed and before use could cause\n the flow of execution to change and possibly allow for\n memory corruption or privilege\n escalation.(CVE-2020-27786)\n\n - An issue was discovered in romfs_dev_read in\n fs/romfs/storage.c in the Linux kernel before 5.8.4.\n Uninitialized memory leaks to userspace, aka\n CID-bcf85fcedfdd.(CVE-2020-29371)\n\n - In the Android kernel in Pixel C USB monitor driver\n there is a possible OOB write due to a missing bounds\n check. This could lead to local escalation of privilege\n with System execution privileges needed. User\n interaction is not needed for\n exploitation.(CVE-2019-9456)\n\n - A stack information leak flaw was found in s390/s390x\n in the Linux kernel's memory manager functionality,\n where it incorrectly writes to the\n /proc/sys/vm/cmm_timeout file. This flaw allows a local\n user to see the kernel data.(CVE-2020-10773)\n\n - A pivot_root race condition in fs/namespace.c in the\n Linux kernel 4.4.x before 4.4.221, 4.9.x before\n 4.9.221, 4.14.x before 4.14.178, 4.19.x before\n 4.19.119, and 5.x before 5.3 allows local users to\n cause a denial of service (panic) by corrupting a\n mountpoint reference counter.(CVE-2020-12114)\n\n - An out-of-bounds memory write flaw was found in how the\n Linux kernel's Voice Over IP H.323 connection tracking\n functionality handled connections on ipv6 port 1720.\n This flaw allows an unauthenticated remote user to\n crash the system, causing a denial of service. The\n highest threat from this vulnerability is to\n confidentiality, integrity, as well as system\n availability.(CVE-2020-14305)\n\n - Use-after-free vulnerability in fs/block_dev.c in the\n Linux kernel before 5.8 allows local users to gain\n privileges or cause a denial of service by leveraging\n improper access to a certain error\n field.(CVE-2020-15436)\n\n - The Linux kernel before version 5.8 is vulnerable to a\n NULL pointer dereference in\n drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of\n service by using the p->serial_in pointer which\n uninitialized.(CVE-2020-15437)\n\n - A buffer over-read (at the framebuffer layer) in the\n fbcon code in the Linux kernel before 5.8.15 could be\n used by local attackers to read kernel memory, aka\n CID-6735b4632def.(CVE-2020-28915)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel\n before 5.9.7 could be used by local attackers to read\n privileged information or potentially crash the kernel,\n aka CID-3c4e0dff2095. This occurs because\n KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for\n manipulations such as font height.(CVE-2020-28974)\n\n - In cdev_get of char_dev.c, there is a possible\n use-after-free due to a race condition. This could lead\n to local escalation of privilege with System execution\n privileges needed. User interaction is not needed for\n exploitation.Product: AndroidVersions:\n Android-10Android ID: A-153467744(CVE-2020-0305)\n\n - Improper access control in BlueZ may allow an\n unauthenticated user to potentially enable information\n disclosure via adjacent access.(CVE-2020-12352)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1311\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a5285fd5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-327.62.59.83.h255\",\n \"kernel-debug-3.10.0-327.62.59.83.h255\",\n \"kernel-debug-devel-3.10.0-327.62.59.83.h255\",\n \"kernel-debuginfo-3.10.0-327.62.59.83.h255\",\n \"kernel-debuginfo-common-x86_64-3.10.0-327.62.59.83.h255\",\n \"kernel-devel-3.10.0-327.62.59.83.h255\",\n \"kernel-headers-3.10.0-327.62.59.83.h255\",\n \"kernel-tools-3.10.0-327.62.59.83.h255\",\n \"kernel-tools-libs-3.10.0-327.62.59.83.h255\",\n \"perf-3.10.0-327.62.59.83.h255\",\n \"python-perf-3.10.0-327.62.59.83.h255\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2022-05-13T15:09:22", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.(CVE-2020-36158)\n\n - Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.(CVE-2020-0543)\n\n - An infinite loop issue was found in the vhost_net kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handle_rx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.(CVE-2019-3900)\n\n - In pppol2tp_connect, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-38159931.(CVE-2018-9517)\n\n - A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction mechanism.\n But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that host has 'TSX' enabled. Confidentiality of data is the highest threat associated with this vulnerability.(CVE-2019-19338)\n\n - There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.(CVE-2020-10690)\n\n - Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.(CVE-2020-12351)\n\n - A flaw was found in the Linux kernels implementation of MIDI, where an attacker with a local account and the permissions to issue an ioctl commands to midi devices, could trigger a use-after-free. A write to this specific memory while freed and before use could cause the flow of execution to change and possibly allow for memory corruption or privilege escalation.(CVE-2020-27786)\n\n - use-after-free read in sunkbd_reinit in drivers/input/keyboard/sunkbd.c(CVE-2020-25669)\n\n - A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.(CVE-2020-27777)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.(CVE-2020-29660)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.(CVE-2020-29661)\n\n - An out-of-bounds memory write flaw was found in how the Linux kernel's Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720.\n This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-14305)\n\n - An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.(CVE-2019-20934)\n\n - IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances. IBM X-Force ID:\n 189296.(CVE-2020-4788)\n\n - A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.(CVE-2020-25704)\n\n - An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.(CVE-2020-29370)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.(CVE-2020-28974)\n\n - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.(CVE-2020-28915)\n\n - An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4.\n Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.(CVE-2020-29371)\n\n - Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.(CVE-2020-15436)\n\n - The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.(CVE-2020-15437)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-24T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : kernel (EulerOS-SA-2021-1684)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-9517", "CVE-2019-11135", "CVE-2019-19338", "CVE-2019-20934", "CVE-2019-3900", "CVE-2020-0543", "CVE-2020-10690", "CVE-2020-12351", "CVE-2020-14305", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25669", "CVE-2020-25704", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29370", "CVE-2020-29371", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158", "CVE-2020-4788"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1684.NASL", "href": "https://www.tenable.com/plugins/nessus/148041", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148041);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2018-9517\",\n \"CVE-2019-3900\",\n \"CVE-2019-19338\",\n \"CVE-2019-20934\",\n \"CVE-2020-0543\",\n \"CVE-2020-4788\",\n \"CVE-2020-10690\",\n \"CVE-2020-12351\",\n \"CVE-2020-14305\",\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25669\",\n \"CVE-2020-25704\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\",\n \"CVE-2020-29370\",\n \"CVE-2020-29371\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : kernel (EulerOS-SA-2021-1684)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - mwifiex_cmd_802_11_ad_hoc_start in\n drivers/net/wireless/marvell/mwifiex/join.c in the\n Linux kernel through 5.10.4 might allow remote\n attackers to execute arbitrary code via a long SSID\n value, aka CID-5c455c5ab332.(CVE-2020-36158)\n\n - Incomplete cleanup from specific special register read\n operations in some Intel(R) Processors may allow an\n authenticated user to potentially enable information\n disclosure via local access.(CVE-2020-0543)\n\n - An infinite loop issue was found in the vhost_net\n kernel module in Linux Kernel up to and including\n v5.1-rc6, while handling incoming packets in\n handle_rx(). It could occur if one end sends packets\n faster than the other end can process them. A guest\n user, maybe remote one, could use this flaw to stall\n the vhost_net kernel thread, resulting in a DoS\n scenario.(CVE-2019-3900)\n\n - In pppol2tp_connect, there is possible memory\n corruption due to a use after free. This could lead to\n local escalation of privilege with System execution\n privileges needed. User interaction is not needed for\n exploitation. Product: Android. Versions: Android\n kernel. Android ID: A-38159931.(CVE-2018-9517)\n\n - A flaw was found in the fix for CVE-2019-11135, in the\n Linux upstream kernel versions before 5.5 where, the\n way Intel CPUs handle speculative execution of\n instructions when a TSX Asynchronous Abort (TAA) error\n occurs. When a guest is running on a host CPU affected\n by the TAA flaw (TAA_NO=0), but is not affected by the\n MDS issue (MDS_NO=1), the guest was to clear the\n affected buffers by using a VERW instruction mechanism.\n But when the MDS_NO=1 bit was exported to the guests,\n the guests did not use the VERW mechanism to clear the\n affected buffers. This issue affects guests running on\n Cascade Lake CPUs and requires that host has 'TSX'\n enabled. Confidentiality of data is the highest threat\n associated with this vulnerability.(CVE-2019-19338)\n\n - There is a use-after-free in kernel versions before 5.5\n due to a race condition between the release of\n ptp_clock and cdev while resource deallocation. When a\n (high privileged) process allocates a ptp device file\n (like /dev/ptpX) and voluntarily goes to sleep. During\n this time if the underlying device is removed, it can\n cause an exploitable condition as the process wakes up\n to terminate and clean all attached files. The system\n crashes due to the cdev structure being invalid (as\n already freed) which is pointed to by the\n inode.(CVE-2020-10690)\n\n - Improper input validation in BlueZ may allow an\n unauthenticated user to potentially enable escalation\n of privilege via adjacent access.(CVE-2020-12351)\n\n - A flaw was found in the Linux kernels implementation of\n MIDI, where an attacker with a local account and the\n permissions to issue an ioctl commands to midi devices,\n could trigger a use-after-free. A write to this\n specific memory while freed and before use could cause\n the flow of execution to change and possibly allow for\n memory corruption or privilege\n escalation.(CVE-2020-27786)\n\n - use-after-free read in sunkbd_reinit in\n drivers/input/keyboard/sunkbd.c(CVE-2020-25669)\n\n - A flaw was found in the way RTAS handled memory\n accesses in userspace to kernel communication. On a\n locked down (usually due to Secure Boot) guest system\n running on top of PowerVM or KVM hypervisors (pseries\n platform) a root like local user could use this flaw to\n further increase their privileges to that of a running\n kernel.(CVE-2020-27777)\n\n - A locking inconsistency issue was discovered in the tty\n subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may\n allow a read-after-free attack against TIOCGSID, aka\n CID-c8bcd9c5be24.(CVE-2020-29660)\n\n - A locking issue was discovered in the tty subsystem of\n the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free\n attack against TIOCSPGRP, aka\n CID-54ffccbf053b.(CVE-2020-29661)\n\n - An out-of-bounds memory write flaw was found in how the\n Linux kernel's Voice Over IP H.323 connection tracking\n functionality handled connections on ipv6 port 1720.\n This flaw allows an unauthenticated remote user to\n crash the system, causing a denial of service. The\n highest threat from this vulnerability is to\n confidentiality, integrity, as well as system\n availability.(CVE-2020-14305)\n\n - An issue was discovered in the Linux kernel before\n 5.2.6. On NUMA systems, the Linux fair scheduler has a\n use-after-free in show_numa_stats() because NUMA fault\n statistics are inappropriately freed, aka\n CID-16d51a590a8c.(CVE-2019-20934)\n\n - IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors\n could allow a local user to obtain sensitive\n information from the data in the L1 cache under\n extenuating circumstances. IBM X-Force ID:\n 189296.(CVE-2020-4788)\n\n - A flaw memory leak in the Linux kernel performance\n monitoring subsystem was found in the way if using\n PERF_EVENT_IOC_SET_FILTER. A local user could use this\n flaw to starve the resources causing denial of\n service.(CVE-2020-25704)\n\n - An issue was discovered in kmem_cache_alloc_bulk in\n mm/slub.c in the Linux kernel before 5.5.11. The\n slowpath lacks the required TID increment, aka\n CID-fd4d9c7d0c71.(CVE-2020-29370)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel\n before 5.9.7 could be used by local attackers to read\n privileged information or potentially crash the kernel,\n aka CID-3c4e0dff2095. This occurs because\n KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for\n manipulations such as font height.(CVE-2020-28974)\n\n - A buffer over-read (at the framebuffer layer) in the\n fbcon code in the Linux kernel before 5.8.15 could be\n used by local attackers to read kernel memory, aka\n CID-6735b4632def.(CVE-2020-28915)\n\n - An issue was discovered in romfs_dev_read in\n fs/romfs/storage.c in the Linux kernel before 5.8.4.\n Uninitialized memory leaks to userspace, aka\n CID-bcf85fcedfdd.(CVE-2020-29371)\n\n - Use-after-free vulnerability in fs/block_dev.c in the\n Linux kernel before 5.8 allows local users to gain\n privileges or cause a denial of service by leveraging\n improper access to a certain error\n field.(CVE-2020-15436)\n\n - The Linux kernel before version 5.8 is vulnerable to a\n NULL pointer dereference in\n drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of\n service by using the p->serial_in pointer which\n uninitialized.(CVE-2020-15437)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1684\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0a74b185\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-14305\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-12351\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-862.14.1.5.h520.eulerosv2r7\",\n \"kernel-devel-3.10.0-862.14.1.5.h520.eulerosv2r7\",\n \"kernel-headers-3.10.0-862.14.1.5.h520.eulerosv2r7\",\n \"kernel-tools-3.10.0-862.14.1.5.h520.eulerosv2r7\",\n \"kernel-tools-libs-3.10.0-862.14.1.5.h520.eulerosv2r7\",\n \"perf-3.10.0-862.14.1.5.h520.eulerosv2r7\",\n \"python-perf-3.10.0-862.14.1.5.h520.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2022-05-13T14:59:44", "description": "The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349).\n\nCVE-2020-25211: Fixed a buffer overflow in ctnetlink_parse_tuple_filter() which could be triggered by a local attackers by injecting conntrack netlink configuration (bnc#1176395).\n\nCVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found, specifically in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878).\n\nCVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509).\n\nCVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666).\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559).\n\nCVE-2020-11668: Fixed the mishandling of invalid descriptors in the Xirlink camera USB driver (bnc#1168952).\n\nCVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers in mm/hugetlb.c (bnc#1176485).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed (bsc#1179663).\n\nCVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation (bnc#1105322).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2021-02-16T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0452-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-10902", "CVE-2019-20934", "CVE-2020-0444", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-11668", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25211", "CVE-2020-25285", "CVE-2020-25669", "CVE-2020-27068", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-27825", "CVE-2020-27835", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158", "CVE-2020-4788", "CVE-2021-3347"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-kgraft", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_138-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_138-default-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-0452-1.NASL", "href": "https://www.tenable.com/plugins/nessus/146511", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0452-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146511);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2018-10902\",\n \"CVE-2019-20934\",\n \"CVE-2020-0444\",\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-4788\",\n \"CVE-2020-11668\",\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25211\",\n \"CVE-2020-25285\",\n \"CVE-2020-25669\",\n \"CVE-2020-27068\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-27825\",\n \"CVE-2020-27835\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\",\n \"CVE-2020-29568\",\n \"CVE-2020-29569\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\",\n \"CVE-2021-3347\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0452-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3347: A use-after-free was discovered in the PI futexes\nduring fault handling, allowing local users to execute code in the\nkernel (bnc#1181349).\n\nCVE-2020-25211: Fixed a buffer overflow in\nctnetlink_parse_tuple_filter() which could be triggered by a local\nattackers by injecting conntrack netlink configuration (bnc#1176395).\n\nCVE-2020-27835: A use-after-free in the infiniband hfi1 driver was\nfound, specifically in the way user calls Ioctl after open dev file\nand fork. A local user could use this flaw to crash the system\n(bnc#1179878).\n\nCVE-2020-29569: Fixed a potential privilege escalation and information\nleaks related to the PV block backend, as used by Xen (bnc#1179509).\n\nCVE-2020-29568: Fixed a denial of service issue, related to processing\nwatch events (bnc#1179508).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in\naudit_data_to_entry (bnc#1180027).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in\nhid-multitouch.c that could have led to local privilege escalation\n(bnc#1180029).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in\ndo_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have\nallowed a local user to obtain sensitive information from the data in\nthe L1 cache under extenuating circumstances (bsc#1177666).\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c\nwhich could have allowed local users to gain privileges or cause a\ndenial of service (bsc#1179141).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds\ncheck in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time\nAbstraction Services (RTAS) interface, affecting guests running on top\nof PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2020-27786: Fixed an out-of-bounds write in the MIDI\nimplementation (bnc#1179601).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls\n(bsc#1179960).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem\nthat may have allowed a read-after-free attack against TIOCGSID\n(bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that\nallowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could\nhave been used by local attackers to read privileged information or\npotentially crash the kernel (bsc#1178589).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could\nhave been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit()\n(bsc#1178182).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have\nallowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell\nmwifiex driver (bsc#1180559).\n\nCVE-2020-11668: Fixed the mishandling of invalid descriptors in the\nXirlink camera USB driver (bnc#1168952).\n\nCVE-2020-25285: Fixed a race condition between hugetlb sysctl handlers\nin mm/hugetlb.c (bnc#1176485).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because\nNUMA fault statistics were inappropriately freed (bsc#1179663).\n\nCVE-2018-10902: It was found that the raw midi kernel driver did not\nprotect against concurrent access which leads to a double realloc\n(double free) in snd_rawmidi_input_params() and\nsnd_rawmidi_output_status() which are part of snd_rawmidi_ioctl()\nhandler in rawmidi.c file. A malicious local attacker could possibly\nuse this for privilege escalation (bnc#1105322).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1105323\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1139944\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168952\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178182\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178272\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179508\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180562\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180815\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181096\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181553\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=969755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2018-10902/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-20934/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0444/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0465/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0466/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-11668/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15436/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15437/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25211/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25285/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25669/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27068/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27786/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27825/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27835/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28915/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28974/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29568/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29569/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29661/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36158/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-4788/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3347/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210452-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d5c68770\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-452=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2021-452=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2021-452=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-452=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-452=1\n\nSUSE Linux Enterprise High Availability 12-SP3 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP3-2021-452=1\n\nSUSE Enterprise Storage 5 :\n\nzypper in -t patch SUSE-Storage-5-2021-452=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2021-452=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3347\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-29569\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_138-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_138-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-kgraft-4.4.180-94.138.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_138-default-1-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_138-default-debuginfo-1-4.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.180-94.138.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-4.4.180-94.138.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-4.4.180-94.138.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-debuginfo-4.4.180-94.138.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debuginfo-4.4.180-94.138.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debugsource-4.4.180-94.138.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-devel-4.4.180-94.138.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-syms-4.4.180-94.138.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-13T15:00:17", "description": "The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349).\n\nCVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509).\n\nCVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508).\n\nCVE-2020-25211: Fixed a flaw where a local attacker was able to inject conntrack netlink configuration that could cause a denial of service or trigger the use of incorrect protocol numbers in ctnetlink_parse_tuple_filter (bnc#1176395).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).\n\nCVE-2020-25285: A race condition between hugetlb sysctl handlers in mm/hugetlb.c could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact (bnc#1176485 ).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have allowed local users to cause a denial of service (bsc#1179140).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559).\n\nCVE-2020-11668: Fixed the mishandling of invalid descriptors in the Xirlink camera USB driver (bnc#1168952).\n\nCVE-2020-25668: Fixed a use-after-free in con_font_op() (bsc#1178123).\n\nCVE-2020-27673: Fixed an issue where rogue guests could have caused denial of service of Dom0 via high frequency events (XSA-332 bsc#1177411)\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed (bsc#1179663).\n\nCVE-2019-19063: Fixed two memory leaks in the rtl_usb_probe() which could eventually have allowed attackers to cause a denial of service (memory consumption) (bnc#1157298 ).\n\nCVE-2019-6133: Fixed an issue where the 'start time' protection mechanism could have been bypassed and therefore authorization decisions are improperly cached (bsc#1128172).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2021-02-12T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0437-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19063", "CVE-2019-20934", "CVE-2019-6133", "CVE-2020-0444", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-11668", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25211", "CVE-2020-25285", "CVE-2020-25668", "CVE-2020-25669", "CVE-2020-27068", "CVE-2020-27673", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-27825", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158", "CVE-2021-3347"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_149-default", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-0437-1.NASL", "href": "https://www.tenable.com/plugins/nessus/146476", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0437-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146476);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2019-6133\",\n \"CVE-2019-19063\",\n \"CVE-2019-20934\",\n \"CVE-2020-0444\",\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-11668\",\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25211\",\n \"CVE-2020-25285\",\n \"CVE-2020-25668\",\n \"CVE-2020-25669\",\n \"CVE-2020-27068\",\n \"CVE-2020-27673\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-27825\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\",\n \"CVE-2020-29568\",\n \"CVE-2020-29569\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\",\n \"CVE-2021-3347\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0437-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3347: A use-after-free was discovered in the PI futexes\nduring fault handling, allowing local users to execute code in the\nkernel (bnc#1181349).\n\nCVE-2020-29569: Fixed a potential privilege escalation and information\nleaks related to the PV block backend, as used by Xen (bnc#1179509).\n\nCVE-2020-29568: Fixed a denial of service issue, related to processing\nwatch events (bnc#1179508).\n\nCVE-2020-25211: Fixed a flaw where a local attacker was able to inject\nconntrack netlink configuration that could cause a denial of service\nor trigger the use of incorrect protocol numbers in\nctnetlink_parse_tuple_filter (bnc#1176395).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in\naudit_data_to_entry (bnc#1180027).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in\nhid-multitouch.c that could have led to local privilege escalation\n(bnc#1180029).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in\ndo_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c\nwhich could have allowed local users to gain privileges or cause a\ndenial of service (bsc#1179141).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds\ncheck in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time\nAbstraction Services (RTAS) interface, affecting guests running on top\nof PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2020-27786: Fixed an out-of-bounds write in the MIDI\nimplementation (bnc#1179601).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls\n(bsc#1179960).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem\nthat may have allowed a read-after-free attack against TIOCGSID\n(bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that\nallowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could\nhave been used by local attackers to read privileged information or\npotentially crash the kernel (bsc#1178589).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could\nhave been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit()\n(bsc#1178182).\n\nCVE-2020-25285: A race condition between hugetlb sysctl handlers in\nmm/hugetlb.c could be used by local attackers to corrupt memory, cause\na NULL pointer dereference, or possibly have unspecified other impact\n(bnc#1176485 ).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have\nallowed local users to cause a denial of service (bsc#1179140).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell\nmwifiex driver (bsc#1180559).\n\nCVE-2020-11668: Fixed the mishandling of invalid descriptors in the\nXirlink camera USB driver (bnc#1168952).\n\nCVE-2020-25668: Fixed a use-after-free in con_font_op() (bsc#1178123).\n\nCVE-2020-27673: Fixed an issue where rogue guests could have caused\ndenial of service of Dom0 via high frequency events (XSA-332\nbsc#1177411)\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because\nNUMA fault statistics were inappropriately freed (bsc#1179663).\n\nCVE-2019-19063: Fixed two memory leaks in the rtl_usb_probe() which\ncould eventually have allowed attackers to cause a denial of service\n(memory consumption) (bnc#1157298 ).\n\nCVE-2019-6133: Fixed an issue where the 'start time' protection\nmechanism could have been bypassed and therefore authorization\ndecisions are improperly cached (bsc#1128172).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1070943\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121826\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1121872\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1157298\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168952\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177411\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178123\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178182\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179204\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179508\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180562\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=969755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-19063/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-20934/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-6133/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0444/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0465/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0466/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-11668/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15436/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15437/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25211/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25285/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25668/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25669/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27068/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27673/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27786/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27825/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28915/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28974/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29568/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29569/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29661/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36158/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3347/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210437-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3d1eb94b\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2021-437=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2021-437=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-437=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-437=1\n\nSUSE Linux Enterprise High Availability 12-SP2 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP2-2021-437=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3347\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-29569\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_149-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_149-default-1-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.121-92.149.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-4.4.121-92.149.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-base-4.4.121-92.149.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-base-debuginfo-4.4.121-92.149.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-debuginfo-4.4.121-92.149.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-debugsource-4.4.121-92.149.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-devel-4.4.121-92.149.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-syms-4.4.121-92.149.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-13T15:01:01", "description": "The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3348: Fixed a use-after-free in nbd_add_socket() that could be triggered by local attackers (with access to the nbd device) via an I/O request (bnc#1181504).\n\nCVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349).\n\nCVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found, specifically in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878).\n\nCVE-2020-25211: Fixed a buffer overflow in ctnetlink_parse_tuple_filter() which could be triggered by a local attackers by injecting conntrack netlink configuration (bnc#1176395).\n\nCVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc#1176846).\n\nCVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509).\n\nCVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666).\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace (bsc#1179429).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559).\n\nCVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed (bsc#1179663).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2021-02-12T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0434-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-20934", "CVE-2020-0444", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25211", "CVE-2020-25639", "CVE-2020-25669", "CVE-2020-27068", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-27825", "CVE-2020-27835", "CVE-2020-28374", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29371", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158", "CVE-2020-4788", "CVE-2021-3347", "CVE-2021-3348"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-0434-1.NASL", "href": "https://www.tenable.com/plugins/nessus/146470", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0434-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146470);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2019-20934\",\n \"CVE-2020-0444\",\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-4788\",\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25211\",\n \"CVE-2020-25639\",\n \"CVE-2020-25669\",\n \"CVE-2020-27068\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-27825\",\n \"CVE-2020-27835\",\n \"CVE-2020-28374\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\",\n \"CVE-2020-29371\",\n \"CVE-2020-29568\",\n \"CVE-2020-29569\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\",\n \"CVE-2021-3347\",\n \"CVE-2021-3348\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0434-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3348: Fixed a use-after-free in nbd_add_socket() that could\nbe triggered by local attackers (with access to the nbd device) via an\nI/O request (bnc#1181504).\n\nCVE-2021-3347: A use-after-free was discovered in the PI futexes\nduring fault handling, allowing local users to execute code in the\nkernel (bnc#1181349).\n\nCVE-2020-27835: A use-after-free in the infiniband hfi1 driver was\nfound, specifically in the way user calls Ioctl after open dev file\nand fork. A local user could use this flaw to crash the system\n(bnc#1179878).\n\nCVE-2020-25211: Fixed a buffer overflow in\nctnetlink_parse_tuple_filter() which could be triggered by a local\nattackers by injecting conntrack netlink configuration (bnc#1176395).\n\nCVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl\n(bnc#1176846).\n\nCVE-2020-29569: Fixed a potential privilege escalation and information\nleaks related to the PV block backend, as used by Xen (bnc#1179509).\n\nCVE-2020-29568: Fixed a denial of service issue, related to processing\nwatch events (bnc#1179508).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in\naudit_data_to_entry (bnc#1180027).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in\nhid-multitouch.c that could have led to local privilege escalation\n(bnc#1180029).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in\ndo_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have\nallowed a local user to obtain sensitive information from the data in\nthe L1 cache under extenuating circumstances (bsc#1177666).\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c\nwhich could have allowed local users to gain privileges or cause a\ndenial of service (bsc#1179141).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds\ncheck in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time\nAbstraction Services (RTAS) interface, affecting guests running on top\nof PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2020-27786: Fixed an out-of-bounds write in the MIDI\nimplementation (bnc#1179601).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls\n(bsc#1179960).\n\nCVE-2020-29371: Fixed uninitialized memory leaks to userspace\n(bsc#1179429).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem\nthat may have allowed a read-after-free attack against TIOCGSID\n(bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that\nallowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could\nhave been used by local attackers to read privileged information or\npotentially crash the kernel (bsc#1178589).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could\nhave been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit()\n(bsc#1178182).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have\nallowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell\nmwifiex driver (bsc#1180559).\n\nCVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because\nNUMA fault statistics were inappropriately freed (bsc#1179663).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144912\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1158775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163727\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1171979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176846\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176962\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178036\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178182\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178684\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179508\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180562\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180676\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181504\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181553\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-20934/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0444/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0465/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0466/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15436/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15437/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25211/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25639/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25669/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27068/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27786/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27825/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27835/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28374/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28915/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28974/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29371/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29568/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29569/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29661/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36158/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-4788/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3347/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3348/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210434-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c9d81a27\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-434=1\n\nSUSE OpenStack Cloud 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-9-2021-434=1\n\nSUSE Linux Enterprise Server for SAP 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP4-2021-434=1\n\nSUSE Linux Enterprise Server 12-SP4-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-434=1\n\nSUSE Linux Enterprise Live Patching 12-SP4 :\n\nzypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-434=1\n\nSUSE Linux Enterprise High Availability 12-SP4 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP4-2021-434=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3347\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-29569\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-95.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-95.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-4.12.14-95.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-base-4.12.14-95.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-base-debuginfo-4.12.14-95.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-debuginfo-4.12.14-95.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-debugsource-4.12.14-95.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-devel-4.12.14-95.68.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-syms-4.12.14-95.68.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-13T15:01:02", "description": "The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3348: Fixed a use-after-free in nbd_add_socket that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup (bnc#1181504).\n\nCVE-2021-3347: A use-after-free was discovered in the PI futexes during fault handling, allowing local users to execute code in the kernel (bnc#1181349).\n\nCVE-2020-25211: Fixed a buffer overflow in ctnetlink_parse_tuple_filter() which could be triggered by a local attackers by injecting conntrack netlink configuration (bnc#1176395).\n\nCVE-2020-27835: A use-after-free in the infiniband hfi1 driver was found, specifically in the way user calls Ioctl after open dev file and fork. A local user could use this flaw to crash the system (bnc#1179878).\n\nCVE-2020-29569: Fixed a potential privilege escalation and information leaks related to the PV block backend, as used by Xen (bnc#1179509).\n\nCVE-2020-29568: Fixed a denial of service issue, related to processing watch events (bnc#1179508).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in audit_data_to_entry (bnc#1180027).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in hid-multitouch.c that could have led to local privilege escalation (bnc#1180029).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in do_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have allowed a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances (bsc#1177666).\n\nCVE-2020-10781: A flaw was found in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device.\nWith this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable (bnc#1173074).\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c which could have allowed local users to gain privileges or cause a denial of service (bsc#1179141).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds check in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl (bnc#1176846).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time Abstraction Services (RTAS) interface, affecting guests running on top of PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2020-27786: Fixed an out-of-bounds write in the MIDI implementation (bnc#1179601).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls (bsc#1179960).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem that may have allowed a read-after-free attack against TIOCGSID (bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that allowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could have been used by local attackers to read privileged information or potentially crash the kernel (bsc#1178589).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could have been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit() (bsc#1178182).\n\nCVE-2020-29371: An issue was discovered in romfs_dev_read in fs/romfs/storage.c where uninitialized memory leaks to userspace (bnc#1179429).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have allowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell mwifiex driver (bsc#1180559).\n\nCVE-2020-11668: Fixed the mishandling of invalid descriptors in the Xirlink camera USB driver (bnc#1168952).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because NUMA fault statistics were inappropriately freed (bsc#1179663).\n\nCVE-2019-20806: Fixed a NULL pointer dereference in tw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c, which may cause denial of service (bnc#1172199).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2021-02-12T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0438-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-20806", "CVE-2019-20934", "CVE-2020-0444", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-10781", "CVE-2020-11668", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25211", "CVE-2020-25639", "CVE-2020-25669", "CVE-2020-27068", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-27825", "CVE-2020-27835", "CVE-2020-28374", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29371", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158", "CVE-2020-4788", "CVE-2021-3347", "CVE-2021-3348"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-0438-1.NASL", "href": "https://www.tenable.com/plugins/nessus/146474", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0438-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146474);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2019-20806\",\n \"CVE-2019-20934\",\n \"CVE-2020-0444\",\n \"CVE-2020-0465\",\n \"CVE-2020-0466\",\n \"CVE-2020-4788\",\n \"CVE-2020-10781\",\n \"CVE-2020-11668\",\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25211\",\n \"CVE-2020-25639\",\n \"CVE-2020-25669\",\n \"CVE-2020-27068\",\n \"CVE-2020-27777\",\n \"CVE-2020-27786\",\n \"CVE-2020-27825\",\n \"CVE-2020-27835\",\n \"CVE-2020-28374\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\",\n \"CVE-2020-29371\",\n \"CVE-2020-29568\",\n \"CVE-2020-29569\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\",\n \"CVE-2020-36158\",\n \"CVE-2021-3347\",\n \"CVE-2021-3348\"\n );\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0438-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3348: Fixed a use-after-free in nbd_add_socket that could be\ntriggered by local attackers (with access to the nbd device) via an\nI/O request at a certain point during device setup (bnc#1181504).\n\nCVE-2021-3347: A use-after-free was discovered in the PI futexes\nduring fault handling, allowing local users to execute code in the\nkernel (bnc#1181349).\n\nCVE-2020-25211: Fixed a buffer overflow in\nctnetlink_parse_tuple_filter() which could be triggered by a local\nattackers by injecting conntrack netlink configuration (bnc#1176395).\n\nCVE-2020-27835: A use-after-free in the infiniband hfi1 driver was\nfound, specifically in the way user calls Ioctl after open dev file\nand fork. A local user could use this flaw to crash the system\n(bnc#1179878).\n\nCVE-2020-29569: Fixed a potential privilege escalation and information\nleaks related to the PV block backend, as used by Xen (bnc#1179509).\n\nCVE-2020-29568: Fixed a denial of service issue, related to processing\nwatch events (bnc#1179508).\n\nCVE-2020-0444: Fixed a bad kfree due to a logic error in\naudit_data_to_entry (bnc#1180027).\n\nCVE-2020-0465: Fixed multiple missing bounds checks in\nhid-multitouch.c that could have led to local privilege escalation\n(bnc#1180029).\n\nCVE-2020-0466: Fixed a use-after-free due to a logic error in\ndo_epoll_ctl and ep_loop_check_proc of eventpoll.c (bnc#1180031).\n\nCVE-2020-4788: Fixed an issue with IBM Power9 processors could have\nallowed a local user to obtain sensitive information from the data in\nthe L1 cache under extenuating circumstances (bsc#1177666).\n\nCVE-2020-10781: A flaw was found in the ZRAM kernel module, where a\nuser with a local account and the ability to read the\n/sys/class/zram-control/hot_add file can create ZRAM device nodes in\nthe /dev/ directory. This read allocates kernel memory and is not\naccounted for a user that triggers the creation of that ZRAM device.\nWith this vulnerability, continually reading the device may consume a\nlarge amount of system memory and cause the Out-of-Memory (OOM) killer\nto activate and terminate random userspace processes, possibly making\nthe system inoperable (bnc#1173074).\n\nCVE-2020-15436: Fixed a use after free vulnerability in fs/block_dev.c\nwhich could have allowed local users to gain privileges or cause a\ndenial of service (bsc#1179141).\n\nCVE-2020-27068: Fixed an out-of-bounds read due to a missing bounds\ncheck in the nl80211_policy policy of nl80211.c (bnc#1180086).\n\nCVE-2020-25639: Fixed a NULL pointer dereference via nouveau ioctl\n(bnc#1176846).\n\nCVE-2020-27777: Fixed a privilege escalation in the Run-Time\nAbstraction Services (RTAS) interface, affecting guests running on top\nof PowerVM or KVM hypervisors (bnc#1179107).\n\nCVE-2020-27786: Fixed an out-of-bounds write in the MIDI\nimplementation (bnc#1179601).\n\nCVE-2020-27825: Fixed a race in the trace_open and buffer resize calls\n(bsc#1179960).\n\nCVE-2020-29660: Fixed a locking inconsistency in the tty subsystem\nthat may have allowed a read-after-free attack against TIOCGSID\n(bnc#1179745).\n\nCVE-2020-29661: Fixed a locking issue in the tty subsystem that\nallowed a use-after-free attack against TIOCSPGRP (bsc#1179745).\n\nCVE-2020-28974: Fixed a slab-out-of-bounds read in fbcon which could\nhave been used by local attackers to read privileged information or\npotentially crash the kernel (bsc#1178589).\n\nCVE-2020-28915: Fixed a buffer over-read in the fbcon code which could\nhave been used by local attackers to read kernel memory (bsc#1178886).\n\nCVE-2020-28374: Fixed a Linux SCSI target issue (bsc#1178372).\n\nCVE-2020-25669: Fixed a use-after-free read in sunkbd_reinit()\n(bsc#1178182).\n\nCVE-2020-29371: An issue was discovered in romfs_dev_read in\nfs/romfs/storage.c where uninitialized memory leaks to userspace\n(bnc#1179429).\n\nCVE-2020-15437: Fixed a NULL pointer dereference which could have\nallowed local users to cause a denial of service(bsc#1179140).\n\nCVE-2020-36158: Fixed a potential remote code execution in the Marvell\nmwifiex driver (bsc#1180559).\n\nCVE-2020-11668: Fixed the mishandling of invalid descriptors in the\nXirlink camera USB driver (bnc#1168952).\n\nCVE-2019-20934: Fixed a use-after-free in show_numa_stats() because\nNUMA fault statistics were inappropriately freed (bsc#1179663).\n\nCVE-2019-20806: Fixed a NULL pointer dereference in\ntw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c,\nwhich may cause denial of service (bnc#1172199).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1144912\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1149032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163840\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168952\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172199\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173074\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173942\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176846\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178182\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178272\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178589\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178684\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178886\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179071\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179419\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179508\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179601\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179616\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179663\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179745\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179877\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179961\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180008\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180027\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180029\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180031\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180032\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180052\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180086\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180559\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180562\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180676\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181349\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181504\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181553\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-20806/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2019-20934/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0444/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0465/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0466/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-10781/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-11668/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15436/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15437/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25211/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25639/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-25669/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27068/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27777/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27786/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27825/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27835/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28374/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28915/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-28974/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29371/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29568/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29569/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29661/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-36158/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-4788/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3347/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3348/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210438-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5f57dfef\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 15 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-438=1\n\nSUSE Linux Enterprise Server 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-2021-438=1\n\nSUSE Linux Enterprise Module for Live Patching 15 :\n\nzypper in -t patch SUSE-SLE-Module-Live-Patching-15-2021-438=1\n\nSUSE Linux Enterprise High Performance Computing 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2021-438=1\n\nSUSE Linux Enterprise High Performance Computing 15-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2021-438=1\n\nSUSE Linux Enterprise High Availability 15 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-2021-438=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3347\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2020-29569\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"s390x\") audit(AUDIT_ARCH_NOT, \"s390x\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-4.12.14-150.66.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-base-4.12.14-150.66.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-debuginfo-4.12.14-150.66.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-debugsource-4.12.14-150.66.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-devel-4.12.14-150.66.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-devel-debuginfo-4.12.14-150.66.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-150.66.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-obs-build-4.12.14-150.66.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-obs-build-debugsource-4.12.14-150.66.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-syms-4.12.14-150.66.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-vanilla-base-4.12.14-150.66.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-150.66.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-vanilla-debuginfo-4.12.14-150.66.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-vanilla-debugsource-4.12.14-150.66.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-150.66.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-150.66.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"reiserfs-kmp-default-4.12.14-150.66.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"reiserfs-kmp-default-debuginfo-4.12.14-150.66.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:51:11", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A stack information leak flaw was found in s390/s390x in the Linux kernel's memory manager functionality, where it incorrectly writes to the /proc/sys/vm/cmm_timeout file. This flaw allows a local user to see the kernel data.(CVE-2020-10773)\n\n - In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.(CVE-2019-9458)\n\n - An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.(CVE-2019-20934)\n\n - A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.(CVE-2020-29660)\n\n - An out-of-bounds memory write flaw was found in how the Linux kernel's Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720.\n This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-14305)\n\n - A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.(CVE-2020-29661)\n\n - An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4.\n Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.(CVE-2020-29371)\n\n - Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.(CVE-2020-15436)\n\n - The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.(CVE-2020-15437)\n\n - An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.(CVE-2020-29370)\n\n - A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-14351)\n\n - A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.(CVE-2020-28915)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.(CVE-2020-28974)\n\n - Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.(CVE-2020-12352)\n\n - In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:\n Android-10Android ID: A-153467744(CVE-2020-0305)\n\n - A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service.\n The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25643)\n\n - An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user 'root' with CAP_NET_ADMIN can create a CAN frame modification rule that makes the data length code a higher value than the available CAN frame data size. In combination with a configured checksum calculation where the result is stored relatively to the end of the data (e.g.\n cgw_csum_xor_rel) the tail of the skb (e.g. frag_list pointer in skb_shared_info) can be rewritten which finally can cause a system crash. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller's I/O memory when processing can-gw manipulated outgoing frames.(CVE-2019-3701)\n\n - In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.(CVE-2019-9456)\n\n - A pivot_root race condition in fs/ namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to cause a denial of service (panic) by corrupting a mountpoint reference counter.(CVE-2020-12114)\n\n - A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.(CVE-2020-25645)\n\n - In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-144161459(CVE-2020-0431)\n\n - In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-151939299(CVE-2020-0433)\n\n - In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/ netfilter/ nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.(CVE-2020-25211)\n\n - A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.(CVE-2020-14314)\n\n - A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/ nfs/ nfs4proc.c instead of fs/ nfs/ nfs4xdr.c, aka CID-b4487b935452.(CVE-2020-25212)\n\n - The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.(CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.(CVE-2020-25285)\n\n - A flaw was found in the Linux kernel before 5.9-rc4.\n Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.(CVE-2020-14386)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-01-20T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : kernel (EulerOS-SA-2021-1079)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-20934", "CVE-2019-3701", "CVE-2019-9456", "CVE-2019-9458", "CVE-2020-0305", "CVE-2020-0431", "CVE-2020-0433", "CVE-2020-10773", "CVE-2020-12114", "CVE-2020-12352", "CVE-2020-14305", "CVE-2020-14314", "CVE-2020-14351", "CVE-2020-14386", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-25211", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29370", "CVE-2020-29371", "CVE-2020-29660", "CVE-2020-29661"], "modified": "2021-01-22T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-debuginfo", "p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:perf", "p-cpe:/a:huawei:euleros:python-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1079.NASL", "href": "https://www.tenable.com/plugins/nessus/145201", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145201);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/22\");\n\n script_cve_id(\n \"CVE-2019-20934\",\n \"CVE-2019-3701\",\n \"CVE-2019-9456\",\n \"CVE-2019-9458\",\n \"CVE-2020-0305\",\n \"CVE-2020-0431\",\n \"CVE-2020-0433\",\n \"CVE-2020-10773\",\n \"CVE-2020-12114\",\n \"CVE-2020-12352\",\n \"CVE-2020-14305\",\n \"CVE-2020-14314\",\n \"CVE-2020-14351\",\n \"CVE-2020-14386\",\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-25211\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\",\n \"CVE-2020-25643\",\n \"CVE-2020-25645\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\",\n \"CVE-2020-29370\",\n \"CVE-2020-29371\",\n \"CVE-2020-29660\",\n \"CVE-2020-29661\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : kernel (EulerOS-SA-2021-1079)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - A stack information leak flaw was found in s390/s390x\n in the Linux kernel's memory manager functionality,\n where it incorrectly writes to the\n /proc/sys/vm/cmm_timeout file. This flaw allows a local\n user to see the kernel data.(CVE-2020-10773)\n\n - In the Android kernel in the video driver there is a\n use after free due to a race condition. This could lead\n to local escalation of privilege with no additional\n execution privileges needed. User interaction is not\n needed for exploitation.(CVE-2019-9458)\n\n - An issue was discovered in the Linux kernel before\n 5.2.6. On NUMA systems, the Linux fair scheduler has a\n use-after-free in show_numa_stats() because NUMA fault\n statistics are inappropriately freed, aka\n CID-16d51a590a8c.(CVE-2019-20934)\n\n - A locking inconsistency issue was discovered in the tty\n subsystem of the Linux kernel through 5.9.13.\n drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may\n allow a read-after-free attack against TIOCGSID, aka\n CID-c8bcd9c5be24.(CVE-2020-29660)\n\n - An out-of-bounds memory write flaw was found in how the\n Linux kernel's Voice Over IP H.323 connection tracking\n functionality handled connections on ipv6 port 1720.\n This flaw allows an unauthenticated remote user to\n crash the system, causing a denial of service. The\n highest threat from this vulnerability is to\n confidentiality, integrity, as well as system\n availability.(CVE-2020-14305)\n\n - A locking issue was discovered in the tty subsystem of\n the Linux kernel through 5.9.13.\n drivers/tty/tty_jobctrl.c allows a use-after-free\n attack against TIOCSPGRP, aka\n CID-54ffccbf053b.(CVE-2020-29661)\n\n - An issue was discovered in romfs_dev_read in\n fs/romfs/storage.c in the Linux kernel before 5.8.4.\n Uninitialized memory leaks to userspace, aka\n CID-bcf85fcedfdd.(CVE-2020-29371)\n\n - Use-after-free vulnerability in fs/block_dev.c in the\n Linux kernel before 5.8 allows local users to gain\n privileges or cause a denial of service by leveraging\n improper access to a certain error\n field.(CVE-2020-15436)\n\n - The Linux kernel before version 5.8 is vulnerable to a\n NULL pointer dereference in\n drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of\n service by using the p->serial_in pointer which\n uninitialized.(CVE-2020-15437)\n\n - An issue was discovered in kmem_cache_alloc_bulk in\n mm/slub.c in the Linux kernel before 5.5.11. The\n slowpath lacks the required TID increment, aka\n CID-fd4d9c7d0c71.(CVE-2020-29370)\n\n - A flaw was found in the Linux kernel. A use-after-free\n memory flaw was found in the perf subsystem allowing a\n local attacker with permission to monitor perf events\n to corrupt memory and possibly escalate privileges. The\n highest threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability.(CVE-2020-14351)\n\n - A buffer over-read (at the framebuffer layer) in the\n fbcon code in the Linux kernel before 5.8.15 could be\n used by local attackers to read kernel memory, aka\n CID-6735b4632def.(CVE-2020-28915)\n\n - A slab-out-of-bounds read in fbcon in the Linux kernel\n before 5.9.7 could be used by local attackers to read\n privileged information or potentially crash the kernel,\n aka CID-3c4e0dff2095. This occurs because\n KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for\n manipulations such as font height.(CVE-2020-28974)\n\n - Improper access control in BlueZ may allow an\n unauthenticated user to potentially enable information\n disclosure via adjacent access.(CVE-2020-12352)\n\n - In cdev_get of char_dev.c, there is a possible\n use-after-free due to a race condition. This could lead\n to local escalation of privilege with System execution\n privileges needed. User interaction is not needed for\n exploitation.Product: AndroidVersions:\n Android-10Android ID: A-153467744(CVE-2020-0305)\n\n - A flaw was found in the HDLC_PPP module of the Linux\n kernel in versions before 5.9-rc7. Memory corruption\n and a read overflow is caused by improper input\n validation in the ppp_cp_parse_cr function which can\n cause the system to crash or cause a denial of service.\n The highest threat from this vulnerability is to data\n confidentiality and integrity as well as system\n availability.(CVE-2020-25643)\n\n - An issue was discovered in can_can_gw_rcv in\n net/can/gw.c in the Linux kernel through 4.19.13. The\n CAN frame modification rules allow bitwise logical\n operations that can be also applied to the can_dlc\n field. The privileged user 'root' with CAP_NET_ADMIN\n can create a CAN frame modification rule that makes the\n data length code a higher value than the available CAN\n frame data size. In combination with a configured\n checksum calculation where the result is stored\n relatively to the end of the data (e.g.\n cgw_csum_xor_rel) the tail of the skb (e.g. frag_list\n pointer in skb_shared_info) can be rewritten which\n finally can cause a system crash. Because of a missing\n check, the CAN drivers may write arbitrary content\n beyond the data registers in the CAN controller's I/O\n memory when processing can-gw manipulated outgoing\n frames.(CVE-2019-3701)\n\n - In the Android kernel in Pixel C USB monitor driver\n there is a possible OOB write due to a missing bounds\n check. This could lead to local escalation of privilege\n with System execution privileges needed. User\n interaction is not needed for\n exploitation.(CVE-2019-9456)\n\n - A pivot_root race condition in fs/ namespace.c in the\n Linux kernel 4.4.x before 4.4.221, 4.9.x before\n 4.9.221, 4.14.x before 4.14.178, 4.19.x before\n 4.19.119, and 5.x before 5.3 allows local users to\n cause a denial of service (panic) by corrupting a\n mountpoint reference counter.(CVE-2020-12114)\n\n - A flaw was found in the Linux kernel in versions before\n 5.9-rc7. Traffic between two Geneve endpoints may be\n unencrypted when IPsec is configured to encrypt traffic\n for the specific UDP port used by the GENEVE tunnel\n allowing anyone between the two endpoints to read the\n traffic unencrypted. The main threat from this\n vulnerability is to data\n confidentiality.(CVE-2020-25645)\n\n - In kbd_keycode of keyboard.c, there is a possible out\n of bounds write due to a missing bounds check. This\n could lead to local escalation of privilege with no\n additional execution privileges needed. User\n interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-144161459(CVE-2020-0431)\n\n - In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is\n a possible use after free due to improper locking. This\n could lead to local escalation of privilege with no\n additional execution privileges needed. User\n interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-151939299(CVE-2020-0433)\n\n - In the Linux kernel through 5.8.7, local attackers able\n to inject conntrack netlink configuration could\n overflow a local buffer, causing crashes or triggering\n use of incorrect protocol numbers in\n ctnetlink_parse_tuple_filter in net/ netfilter/\n nf_conntrack_netlink.c, aka\n CID-1cc5ef91d2ff.(CVE-2020-25211)\n\n - A memory out-of-bounds read flaw was found in the Linux\n kernel before 5.9-rc2 with the ext3/ext4 file system,\n in the way it accesses a directory with broken\n indexing. This flaw allows a local user to crash the\n system if the directory exists. The highest threat from\n this vulnerability is to system\n availability.(CVE-2020-14314)\n\n - A TOCTOU mismatch in the NFS client code in the Linux\n kernel before 5.8.3 could be used by local attackers to\n corrupt memory or possibly have unspecified other\n impact because a size check is in fs/ nfs/ nfs4proc.c\n instead of fs/ nfs/ nfs4xdr.c, aka\n CID-b4487b935452.(CVE-2020-25212)\n\n - The rbd block device driver in drivers/block/rbd.c in\n the Linux kernel through 5.8.9 used incomplete\n permission checking for access to rbd devices, which\n could be leveraged by local attackers to map or unmap\n rbd block devices, aka\n CID-f44d04e696fe.(CVE-2020-25284)\n\n - A race condition between hugetlb sysctl handlers in\n mm/hugetlb.c in the Linux kernel before 5.8.8 could be\n used by local attackers to corrupt memory, cause a NULL\n pointer dereference, or possibly have unspecified other\n impact, aka CID-17743798d812.(CVE-2020-25285)\n\n - A flaw was found in the Linux kernel before 5.9-rc4.\n Memory corruption can be exploited to gain root\n privileges from unprivileged processes. The highest\n threat from this vulnerability is to data\n confidentiality and integrity.(CVE-2020-14386)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1079\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?83f9eb52\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-514.44.5.10.h296\",\n \"kernel-debuginfo-3.10.0-514.44.5.10.h296\",\n \"kernel-debuginfo-common-x86_64-3.10.0-514.44.5.10.h296\",\n \"kernel-devel-3.10.0-514.44.5.10.h296\",\n \"kernel-headers-3.10.0-514.44.5.10.h296\",\n \"kernel-tools-3.10.0-514.44.5.10.h296\",\n \"kernel-tools-libs-3.10.0-514.44.5.10.h296\",\n \"perf-3.10.0-514.44.5.10.h296\",\n \"python-perf-3.10.0-514.44.5.10.h296\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}, {"lastseen": "2022-06-22T18:54:08", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:\n memory allocation, process allocation, device input and output, etc. Security Fix(es):In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked list corruption due to an unusual root cause. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-111893654References: Upstream kernel.(CVE-2020-0404)A flaw was found in the Linux kernel in versions from 2.2.3 through 5.9.rc5. When changing screen size, an out-of-bounds memory write can occur leading to memory corruption or a denial of service. This highest threat from this vulnerability is to system availability.(CVE-2020-14390)A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs4proc.c instead of fsfs4xdr.c, aka CID-b4487b935452.(CVE-2020-25212)A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service.\n The highest threat from this vulnerability is to system availability.(CVE-2020-14385)In the Linux kernel before 5.7.8, fsfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131.\n This occurs because the current umask is not considered.(CVE-2020-24394)The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.(CVE-2020-25284)An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys et/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.(CVE-2019-18805)Insufficient input validation in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable a denial of service via local access.(CVE-2019-0147)Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Controllers versions before 7.0 may allow an authenticated user to potentially enable an escalation of privilege via local access.(CVE-2020-0145)A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.(CVE-2020-25285)A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.(CVE-2020-14314)A missing CAP_NET_RAW check in NFC socket creation in net fc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.(CVE-2020-26088)A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25643)The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, and Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows local users to bypass intended securelevel/secureboot restrictions by leveraging improper handling of secure_boot flag across kexec reboot.(CVE-2015-7837)A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability.(CVE-2020-25641)A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.(CVE-2020-14386)A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.(CVE-2020-25645)perf: Fix race in perf_mmap_close function.(CVE-2020-14351)An information leak flaw was found in the way the Linux kernel's Bluetooth stack implementation handled initialization of stack memory when handling certain AMP packets. A remote attacker in adjacent range could use this flaw to leak small portions of stack memory on the system by sending a specially crafted AMP packets. The highest threat from this vulnerability is to data confidentiality.(CVE-2020-12352)A flaw was found in the way the Linux kernel Bluetooth implementation handled L2CAP packets with A2MP CID. A remote attacker in adjacent range could use this flaw to crash the system causing denial of service or potentially execute arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-12351)A heap buffer overflow flaw was found in the way the Linux kernel's Bluetooth implementation processed extended advertising report events. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or to potentially execute arbitrary code on the system by sending a specially crafted Bluetooth packet. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-24490)** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.(CVE-2020-25656)In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-143560807(CVE-2020-0432)A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095. This occurs because KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for manipulations such as font height.(CVE-2020-28974)A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service.(CVE-2020-25704)A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.(CVE-2020-28915)There is a use-after-free problem seen due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode.(CVE-2020-10690)A device tracking vulnerability was found in the flow_dissector feature in the Linux kernel. This flaw occurs because the auto flowlabel of the UDP IPv6 packet relies on a 32-bit hashmd value as a secret, and jhash (instead of siphash) is used. The hashmd value remains the same starting from boot time and can be inferred by an attacker.(CVE-2019-18282)Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.(CVE-2020-15436)The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.(CVE-2020-15437)An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.(CVE-2020-29370)An issue was discovered in the Linux kernel before 5.2.6.\n On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.(CVE-2019-20934)An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.(CVE-2020-29371)An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.(CVE-2020-29374)A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.(CVE-2020-27777)In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459(CVE-2020-0431)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-01-05T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2021-1039)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-7837", "CVE-2019-0145", "CVE-2019-0147", "CVE-2019-18282", "CVE-2019-18805", "CVE-2019-20934", "CVE-2020-0145", "CVE-2020-0404", "CVE-2020-0431", "CVE-2020-0432", "CVE-2020-10690", "CVE-2020-12351", "CVE-2020-12352", "CVE-2020-14314", "CVE-2020-14351", "CVE-2020-14385", "CVE-2020-14386", "CVE-2020-14390", "CVE-2020-15436", "CVE-2020-15437", "CVE-2020-24394", "CVE-2020-24490", "CVE-2020-25212", "CVE-2020-25284", "CVE-2020-25285", "CVE-2020-25641", "CVE-2020-25643", "CVE-2020-25645", "CVE-2020-25656", "CVE-2020-25704", "CVE-2020-26088", "CVE-2020-27777", "CVE-2020-28915", "CVE-2020-28974", "CVE-2020-29370", "CVE-2020-29371", "CVE-2020-29374"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-devel", "p-cpe:/a:huawei:euleros:kernel-headers", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:kernel-tools-libs-devel", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2021-1039.NASL", "href": "https://www.tenable.com/plugins/nessus/144731", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(144731);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\n \"CVE-2015-7837\",\n \"CVE-2019-0145\",\n \"CVE-2019-0147\",\n \"CVE-2019-18282\",\n \"CVE-2019-18805\",\n \"CVE-2019-20934\",\n \"CVE-2020-0404\",\n \"CVE-2020-0431\",\n \"CVE-2020-0432\",\n \"CVE-2020-10690\",\n \"CVE-2020-12351\",\n \"CVE-2020-12352\",\n \"CVE-2020-14314\",\n \"CVE-2020-14351\",\n \"CVE-2020-14385\",\n \"CVE-2020-14386\",\n \"CVE-2020-14390\",\n \"CVE-2020-15436\",\n \"CVE-2020-15437\",\n \"CVE-2020-24394\",\n \"CVE-2020-24490\",\n \"CVE-2020-25212\",\n \"CVE-2020-25284\",\n \"CVE-2020-25285\",\n \"CVE-2020-25641\",\n \"CVE-2020-25643\",\n \"CVE-2020-25645\",\n \"CVE-2020-25656\",\n \"CVE-2020-25704\",\n \"CVE-2020-26088\",\n \"CVE-2020-27777\",\n \"CVE-2020-28915\",\n \"CVE-2020-28974\",\n \"CVE-2020-29370\",\n \"CVE-2020-29371\",\n \"CVE-2020-29374\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : kernel (EulerOS-SA-2021-1039)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - The kernel package contains the Linux kernel (vmlinuz),\n the core of any Linux operating system. The kernel\n handles the basic functions of the operating system:\n memory allocation, process allocation, device input and\n output, etc. Security Fix(es):In uvc_scan_chain_forward\n of uvc_driver.c, there is a possible linked list\n corruption due to an unusual root cause. This could\n lead to local escalation of privilege in the kernel\n with no additional execution privileges needed. User\n interaction is not needed for exploitation.Product:\n AndroidVersions: Android kernelAndroid ID:\n A-111893654References: Upstream kernel.(CVE-2020-0404)A\n flaw was found in the Linux kernel in versions from\n 2.2.3 through 5.9.rc5. When changing screen size, an\n out-of-bounds memory write can occur leading to memory\n corruption or a denial of service. This highest threat\n from this vulnerability is to system\n availability.(CVE-2020-14390)A TOCTOU mismatch in the\n NFS client code in the Linux kernel before 5.8.3 could\n be used by local attackers to corrupt memory or\n possibly have unspecified other impact because a size\n check is in fs4proc.c instead of fsfs4xdr.c, aka\n CID-b4487b935452.(CVE-2020-25212)A flaw was found in\n the Linux kernel before 5.9-rc4. A failure of the file\n system metadata validator in XFS can cause an inode\n with a valid, user-creatable extended attribute to be\n flagged as corrupt. This can lead to the filesystem\n being shutdown, or otherwise rendered inaccessible\n until it is remounted, leading to a denial of service.\n The highest threat from this vulnerability is to system\n availability.(CVE-2020-14385)In the Linux kernel before\n 5.7.8, fsfsd/vfs.c (in the NFS server) can set\n incorrect permissions on new filesystem objects when\n the filesystem lacks ACL support, aka CID-22cf8419f131.\n This occurs because the current umask is not\n considered.(CVE-2020-24394)The rbd block device driver\n in drivers/block/rbd.c in the Linux kernel through\n 5.8.9 used incomplete permission checking for access to\n rbd devices, which could be leveraged by local\n attackers to map or unmap rbd block devices, aka\n CID-f44d04e696fe.(CVE-2020-25284)An issue was\n discovered in net/ipv4/sysctl_net_ipv4.c in the Linux\n kernel before 5.0.11. There is a net/ipv4/tcp_input.c\n signed integer overflow in tcp_ack_update_rtt() when\n userspace writes a very large integer to /proc/sys\n et/ipv4/tcp_min_rtt_wlen, leading to a denial of\n service or possibly unspecified other impact, aka\n CID-19fad20d15a6.(CVE-2019-18805)Insufficient input\n validation in i40e driver for Intel(R) Ethernet 700\n Series Controllers versions before 7.0 may allow an\n authenticated user to potentially enable a denial of\n service via local access.(CVE-2019-0147)Buffer overflow\n in i40e driver for Intel(R) Ethernet 700 Series\n Controllers versions before 7.0 may allow an\n authenticated user to potentially enable an escalation\n of privilege via local access.(CVE-2020-0145)A race\n condition between hugetlb sysctl handlers in\n mm/hugetlb.c in the Linux kernel before 5.8.8 could be\n used by local attackers to corrupt memory, cause a NULL\n pointer dereference, or possibly have unspecified other\n impact, aka CID-17743798d812.(CVE-2020-25285)A memory\n out-of-bounds read flaw was found in the Linux kernel\n before 5.9-rc2 with the ext3/ext4 file system, in the\n way it accesses a directory with broken indexing. This\n flaw allows a local user to crash the system if the\n directory exists. The highest threat from this\n vulnerability is to system\n availability.(CVE-2020-14314)A missing CAP_NET_RAW\n check in NFC socket creation in net fc/rawsock.c in the\n Linux kernel before 5.8.2 could be used by local\n attackers to create raw sockets, bypassing security\n mechanisms, aka CID-26896f01467a.(CVE-2020-26088)A flaw\n was found in the HDLC_PPP module of the Linux kernel in\n versions before 5.9-rc7. Memory corruption and a read\n overflow is caused by improper input validation in the\n ppp_cp_parse_cr function which can cause the system to\n crash or cause a denial of service. The highest threat\n from this vulnerability is to data confidentiality and\n integrity as well as system\n availability.(CVE-2020-25643)The Linux kernel, as used\n in Red Hat Enterprise Linux 7, kernel-rt, and\n Enterprise MRG 2 and when booted with UEFI Secure Boot\n enabled, allows local users to bypass intended\n securelevel/secureboot restrictions by leveraging\n improper handling of secure_boot flag across kexec\n reboot.(CVE-2015-7837)A flaw was found in the Linux\n kernel's implementation of biovecs in versions before\n 5.9-rc7. A zero-length biovec request issued by the\n block subsystem could cause the kernel to enter an\n infinite loop, causing a denial of service. This flaw\n allows a local attacker with basic privileges to issue\n requests to a block device, resulting in a denial of\n service. The highest threat from this vulnerability is\n to system availability.(CVE-2020-25641)A flaw was found\n in the Linux kernel before 5.9-rc4. Memory corruption\n can be exploited to gain root privileges from\n unprivileged processes. The highest threat from this\n vulnerability is to data confidentiality and\n integrity.(CVE-2020-14386)A flaw was found in the Linux\n kernel in versions before 5.9-rc7. Traffic between two\n Geneve endpoints may be unencrypted when IPsec is\n configured to encrypt traffic for the specific UDP port\n used by the GENEVE tunnel allowing anyone between the\n two endpoints to read the traffic unencrypted. The main\n threat from this vulnerability is to data\n confidentiality.(CVE-2020-25645)perf: Fix race in\n perf_mmap_close function.(CVE-2020-14351)An information\n leak flaw was found in the way the Linux kernel's\n Bluetooth stack implementation handled initialization\n of stack memory when handling certain AMP packets. A\n remote attacker in adjacent range could use this flaw\n to leak small portions of stack memory on the system by\n sending a specially crafted AMP packets. The highest\n threat from this vulnerability is to data\n confidentiality.(CVE-2020-12352)A flaw was found in the\n way the Linux kernel Bluetooth implementation handled\n L2CAP packets with A2MP CID. A remote attacker in\n adjacent range could use this flaw to crash the system\n causing denial of service or potentially execute\n arbitrary code on the system by sending a specially\n crafted L2CAP packet. The highest threat from this\n vulnerability is to data confidentiality and integrity\n as well as system availability.(CVE-2020-12351)A heap\n buffer overflow flaw was found in the way the Linux\n kernel's Bluetooth implementation processed extended\n advertising report events. This flaw allows a remote\n attacker in an adjacent range to crash the system,\n causing a denial of service or to potentially execute\n arbitrary code on the system by sending a specially\n crafted Bluetooth packet. The highest threat from this\n vulnerability is to confidentiality, integrity, as well\n as system availability.(CVE-2020-24490)** RESERVED **\n This candidate has been reserved by an organization or\n individual that will use it when announcing a new\n security problem. When the candidate has been\n publicized, the details for this candidate will be\n provided.(CVE-2020-25656)In skb_to_mamac of\n networking.c, there is a possible out of bounds write\n due to an integer overflow. This could lead to local\n escalation of privilege with no additional execution\n privileges needed. User interaction is not needed for\n exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-143560807(CVE-2020-0432)A\n slab-out-of-bounds read in fbcon in the Linux kernel\n before 5.9.7 could be used by local attackers to read\n privileged information or potentially crash the kernel,\n aka CID-3c4e0dff2095. This occurs because\n KD_FONT_OP_COPY in drivers/tty/vt/vt.c can be used for\n manipulations such as font height.(CVE-2020-28974)A\n flaw memory leak in the Linux kernel performance\n monitoring subsystem was found in the way if using\n PERF_EVENT_IOC_SET_FILTER. A local user could use this\n flaw to starve the resources causing denial of\n service.(CVE-2020-25704)A buffer over-read (at the\n framebuffer layer) in the fbcon code in the Linux\n kernel before 5.8.15 could be used by local attackers\n to read kernel memory, aka\n CID-6735b4632def.(CVE-2020-28915)There is a\n use-after-free problem seen due to a race condition\n between the release of ptp_clock and cdev while\n resource deallocation. When a (high privileged) process\n allocates a ptp device file (like /dev/ptpX) and\n voluntarily goes to sleep. During this time if the\n underlying device is removed, it can cause an\n exploitable condition as the process wakes up to\n terminate and clean all attached files. The system\n crashes due to the cdev structure being invalid (as\n already freed) which is pointed to by the\n inode.(CVE-2020-10690)A device tracking vulnerability\n was found in the flow_dissector feature in the Linux\n kernel. This flaw occurs because the auto flowlabel of\n the UDP IPv6 packet relies on a 32-bit hashmd value as\n a secret, and jhash (instead of siphash) is used. The\n hashmd value remains the same starting from boot time\n and can be inferred by an\n attacker.(CVE-2019-18282)Use-after-free vulnerability\n in fs/block_dev.c in the Linux kernel before 5.8 allows\n local users to gain privileges or cause a denial of\n service by leveraging improper access to a certain\n error field.(CVE-2020-15436)The Linux kernel before\n version 5.8 is vulnerable to a NULL pointer dereference\n in\n drivers/tty/serial/8250/8250_core.c:serial8250_isa_init\n _ports() that allows local users to cause a denial of\n service by using the p->serial_in pointer which\n uninitialized.(CVE-2020-15437)An issue was discovered\n in kmem_cache_alloc_bulk in mm/slub.c in the Linux\n kernel before 5.5.11. The slowpath lacks the required\n TID increment, aka CID-fd4d9c7d0c71.(CVE-2020-29370)An\n issue was discovered in the Linux kernel before 5.2.6.\n On NUMA systems, the Linux fair scheduler has a\n use-after-free in show_numa_stats() because NUMA fault\n statistics are inappropriately freed, aka\n CID-16d51a590a8c.(CVE-2019-20934)An issue was\n discovered in romfs_dev_read in fs/romfs/storage.c in\n the Linux kernel before 5.8.4. Uninitialized memory\n leaks to userspace, aka\n CID-bcf85fcedfdd.(CVE-2020-29371)An issue was\n discovered in the Linux kernel before 5.7.3, related to\n mm/gup.c and mm/huge_memory.c. The get_user_pages (aka\n gup) implementation, when used for a copy-on-write\n page, does not properly consider the semantics of read\n operations and therefore can grant unintended write\n access, aka CID-17839856fd58.(CVE-2020-29374)A flaw was\n found in the way RTAS handled memory accesses in\n userspace to kernel communication. On a locked down\n (usually due to Secure Boot) guest system running on\n top of PowerVM or KVM hypervisors (pseries platform) a\n root like local user could use this flaw to further\n increase their privileges to that of a running\n kernel.(CVE-2020-27777)In kbd_keycode of keyboard.c,\n there is a possible out of bounds write due to a\n missing bounds check. This could lead to local\n escalation of privilege with no additional execution\n privileges needed. User interaction is not needed for\n exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-144161459(CVE-2020-0431)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1039\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?92f0c0ab\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-25643\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2019-18805\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-4.19.36-vhulk1907.1.0.h906\",\n \"kernel-devel-4.19.36-vhulk1907.1.0.h906\",\n \"kernel-headers-4.19.36-vhulk1907.1.0.h906\",\n \"kernel-tools-4.19.36-vhulk1907.1.0.h906\",\n \"kernel-tools-libs-4.19.36-vhulk1907.1.0.h906\",\n \"kernel-tools-libs-devel-4.19.36-vhulk1907.1.0.h906\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:C"}}], "oraclelinux": [{"lastseen": "2021-11-26T18:28:00", "description": "[3.10.0-1160.36.2.OL7]\n- Update Oracle Linux certificates (Ilya Okomin)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [Orabug: 24817676]\n- Conflict with shim-ia32 and shim-x64 <= 15-2.0.9\n- Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin)\n[3.10.0-1160.36.2]\n- seq_file: Disallow extremely large seq buffer allocations (Ian Kent) [1975251]\n[3.10.0-1160.36.1]\n- cipso,calipso: resolve a number of problems with the DOI refcounts (Antoine Tenart) [1967720]\n- net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (Alaa Hleihel) [1962406]\n- sched/debug: Fix cgroup_path[] serialization (Waiman Long) [1912221]\n- sched/debug: Reset watchdog on all CPUs while processing sysrq-t (Waiman Long) [1912221]\n- vt: vt_ioctl: fix use-after-free in vt_in_use() (Vladis Dronov) [1872778]\n- vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (Vladis Dronov) [1872778]\n- vt: ioctl, switch VT_IS_IN_USE and VT_BUSY to inlines (Vladis Dronov) [1872778]\n- vt: selection, introduce vc_is_sel (Vladis Dronov) [1872778]\n- redhat: genspec: generate changelog entries since last release (Augusto Caringi)\n[3.10.0-1160.35.1]\n- CI: Merge configuration (Veronika Kabatova)\n- [pci/aer] Work around use-after-free in pcie_do_fatal_recovery() (Al Stone) [1933663]\n- [pci/aer] do not invoke error recovery with non-fatal errors (Al Stone) [1933663]\n[3.10.0-1160.34.1]\n- futex: remove lockdep_assert_held() in pi_state_update_owner() (Donghai Qiao) [1965495]\n- video: hyperv_fb: Add ratelimit on error message (Mohammed Gamal) [1957803]\n- Drivers: hv: vmbus: Increase wait time for VMbus unload (Mohammed Gamal) [1957803]\n- Drivers: hv: vmbus: Initialize unload_event statically (Mohammed Gamal) [1957803]\n- blk-mq: always allow reserved allocation in hctx_may_queue (Ming Lei) [1926825]\n- s390/pci: fix out of bounds access during irq setup (Philipp Rudo) [1917943]\n- s390/pci: improve irq number check for msix (Philipp Rudo) [1917943]\n[3.10.0-1160.33.1]\n- CI: Disable result checking for realtime check (Veronika Kabatova)\n- CI: Explicitly disable result checking for private CI (Veronika Kabatova)\n- CI: Rename variable (Veronika Kabatova)\n- mm: memcontrol: switch to rcu protection in drain_all_stock() (Waiman Long) [1957719]\n- sctp: Don't add the shutdown timer if its already been added (Xin Long) [1953052]\n- media: xirlink_cit: add missing descriptor sanity checks (Mark Langsdorf) [1826877] {CVE-2020-11668}\n[3.10.0-1160.32.1]\n- Bluetooth: verify AMP hci_chan before amp_destroy (Gopal Tiwari) [1962532] {CVE-2021-33034}\n- net: ipv4: route: Fix sending IGMP messages with link address (Hangbin Liu) [1958339]\n- hv_netvsc: remove ndo_poll_controller (Mohammed Gamal) [1953075]\n- Fix double free in nvme_trans_log_temperature (Gopal Tiwari) [1946793]\n- rcu: Call touch_nmi_watchdog() while printing stall warnings (Artem Savkov) [1924688]\n- sched/fair: Use RCU accessors consistently for ->numa_group (Rafael Aquini) [1915635] {CVE-2019-20934}\n- sched/fair: Don't free p->numa_faults with concurrent readers (Rafael Aquini) [1915635] {CVE-2019-20934}\n- sched/numa: Simplify task_numa_compare() (Rafael Aquini) [1915635] {CVE-2019-20934}\n- sched/numa: Fix task_numa_free() lockdep splat (Rafael Aquini) [1915635] {CVE-2019-20934}\n- sched/numa: Move task_numa_free() to __put_task_struct() (Rafael Aquini) [1915635] {CVE-2019-20934}\n- [s390] s390/dasd: fix diag 0x250 inline assembly (Philipp Rudo) [1910395]\n- vsock/vmci: log once the failed queue pair allocation (Stefano Garzarella) [1892237]\n- VMCI: Stop log spew when qp allocation isn't possible (Stefano Garzarella) [1892237]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-21T00:00:00", "type": "oraclelinux", "title": "kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20934", "CVE-2020-11668", "CVE-2021-33033", "CVE-2021-33034", "CVE-2021-33909"], "modified": "2021-07-21T00:00:00", "id": "ELSA-2021-2725", "href": "http://linux.oracle.com/errata/ELSA-2021-2725.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-30T06:24:43", "description": "[4.1.12-124.46.3]\n- mwifiex: fix possible heap overflow in mwifiex_process_country_ie() (Ganapathi Bhat) [Orabug: 30781859] {CVE-2019-14895} {CVE-2019-14895}\n- ext4: fix ext4_empty_dir() for directories with holes (Jan Kara) [Orabug: 31265320] {CVE-2019-19037} {CVE-2019-19037}\n- netlabel: cope with NULL catmap (Paolo Abeni) [Orabug: 31350493] {CVE-2020-10711}\n- scsi: mptfusion: Fix double fetch bug in ioctl (Dan Carpenter) [Orabug: 31350941] {CVE-2020-12652}\n- scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo() (Dan Carpenter) [Orabug: 31350941] {CVE-2020-12652}\n- USB: core: Fix free-while-in-use bug in the USB S-Glibrary (Alan Stern) [Orabug: 31350967] {CVE-2020-12464}\n- drivers: usb: core: Minimize irq disabling in usb_sg_cancel() (David Mosberger) [Orabug: 31350967] {CVE-2020-12464}\n- drivers: usb: core: Don't disable irqs in usb_sg_wait() during URB submit. (David Mosberger) [Orabug: 31350967] {CVE-2020-12464}\n- ext4: work around deleting a file with i_nlink == 0 safely (Theodore Ts'o) [Orabug: 31351014] {CVE-2019-19447}\n- xen/events: avoid removing an event channel while handling it (Juergen Gross) [Orabug: 31984319] \n- xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage (Josh Abraham) [Orabug: 31984319] \n- ext4: fix fencepost in s_first_meta_bg validation (Theodore Ts'o) [Orabug: 32197511] \n- dm crypt: Allow unaligned bio buffer lengths for skcipher devices (Sudhakar Panneerselvam) [Orabug: 32202000] \n- sched/fair: Don't free p->numa_faults with concurrent readers (Jann Horn) [Orabug: 32212524] {CVE-2019-20934}\n- netfilter: nf_conntrack_h323: lost .data_len definition for Q.931/ipv6 (Vasily Averin) [Orabug: 32222844] {CVE-2020-14305}\n- perf/core: Fix race in the perf_mmap_close() function (Jiri Olsa) [Orabug: 32233360] {CVE-2020-14351}\n- ext4: fix calculation of meta_bg descriptor backups (Andy Leiserson) [Orabug: 32245133]\n[4.1.12-124.46.2]\n- ocfs2: initialize ip_next_orphan (Wengang Wang) [Orabug: 31780626] \n- Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts (Peilin Ye) [Orabug: 32176264] {CVE-2020-28915}\n- fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (Peilin Ye) [Orabug: 32176264] {CVE-2020-28915}\n- page_frag: Recover from memory pressure (Dongli Zhang) [Orabug: 32177993] \n- vt: Disable KD_FONT_OP_COPY (Daniel Vetter) [Orabug: 32187749] {CVE-2020-28974}\n- block: Fix use-after-free in blkdev_get() (Jason Yan) [Orabug: 32194609] {CVE-2020-15436}\n- icmp: randomize the global rate limiter (Eric Dumazet) [Orabug: 32227971] {CVE-2020-25705}\n[4.1.12-124.46.1]\n- KVM: x86: minor code refactor and comments fixup around dirty logging (Anthony Yznaga) [Orabug: 31722767] \n- KVM: x86: Manually flush collapsible SPTEs only when toggling flags (Sean Christopherson) [Orabug: 31722767] \n- KVM: x86: avoid unnecessary rmap walks when creating/moving slots (Anthony Yznaga) [Orabug: 31722767] \n- KVM: x86: remove unnecessary rmap walk of read-only memslots (Anthony Yznaga) [Orabug: 31722767] \n- xfs: catch inode allocation state mismatch corruption (Gautham Ananthakrishna) [Orabug: 32071488] \n- tty: make FONTX ioctl use the tty pointer they were actually passed (Linus Torvalds) [Orabug: 32122731] {CVE-2020-25668}\n- IB/mlx4: Adjust delayed work when a dup is observed (Hakon Bugge) [Orabug: 32136900] \n- IB/mlx4: Add support for REJ due to timeout (Hakon Bugge) [Orabug: 32136900] \n- IB/mlx4: Fix starvation in paravirt mux/demux (Hakon Bugge) [Orabug: 32136900] \n- IB/mlx4: Separate tunnel and wire bufs parameters (Hakon Bugge) [Orabug: 32136900] \n- IB/mlx4: Add support for MRA (Hakon Bugge) [Orabug: 32136900] \n- IB/mlx4: Add and improve logging (Hakon Bugge) [Orabug: 32136900]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-01-07T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 8.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14895", "CVE-2019-19037", "CVE-2019-19447", "CVE-2019-20934", "CVE-2020-10711", "CVE-2020-12464", "CVE-2020-12652", "CVE-2020-14305", "CVE-2020-14351", "CVE-2020-15436", "CVE-2020-25668", "CVE-2020-25705", "CVE-2020-28915", "CVE-2020-28974"], "modified": "2021-01-07T00:00:00", "id": "ELSA-2021-9002", "href": "http://linux.oracle.com/errata/ELSA-2021-9002.html", "cvss": {"score": 8.3, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:C"}}], "centos": [{"lastseen": "2022-02-27T11:49:13", "description": "**CentOS Errata and Security Advisory** CESA-2021:2725\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909)\n\n* kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034)\n\n* kernel: use-after-free in show_numa_stats function (CVE-2019-20934)\n\n* kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668)\n\n* kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c (CVE-2021-33033)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* [RHEL7.9.z] n_tty_open: \"BUG: unable to handle kernel paging request\" (BZ#1872778)\n\n* [ESXi][RHEL7.8]\"qp_alloc_hypercall result = -20\" / \"Could not attach to queue pair with -20\" with vSphere Fault Tolerance enabled (BZ#1892237)\n\n* [RHEL7.9][s390x][Regression] Sino Nomine swapgen IBM z/VM emulated DASD with DIAG driver returns EOPNOTSUPP (BZ#1910395)\n\n* False-positive hard lockup detected while processing the thread state information (SysRq-T) (BZ#1912221)\n\n* RHEL7.9 zstream - s390x LPAR with NVMe SSD will panic when it has 32 or more IFL (pci) (BZ#1917943)\n\n* The NMI watchdog detected a hard lockup while printing RCU CPU stall warning messages to the serial console (BZ#1924688)\n\n* nvme hangs when trying to allocate reserved tag (BZ#1926825)\n\n* [REGRESSION] \"call into AER handling regardless of severity\" triggers do_recovery() unnecessarily on correctable PCIe errors (BZ#1933663)\n\n* Module nvme_core: A double free of the kmalloc-512 cache between nvme_trans_log_temperature() and nvme_get_log_page(). (BZ#1946793)\n\n* sctp - SCTP_CMD_TIMER_START queues active timer kernel BUG at kernel/timer.c:1000! (BZ#1953052)\n\n* [Hyper-V][RHEL-7]When CONFIG_NET_POLL_CONTROLLER is set, mainline commit 2a7f8c3b1d3fee is needed (BZ#1953075)\n\n* Kernel panic at cgroup_is_descendant (BZ#1957719)\n\n* [Hyper-V][RHEL-7]Commits To Fix Kdump Failures (BZ#1957803)\n\n* IGMPv2 JOIN packets incorrectly routed to loopback (BZ#1958339)\n\n* [CKI kernel builds]: x86 binaries in non-x86 kernel rpms breaks systemtap [7.9.z] (BZ#1960193)\n\n* mlx4: Fix memory allocation in mlx4_buddy_init needed (BZ#1962406)\n\n* incorrect assertion on pi_state->pi_mutex.wait_lock from pi_state_update_owner() (BZ#1965495)\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2021-July/060892.html\n\n**Affected packages:**\nbpftool\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2021:2725", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-22T13:52:55", "type": "centos", "title": "bpftool, kernel, perf, python security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20934", "CVE-2020-11668", "CVE-2021-33033", "CVE-2021-33034", "CVE-2021-33909"], "modified": "2021-07-22T13:52:55", "id": "CESA-2021:2725", "href": "https://lists.centos.org/pipermail/centos-announce/2021-July/060892.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2021-11-26T18:41:38", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909)\n\n* kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034)\n\n* kernel: use-after-free in show_numa_stats function (CVE-2019-20934)\n\n* kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668)\n\n* kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c (CVE-2021-33033)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* kernel-rt: update to the latest RHEL7.9.z7 source tree (BZ#1967333)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-20T13:26:54", "type": "redhat", "title": "(RHSA-2021:2726) Important: kernel-rt security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20934", "CVE-2020-11668", "CVE-2021-33033", "CVE-2021-33034", "CVE-2021-33909"], "modified": "2021-07-20T22:03:23", "id": "RHSA-2021:2726", "href": "https://access.redhat.com/errata/RHSA-2021:2726", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-26T18:40:41", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: size_t-to-int conversion vulnerability in the filesystem layer (CVE-2021-33909)\n\n* kernel: use-after-free in net/bluetooth/hci_event.c when destroying an hci_chan (CVE-2021-33034)\n\n* kernel: use-after-free in show_numa_stats function (CVE-2019-20934)\n\n* kernel: mishandles invalid descriptors in drivers/media/usb/gspca/xirlink_cit.c (CVE-2020-11668)\n\n* kernel: use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c (CVE-2021-33033)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* [RHEL7.9.z] n_tty_open: \"BUG: unable to handle kernel paging request\" (BZ#1872778)\n\n* [ESXi][RHEL7.8]\"qp_alloc_hypercall result = -20\" / \"Could not attach to queue pair with -20\" with vSphere Fault Tolerance enabled (BZ#1892237)\n\n* [RHEL7.9][s390x][Regression] Sino Nomine swapgen IBM z/VM emulated DASD with DIAG driver returns EOPNOTSUPP (BZ#1910395)\n\n* False-positive hard lockup detected while processing the thread state information (SysRq-T) (BZ#1912221)\n\n* RHEL7.9 zstream - s390x LPAR with NVMe SSD will panic when it has 32 or more IFL (pci) (BZ#1917943)\n\n* The NMI watchdog detected a hard lockup while printing RCU CPU stall warning messages to the serial console (BZ#1924688)\n\n* nvme hangs when trying to allocate reserved tag (BZ#1926825)\n\n* [REGRESSION] \"call into AER handling regardless of severity\" triggers do_recovery() unnecessarily on correctable PCIe errors (BZ#1933663)\n\n* Module nvme_core: A double free of the kmalloc-512 cache between nvme_trans_log_temperature() and nvme_get_log_page(). (BZ#1946793)\n\n* sctp - SCTP_CMD_TIMER_START queues active timer kernel BUG at kernel/timer.c:1000! (BZ#1953052)\n\n* [Hyper-V][RHEL-7]When CONFIG_NET_POLL_CONTROLLER is set, mainline commit 2a7f8c3b1d3fee is needed (BZ#1953075)\n\n* Kernel panic at cgroup_is_descendant (BZ#1957719)\n\n* [Hyper-V][RHEL-7]Commits To Fix Kdump Failures (BZ#1957803)\n\n* IGMPv2 JOIN packets incorrectly routed to loopback (BZ#1958339)\n\n* [CKI kernel builds]: x86 binaries in non-x86 kernel rpms breaks systemtap [7.9.z] (BZ#1960193)\n\n* mlx4: Fix memory allocation in mlx4_buddy_init needed (BZ#1962406)\n\n* incorrect assertion on pi_state->pi_mutex.wait_lock from pi_state_update_owner() (BZ#1965495)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-07-20T13:26:51", "type": "redhat", "title": "(RHSA-2021:2725) Important: kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20934", "CVE-2020-11668", "CVE-2021-33033", "CVE-2021-33034", "CVE-2021-33909"], "modified": "2021-07-20T22:03:22", "id": "RHSA-2021:2725", "href": "https://access.redhat.com/errata/RHSA-2021:2725", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-26T18:38:30", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: use-after-free in drivers/infiniband/core/ucma.c ctx use-after-free (CVE-2020-36385)\n\n* kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks (CVE-2021-22543)\n\n* kernel: powerpc: KVM guest OS users can cause host OS memory corruption (CVE-2021-37576)\n\n* kernel: use-after-free in show_numa_stats function (CVE-2019-20934)\n\n* kernel: SVM nested virtualization issue in KVM (AVIC support) (CVE-2021-3653)\n\n* kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE) (CVE-2021-3656)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* A race between i40e_ndo_set_vf_mac() and i40e_vsi_clear() in the i40e driver causes a use after free condition of the kmalloc-4096 slab cache. (BZ#1980333)", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-10-26T07:01:23", "type": "redhat", "title": "(RHSA-2021:3987) Important: kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20934", "CVE-2020-36385", "CVE-2021-22543", "CVE-2021-3653", "CVE-2021-3656", "CVE-2021-37576"], "modified": "2021-10-26T07:05:18", "id": "RHSA-2021:3987", "href": "https://access.redhat.com/errata/RHSA-2021:3987", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-10-19T20:38:51", "description": "Red Hat Advanced Cluster Management for Kubernetes 2.3.0 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which fix several bugs and security issues. See\nthe following Release Notes documentation, which will be updated shortly\nfor this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.3/html/release_notes/\n\nSecurity:\n\n* fastify-reply-from: crafted URL allows prefix scape of the proxied backend service (CVE-2021-21321)\n\n* fastify-http-proxy: crafted URL allows prefix scape of the proxied\nbackend service (CVE-2021-21322)\n\n* nodejs-netmask: improper input validation of octal input data (CVE-2021-28918)\n\n* redis: Integer overflow via STRALGO LCS command (CVE-2021-29477)\n\n* redis: Integer overflow via COPY command for large intsets (CVE-2021-29478)\n\n* nodejs-glob-parent: Regular expression denial of service (CVE-2020-28469)\n\n* nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions\n(CVE-2020-28500)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension (CVE-2020-28851)\n\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing\nbcp47 tag (CVE-2020-28852)\n\n* nodejs-ansi_up: XSS due to insufficient URL sanitization (CVE-2021-3377)\n\n* oras: zip-slip vulnerability via oras-pull (CVE-2021-21272)\n\n* redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309)\n\n* nodejs-lodash: command injection via template (CVE-2021-23337)\n\n* nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() (CVE-2021-23362)\n\n* browserslist: parsing of invalid queries could result in Regular Expression Denial of Service (ReDoS) (CVE-2021-23364)\n\n* nodejs-postcss: Regular expression denial of service during source map parsing (CVE-2021-23368)\n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile templates with strict:true option (CVE-2021-23369)\n\n* nodejs-postcss: ReDoS via getAnnotationURL() and loadAnnotation() in lib/previous-map.js (CVE-2021-23382)\n\n* nodejs-handlebars: Remote code execution when compiling untrusted compile templates with compat:true option (CVE-2021-23383)\n\n* openssl: integer overflow in CipherUpdate (CVE-2021-23840)\n\n* openssl: NULL pointer dereference in X509_issuer_and_serial_hash()\n(CVE-2021-23841)\n\n* nodejs-ua-parser-js: ReDoS via malicious User-Agent header (CVE-2021-27292)\n\n* grafana: snapshot feature allow an unauthenticated remote attacker to trigger a DoS via a remote API call (CVE-2021-27358)\n\n* nodejs-is-svg: ReDoS via malicious string (CVE-2021-28092)\n\n* nodejs-netmask: incorrectly parses an IP address that has octal integer with invalid character (CVE-2021-29418)\n\n* ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482)\n\n* normalize-url: ReDoS for data URLs (CVE-2021-33502)\n\n* nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623)\n\n* nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe (CVE-2021-23343)\n\n* html-parse-stringify: Regular Expression DoS (CVE-2021-23346)\n\n* openssl: incorrect SSLv2 rollback protection (CVE-2021-23839)\n\nFor more details about the security issues, including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npages listed in the References section.\n\nBugs:\n\n* RFE Make the source code for the endpoint-metrics-operator public (BZ# 1913444)\n\n* cluster became offline after apiserver health check (BZ# 1942589)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-08-05T12:52:42", "type": "redhat", "title": "(RHSA-2021:3016) Important: Red Hat Advanced Cluster Management for Kubernetes version 2.3", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10228", "CVE-2017-14502", "CVE-2018-1000858", "CVE-2018-20843", "CVE-2019-13050", "CVE-2019-13627", "CVE-2019-14889", "CVE-2019-15903", "CVE-2019-19906", "CVE-2019-20454", "CVE-2019-20934", "CVE-2019-25013", "CVE-2019-2708", "CVE-2019-9169", "CVE-2020-11668", "CVE-2020-13434", "CVE-2020-15358", "CVE-2020-1730", "CVE-2020-27618", "CVE-2020-28196", "CVE-2020-28469", "CVE-2020-28500", "CVE-2020-28851", "CVE-2020-28852", "CVE-2020-29361", "CVE-2020-29362", "CVE-2020-29363", "CVE-2020-8231", "CVE-2020-8284", "CVE-2020-8285", "CVE-2020-8286", "CVE-2020-8927", "CVE-2021-20271", "CVE-2021-20305", "CVE-2021-21272", "CVE-2021-21309", "CVE-2021-21321", "CVE-2021-21322", "CVE-2021-23337", "CVE-2021-23343", "CVE-2021-23346", "CVE-2021-23362", "CVE-2021-23364", "CVE-2021-23368", "CVE-2021-23369", "CVE-2021-23382", "CVE-2021-23383", "CVE-2021-23839", "CVE-2021-23840", "CVE-2021-23841", "CVE-2021-25217", "CVE-2021-27219", "CVE-2021-27292", "CVE-2021-27358", "CVE-2021-28092", "CVE-2021-28918", "CVE-2021-29418", "CVE-2021-29477", "CVE-2021-29478", "CVE-2021-29482", "CVE-2021-32399", "CVE-2021-33033", "CVE-2021-33034", "CVE-2021-3326", "CVE-2021-33502", "CVE-2021-33623", "CVE-2021-3377", "CVE-2021-33909", "CVE-2021-33910", "CVE-2021-3449", "CVE-2021-3450", "CVE-2021-3516", "CVE-2021-3517", "CVE-2021-3518", "CVE-2021-3520", "CVE-2021-3537", "CVE-2021-3541", "CVE-2021-3560"], "modified": "2021-08-05T12:52:59", "id": "RHSA-2021:3016", "href": "https://access.redhat.com/errata/RHSA-2021:3016", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "photon": [{"lastseen": "2022-05-12T18:46:59", "description": "Updates of ['linux-rt', 'linux-esx', 'linux', 'linux-secure', 'linux-aws', 'icu'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-10-18T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2020-0153", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 8.5, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20934", "CVE-2020-10531", "CVE-2020-12655", "CVE-2020-12771", "CVE-2020-15393", "CVE-2020-15436", "CVE-2020-16120", "CVE-2020-25643"], "modified": "2020-10-18T00:00:00", "id": "PHSA-2020-0153", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-153", "cvss": {"score": 7.5, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:C"}}, {"lastseen": "2021-11-04T08:57:40", "description": "An update of {'linux-aws', 'linux-secure', 'icu', 'linux', 'linux-esx', 'linux-rt'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-10-18T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2020-3.0-0153", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "COMPLETE", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 8.5, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20934", "CVE-2020-10531", "CVE-2020-12655", "CVE-2020-12771", "CVE-2020-14314", "CVE-2020-14385", "CVE-2020-15393", "CVE-2020-15436", "CVE-2020-16120", "CVE-2020-25212", "CVE-2020-25285", "CVE-2020-25641", "CVE-2020-25643", "CVE-2020-26088"], "modified": "2020-10-18T00:00:00", "id": "PHSA-2020-3.0-0153", "href": "https://github.com/vmware/photon/wiki/Security-Updates-3.0-153", "cvss": {"score": 7.5, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:C"}}, {"lastseen": "2022-05-12T18:25:47", "description": "Updates of ['linux-aws', 'linux-secure', 'linux-esx', 'go', 'envoy', 'linux'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2019-09-03T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2019-0175", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18509", "CVE-2018-20856", "CVE-2018-20961", "CVE-2019-1125", "CVE-2019-13272", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-14809", "CVE-2019-15239", "CVE-2019-15807", "CVE-2019-15926", "CVE-2019-16413", "CVE-2019-20934", "CVE-2019-9900", "CVE-2019-9901"], "modified": "2019-09-03T00:00:00", "id": "PHSA-2019-0175", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-175", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-12T18:03:34", "description": "Updates of ['sysdig', 'linux', 'linux-esx', 'go', 'openjdk'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-09-03T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2019-0250", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 9.4, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 9.2, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-18509", "CVE-2018-20856", "CVE-2019-1125", "CVE-2019-11487", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-14809", "CVE-2019-15239", "CVE-2019-15926", "CVE-2019-20934", "CVE-2019-2745", "CVE-2019-2762", "CVE-2019-2766", "CVE-2019-2769", "CVE-2019-2786", "CVE-2019-2816", "CVE-2019-2818", "CVE-2019-2821", "CVE-2019-2842", "CVE-2019-8339"], "modified": "2019-09-03T00:00:00", "id": "PHSA-2019-0250", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-250", "cvss": {"score": 9.4, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:C"}}, {"lastseen": "2022-05-12T18:52:01", "description": "Updates of ['expat', 'postgresql', 'u-boot', 'grub2', 'haproxy', 'linux-esx', 'zeromq', 'linux', 'mysql', 'linux- secure', 'linux-aws', 'binutils', 'libssh2'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2019-08-21T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2019-0026", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 9.4, "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 9.2, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-8370", "CVE-2018-20843", "CVE-2019-10126", "CVE-2019-10208", "CVE-2019-10638", "CVE-2019-1125", "CVE-2019-12972", "CVE-2019-13103", "CVE-2019-13115", "CVE-2019-13272", "CVE-2019-14241", "CVE-2019-14250", "CVE-2019-14283", "CVE-2019-14284", "CVE-2019-14444", "CVE-2019-15090", "CVE-2019-15211", "CVE-2019-15213", "CVE-2019-15215", "CVE-2019-15220", "CVE-2019-15807", "CVE-2019-15925", "CVE-2019-15926", "CVE-2019-17351", "CVE-2019-20934", "CVE-2019-2737", "CVE-2019-2738", "CVE-2019-2739", "CVE-2019-2740", "CVE-2019-2741", "CVE-2019-2789", "CVE-2019-2795", "CVE-2019-2796", "CVE-2019-2797", "CVE-2019-2798", "CVE-2019-2800", "CVE-2019-2801", "CVE-2019-2802", "CVE-2019-2803", "CVE-2019-2805", "CVE-2019-2808", "CVE-2019-2810", "CVE-2019-2811", "CVE-2019-2812", "CVE-2019-2814", "CVE-2019-2815", "CVE-2019-2819", "CVE-2019-2822", "CVE-2019-2826", "CVE-2019-2830", "CVE-2019-2834", "CVE-2019-2879", "CVE-2019-3846", "CVE-2019-3900", "CVE-2019-6250"], "modified": "2019-08-21T00:00:00", "id": "PHSA-2019-0026", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-26", "cvss": {"score": 9.4, "vector": "AV:N/AC:L/Au:N/C:C/I:N/A:C"}}], "suse": [{"lastseen": "2022-04-18T12:40:44", "description": "An update that solves 17 vulnerabilities and has 62 fixes\n is now available.\n\nDescription:\n\n\n\n The openSUSE Leap 15.1 kernel was updated to receive various security and\n bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2020-29568: An issue was discovered in Xen through 4.14.x. Some OSes\n (such as Linux, FreeBSD, and NetBSD) are processing watch events using a\n single thread. If the events are received faster than the thread is able\n to handle, they will get queued. As the queue is unbounded, a guest may\n be able to trigger an OOM in the backend. All systems with a FreeBSD,\n Linux, or NetBSD (any version) dom0 are vulnerable (bnc#1179508).\n - CVE-2020-29569: The Linux kernel PV block backend expects the kernel\n thread handler to reset ring->xenblkd to NULL when stopped. However, the\n handler may not have time to run if the frontend quickly toggles between\n the states connect and disconnect. As a consequence, the block backend\n may re-use a pointer after it was freed. A misbehaving guest can trigger\n a dom0 crash by continuously connecting / disconnecting a block\n frontend. Privilege escalation and information leaks cannot be ruled\n out. This only affects systems with a Linux blkback (bnc#1179509).\n - CVE-2020-25639: Bail out of nouveau_channel_new if channel init fails\n (bsc#1176846).\n - CVE-2020-28374: In drivers/target/target_core_xcopy.c insufficient\n identifier checking in the LIO SCSI target code can be used by remote\n attackers to read or write files via directory traversal in an XCOPY\n request, aka CID-2896c93811e3. For example, an attack can occur over a\n network if the attacker has access to one iSCSI LUN. The attacker gains\n control over file access because I/O operations are proxied via an\n attacker-selected backstore (bnc#1178372 1180676).\n - CVE-2020-36158: mwifiex_cmd_802_11_ad_hoc_start in\n drivers/net/wireless/marvell/mwifiex/join.c might allow remote attackers\n to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332\n (bnc#1180559).\n - CVE-2020-27825: A use-after-free flaw was found in\n kernel/trace/ring_buffer.c. There was a race problem in trace_open and\n resize of cpu buffer running parallely on different cpus, may cause a\n denial of service problem (DOS). This flaw could even allow a local\n attacker with special user privilege to a kernel information leak threat\n (bnc#1179960).\n - CVE-2020-0466: In do_epoll_ctl and ep_loop_check_proc of eventpoll.c,\n there is a possible use after free due to a logic error. This could lead\n to local escalation of privilege with no additional execution privileges\n needed. User interaction is not needed for exploitation (bnc#1180031).\n - CVE-2020-27068: In the nl80211_policy policy of nl80211.c, there is a\n possible out of bounds read due to a missing bounds check. This could\n lead to local information disclosure with System execution privileges\n needed. User interaction is not required for exploitation (bnc#1180086).\n - CVE-2020-0465: In various methods of hid-multitouch.c, there is a\n possible out of bounds write due to a missing bounds check. This could\n lead to local escalation of privilege with no additional execution\n privileges needed. User interaction is not needed for exploitation\n (bnc#1180029).\n - CVE-2020-0444: In audit_free_lsm_field of auditfilter.c, there is a\n possible bad kfree due to a logic error in audit_data_to_entry. This\n could lead to local escalation of privilege with no additional execution\n privileges needed. User interaction is not needed for exploitation\n (bnc#1180027).\n - CVE-2020-29660: A locking inconsistency issue was discovered in the tty\n subsystem of the Linux kernel drivers/tty/tty_io.c and\n drivers/tty/tty_jobctrl.c may have allowed a read-after-free attack\n against TIOCGSID, aka CID-c8bcd9c5be24 (bnc#1179745).\n - CVE-2020-29661: A locking issue was discovered in the tty subsystem of\n the Linux kernel drivers/tty/tty_jobctrl.c allowed a use-after-free\n attack against TIOCSPGRP, aka CID-54ffccbf053b (bnc#1179745).\n - CVE-2020-27777: A flaw was found in the way RTAS handled memory accesses\n in userspace to kernel communication. On a locked down (usually due to\n Secure Boot) guest system running on top of PowerVM or KVM hypervisors\n (pseries platform) a root like local user could use this flaw to further\n increase their privileges to that of a running kernel (bnc#1179107).\n - CVE-2020-11668: In the Linux kernel before 5.6.1,\n drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB\n driver) mishandled invalid descriptors, aka CID-a246b4d54770\n (bnc#1168952).\n - CVE-2019-20934: An issue was discovered in the Linux kernel On NUMA\n systems, the Linux fair scheduler has a use-after-free in\n show_numa_stats() because NUMA fault statistics are inappropriately\n freed, aka CID-16d51a590a8c (bnc#1179663).\n - CVE-2020-27786: A flaw was found in the Linux kernels implementation of\n MIDI, where an attacker with a local account and the permissions to\n issue an ioctl commands to midi devices, could trigger a use-after-free.\n A write to this specific memory while freed and before use could cause\n the flow of execution to change and possibly allow for memory corruption\n or privilege escalation (bnc#1179601).\n - CVE-2020-4788: IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could\n allow a local user to obtain sensitive information from the data in the\n L1 cache under extenuating circumstances. IBM X-Force ID: 189296\n (bnc#1177666).\n\n The following non-security bugs were fixed:\n\n - ACPI: PNP: compare the string length in the matching_id() (git-fixes).\n - ACPICA: Disassembler: create buffer fields in ACPI_PARSE_LOAD_PASS1\n (git-fixes).\n - ACPICA: Do not increment operation_region reference counts for field\n units (git-fixes).\n - ALSA: ca0106: fix error code handling (git-fixes).\n - ALSA: ctl: allow TLV read operation for callback type of element in\n locked case (git-fixes).\n - ALSA: hda - Fix silent audio output and corrupted input on MSI X570-A\n PRO (git-fixes).\n - ALSA: hda/ca0132 - Change Input Source enum strings (git-fixes).\n - ALSA: hda/ca0132 - Fix AE-5 rear headphone pincfg (git-fixes).\n - ALSA: hda/generic: Add option to enforce preferred_dacs pairs\n (git-fixes).\n - ALSA: hda/hdmi: always check pin power status in i915 pin fixup\n (git-fixes).\n - ALSA: hda/realtek - Add new codec supported for ALC897 (git-fixes).\n - ALSA: hda/realtek - Couldn't detect Mic if booting with headset plugged\n (git-fixes).\n - ALSA: hda/realtek - Enable headset mic of ASUS Q524UQK with ALC255\n (git-fixes).\n - ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model\n (git-fixes).\n - ALSA: hda/realtek: Add some Clove SSID in the ALC293(ALC1220)\n (git-fixes).\n - ALSA: hda/realtek: Enable front panel headset LED on Lenovo ThinkStation\n P520 (git-fixes).\n - ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294\n (git-fixes).\n - ALSA: hda/via: Fix runtime PM for Clevo W35xSS (git-fixes).\n - ALSA: hda: Add NVIDIA codec IDs 9a & 9d through a0 to patch table\n (git-fixes).\n - ALSA: hda: Fix potential race in unsol event handler (git-fixes).\n - ALSA: hda: Fix regressions on clear and reconfig sysfs (git-fixes).\n - ALSA: info: Drop WARN_ON() from buffer NULL sanity check (git-fixes).\n - ALSA: isa/wavefront: prevent out of bounds write in ioctl (git-fixes).\n - ALSA: line6: Perform sanity check for each URB creation (git-fixes).\n - ALSA: pcm: Clear the full allocated memory at hw_params (git-fixes).\n - ALSA: pcm: oss: Fix a few more UBSAN fixes (git-fixes).\n - ALSA: pcm: oss: Fix potential out-of-bounds shift (git-fixes).\n - ALSA: pcm: oss: Remove superfluous WARN_ON() for mulaw sanity check\n (git-fixes).\n - ALSA: timer: Limit max amount of slave instances (git-fixes).\n - ALSA: usb-audio: Add delay quirk for H570e USB headsets (git-fixes).\n - ALSA: usb-audio: Add delay quirk for all Logitech USB devices\n (git-fixes).\n - ALSA: usb-audio: Add implicit feedback quirk for MODX (git-fixes).\n - ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (git-fixes).\n - ALSA: usb-audio: Add implicit feedback quirk for Zoom UAC-2 (git-fixes).\n - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Alpha\n S (git-fixes).\n - ALSA: usb-audio: Add registration quirk for Kingston HyperX Cloud Flight\n S (git-fixes).\n - ALSA: usb-audio: Disable sample read check if firmware does not give\n back (git-fixes).\n - ALSA: usb-audio: Fix OOB access of mixer element list (git-fixes).\n - ALSA: usb-audio: Fix control 'access overflow' errors from chmap\n (git-fixes).\n - ALSA: usb-audio: Fix potential out-of-bounds shift (git-fixes).\n - ALSA: usb-audio: Fix race against the error recovery URB submission\n (git-fixes).\n - ALSA: usb-audio: US16x08: fix value count for level meters (git-fixes).\n - ALSA: usb-audio: add quirk for Denon DCD-1500RE (git-fixes).\n - ALSA: usb-audio: add quirk for Samsung USBC Headset (AKG) (git-fixes).\n - ALSA: usb-audio: add usb vendor id as DSD-capable for Khadas devices\n (git-fixes).\n - ASoC: arizona: Fix a wrong free in wm8997_probe (git-fixes).\n - ASoC: cx2072x: Fix doubly definitions of Playback and Capture streams\n (git-fixes).\n - ASoC: fsl_asrc_dma: Fix dma_chan leak when config DMA channel failed\n (git-fixes).\n - ASoC: jz4740-i2s: add missed checks for clk_get() (git-fixes).\n - ASoC: pcm3168a: The codec does not support S32_LE (git-fixes).\n - ASoC: pcm: DRAIN support reactivation (git-fixes).\n - ASoC: rt5677: Mark reg RT5677_PWR_ANLG2 as volatile (git-fixes).\n - ASoC: sti: fix possible sleep-in-atomic (git-fixes).\n - ASoC: wm8904: fix regcache handling (git-fixes).\n - ASoC: wm8998: Fix PM disable depth imbalance on error (git-fixes).\n - ASoC: wm_adsp: Do not generate kcontrols without READ flags (git-fixes).\n - ASoC: wm_adsp: remove \"ctl\" from list on error in\n wm_adsp_create_control() (git-fixes).\n - Avoid a GCC warning about \"/*\" within a comment.\n - Bluetooth: Fix advertising duplicated flags (git-fixes).\n - Bluetooth: Fix null pointer dereference in hci_event_packet()\n (git-fixes).\n - Bluetooth: Fix slab-out-of-bounds read in hci_le_direct_adv_report_evt()\n (git-fixes).\n - Bluetooth: add a mutex lock to avoid UAF in do_enale_set (git-fixes).\n - Bluetooth: btusb: Fix detection of some fake CSR controllers with a\n bcdDevice val of 0x0134 (git-fixes).\n - Drop a backported uvcvideo patch that caused a regression (bsc#1180117)\n Also blacklisting the commit\n - EDAC/amd64: Fix PCI component registration (bsc#1112178).\n - HID: Add another Primax PIXART OEM mouse quirk (git-fixes).\n - HID: Fix slab-out-of-bounds read in hid_field_extract (bsc#1180052).\n - HID: Improve Windows Precision Touchpad detection (git-fixes).\n - HID: apple: Disable Fn-key key-re-mapping on clone keyboards (git-fixes).\n - HID: core: Correctly handle ReportSize being zero (git-fixes).\n - HID: core: check whether Usage Page item is after Usage ID items\n (git-fixes).\n - HID: cypress: Support Varmilo Keyboards' media hotkeys (git-fixes).\n - HID: hid-sensor-hub: Fix issue with devices with no report ID\n (git-fixes).\n - HID: intel-ish-hid: fix wrong error handling in ishtp_cl_alloc_tx_ring()\n (git-fixes).\n - HID: logitech-hidpp: Silence intermittent get_battery_capacity errors\n (git-fixes).\n - HSI: omap_ssi: Do not jump to free ID in ssi_add_controller()\n (git-fixes).\n - Input: ads7846 - fix integer overflow on Rt calculation (git-fixes).\n - Input: ads7846 - fix race that causes missing releases (git-fixes).\n - Input: ads7846 - fix unaligned access on 7845 (git-fixes).\n - Input: atmel_mxt_ts - disable IRQ across suspend (git-fixes).\n - Input: cm109 - do not stomp on control URB (git-fixes).\n - Input: cros_ec_keyb - send 'scancodes' in addition to key events\n (git-fixes).\n - Input: cyapa_gen6 - fix out-of-bounds stack access (git-fixes).\n - Input: goodix - add upside-down quirk for Teclast X98 Pro tablet\n (git-fixes).\n - Input: i8042 - add Acer laptops to the i8042 reset list (git-fixes).\n - Input: i8042 - add ByteSpeed touchpad to noloop table (git-fixes).\n - Input: i8042 - add Entroware Proteus EL07R4 to nomux and reset lists\n (git-fixes).\n - Input: i8042 - allow insmod to succeed on devices without an i8042\n controller (git-fixes).\n - Input: i8042 - fix error return code in i8042_setup_aux() (git-fixes).\n - Input: omap4-keypad - fix runtime PM error handling (git-fixes).\n - Input: synaptics - enable InterTouch for ThinkPad X1E 1st gen\n (git-fixes).\n - Input: trackpoint - add new trackpoint variant IDs (git-fixes).\n - Input: trackpoint - enable Synaptics trackpoints (git-fixes).\n - Input: xpad - support Ardwiino Controllers (git-fixes).\n - KVM: x86: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits\n (bsc#1112178).\n - NFC: st95hf: Fix memleak in st95hf_in_send_cmd (git-fixes).\n - NFS: fix nfs_path in case of a rename retry (git-fixes).\n - NFSD: Add missing NFSv2 .pc_func methods (git-fixes).\n - NFSv4.2: fix client's attribute cache management for copy_file_range\n (git-fixes).\n - NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag\n (git-fixes).\n - PCI/ASPM: Allow ASPM on links to PCIe-to-PCI/PCI-X Bridges (git-fixes).\n - PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge\n (git-fixes).\n - PCI: Do not disable decoding when mmio_always_on is set (git-fixes).\n - PCI: Fix pci_slot_release() NULL pointer dereference (git-fixes).\n - PM / hibernate: memory_bm_find_bit(): Tighten node optimisation\n (git-fixes).\n - PM: ACPI: Output correct message on target power state (git-fixes).\n - PM: hibernate: Freeze kernel threads in software_resume() (git-fixes).\n - PM: hibernate: remove the bogus call to get_gendisk() in\n software_resume() (git-fixes).\n - Revert \"ACPI / resources: Use AE_CTRL_TERMINATE to terminate resources\n walks\" (git-fixes).\n - Revert \"ALSA: hda - Fix silent audio output and corrupted input on MSI\n X570-A PRO\" (git-fixes).\n - Revert \"PM / devfreq: Modify the device name as devfreq(X) for sysfs\"\n (git-fixes).\n - Revert \"device property: Keep secondary firmware node secondary by type\"\n (git-fixes).\n - Revert \"platform/x86: wmi: Destroy on cleanup rather than unregister\"\n (git-fixes).\n - Revert \"powerpc/pseries/hotplug-cpu: Remove double free in error path\"\n (bsc#1065729).\n - Revert \"serial: amba-pl011: Make sure we initialize the port.lock\n spinlock\" (git-fixes).\n - SMB3: Honor 'handletimeout' flag for multiuser mounts (bsc#1176558).\n - SMB3: Honor 'posix' flag for multiuser mounts (bsc#1176559).\n - SMB3: Honor lease disabling for multiuser mounts (git-fixes).\n - SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment()\n (git-fixes).\n - SUNRPC: The RDMA back channel mustn't disappear while requests are\n outstanding (git-fixes).\n - USB: Fix: Do not skip endpoint descriptors with maxpacket=0 (git-fixes).\n - USB: Skip endpoints with 0 maxpacket length (git-fixes).\n - USB: UAS: introduce a quirk to set no_write_same (git-fixes).\n - USB: add RESET_RESUME quirk for Snapscan 1212 (git-fixes).\n - USB: dummy-hcd: Fix uninitialized array use in init() (git-fixes).\n - USB: gadget: f_acm: add support for SuperSpeed Plus (git-fixes).\n - USB: gadget: f_midi: setup SuperSpeed Plus descriptors (git-fixes).\n - USB: gadget: f_rndis: fix bitrate for SuperSpeed and above (git-fixes).\n - USB: gadget: legacy: fix return error code in acm_ms_bind() (git-fixes).\n - USB: ldusb: use unsigned size format specifiers (git-fixes).\n - USB: serial: ch341: add new Product ID for CH341A (git-fixes).\n - USB: serial: ch341: sort device-id entries (git-fixes).\n - USB: serial: digi_acceleport: clean up modem-control handling\n (git-fixes).\n - USB: serial: digi_acceleport: clean up set_termios (git-fixes).\n - USB: serial: digi_acceleport: fix write-wakeup deadlocks (git-fixes).\n - USB: serial: digi_acceleport: remove in_interrupt() usage.\n - USB: serial: digi_acceleport: remove redundant assignment to pointer\n priv (git-fixes).\n - USB: serial: digi_acceleport: rename tty flag variable (git-fixes).\n - USB: serial: digi_acceleport: use irqsave() in USB's complete callback\n (git-fixes).\n - USB: serial: iuu_phoenix: fix DMA from stack (git-fixes).\n - USB: serial: keyspan_pda: fix dropped unthrottle interrupts (git-fixes).\n - USB: serial: keyspan_pda: fix stalled writes (git-fixes).\n - USB: serial: keyspan_pda: fix tx-unthrottle use-after-free (git-fixes).\n - USB: serial: keyspan_pda: fix write deadlock (git-fixes).\n - USB: serial: keyspan_pda: fix write unthrottling (git-fixes).\n - USB: serial: keyspan_pda: fix write-wakeup use-after-free (git-fixes).\n - USB: serial: kl5kusb105: fix memleak on open (git-fixes).\n - USB: serial: mos7720: fix parallel-port state restore (git-fixes).\n - USB: serial: option: add Fibocom NL668 variants (git-fixes).\n - USB: serial: option: add interface-number sanity check to flag handling\n (git-fixes).\n - USB: serial: option: add support for Thales Cinterion EXS82 (git-fixes).\n - USB: serial: option: fix Quectel BG96 matching (git-fixes).\n - USB: xhci: fix U1/U2 handling for hardware with XHCI_INTEL_HOST quirk\n set (git-fixes).\n - USB: yurex: fix control-URB timeout handling (git-fixes).\n - ata/libata: Fix usage of page address by page_address in\n ata_scsi_mode_select_xlat function (git-fixes).\n - ath10k: Fix an error handling path (git-fixes).\n - ath10k: Release some resources in an error handling path (git-fixes).\n - ath10k: Remove msdu from idr when management pkt send fails (git-fixes).\n - ath10k: fix backtrace on coredump (git-fixes).\n - ath10k: fix get invalid tx rate for Mesh metric (git-fixes).\n - ath10k: fix offchannel tx failure when no ath10k_mac_tx_frm_has_freq\n (git-fixes).\n - ath6kl: fix enum-conversion warning (git-fixes).\n - ath9k_htc: Discard undersized packets (git-fixes).\n - ath9k_htc: Modify byte order for an error message (git-fixes).\n - ath9k_htc: Silence undersized packet warnings (git-fixes).\n - ath9k_htc: Use appropriate rs_datalen type (git-fixes).\n - backlight: lp855x: Ensure regulators are disabled on probe failure\n (git-fixes).\n - btmrvl: Fix firmware filename for sd8997 chipset (bsc#1172694).\n - btrfs: fix use-after-free on readahead extent after failure to create it\n (bsc#1179963).\n - btrfs: qgroup: do not commit transaction when we already hold the handle\n (bsc#1178634).\n - btrfs: qgroup: do not try to wait flushing if we're already holding a\n transaction (bsc#1179575).\n - btrfs: remove a BUG_ON() from merge_reloc_roots() (bsc#1174784).\n - bus: fsl-mc: fix error return code in fsl_mc_object_allocate()\n (git-fixes).\n - can: mcp251x: add error check when wq alloc failed (git-fixes).\n - can: softing: softing_netdev_open(): fix error handling (git-fixes).\n - cfg80211: initialize rekey_data (git-fixes).\n - cfg80211: regulatory: Fix inconsistent format argument (git-fixes).\n - cifs: add NULL check for ses->tcon_ipc (bsc#1178270).\n - cifs: allow syscalls to be restarted in __smb_send_rqst() (bsc#1176956).\n - cifs: fix check of tcon dfs in smb1 (bsc#1178270).\n - cifs: fix potential use-after-free in cifs_echo_request() (bsc#1139944).\n - cirrus: cs89x0: remove set but not used variable 'lp' (git-fixes).\n - cirrus: cs89x0: use devm_platform_ioremap_resource() to simplify code\n (git-fixes).\n - clk: at91: usb: continue if clk_hw_round_rate() return zero (git-fixes).\n - clk: mvebu: a3700: fix the XTAL MODE pin to MPP1_9 (git-fixes).\n - clk: qcom: Allow constant ratio freq tables for rcg (git-fixes).\n - clk: qcom: msm8916: Fix the address location of pll->config_reg\n (git-fixes).\n - clk: s2mps11: Fix a resource leak in error handling paths in the probe\n function (git-fixes).\n - clk: samsung: exynos5433: Add IGNORE_UNUSED flag to sclk_i2s1\n (git-fixes).\n - clk: sunxi-ng: Make sure divider tables have sentinel (git-fixes).\n - clk: tegra: Fix Tegra PMC clock out parents (git-fixes).\n - clk: tegra: Fix duplicated SE clock entry (git-fixes).\n - clk: ti: Fix memleak in ti_fapll_synth_setup (git-fixes).\n - clk: ti: composite: fix memory leak (git-fixes).\n - clk: ti: dra7-atl-clock: Remove ti_clk_add_alias call (git-fixes).\n - clocksource/drivers/asm9260: Add a check for of_clk_get (git-fixes).\n - coredump: fix core_pattern parse error (git-fixes).\n - cpufreq: highbank: Add missing MODULE_DEVICE_TABLE (git-fixes).\n - cpufreq: loongson1: Add missing MODULE_ALIAS (git-fixes).\n - cpufreq: scpi: Add missing MODULE_ALIAS (git-fixes).\n - cpufreq: st: Add missing MODULE_DEVICE_TABLE (git-fixes).\n - crypto: af_alg - avoid undefined behavior accessing salg_name\n (git-fixes).\n - crypto: omap-aes - Fix PM disable depth imbalance in omap_aes_probe\n (git-fixes).\n - crypto: qat - fix status check in qat_hal_put_rel_rd_xfer() (git-fixes).\n - crypto: talitos - Fix return type of current_desc_hdr() (git-fixes).\n - cw1200: fix missing destroy_workqueue() on error in cw1200_init_common\n (git-fixes).\n - dmaengine: xilinx_dma: check dma_async_device_register return value\n (git-fixes).\n - dmaengine: xilinx_dma: fix mixed_enum_type coverity warning (git-fixes).\n - docs: Fix reST markup when linking to sections (git-fixes).\n - drivers: base: Fix NULL pointer exception in __platform_driver_probe()\n if a driver developer is foolish (git-fixes).\n - drivers: soc: ti: knav_qmss_queue: Fix error return code in\n knav_queue_probe (git-fixes).\n - drm/amd/display: remove useless if/else (git-fixes).\n - drm/amdgpu: fix build_coefficients() argument (git-fixes).\n - drm/dp_aux_dev: check aux_dev before use in\n drm_dp_aux_dev_get_by_minor() (git-fixes).\n - drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[]\n (bsc#1129770)\n - drm/gma500: fix double free of gma_connector (git-fixes).\n - drm/meson: dw-hdmi: Register a callback to disable the regulator\n (git-fixes).\n - drm/msm/dpu: Add newline to printks (git-fixes).\n - drm/msm/dsi_phy_10nm: implement PHY disabling (git-fixes).\n - drm/omap: dmm_tiler: fix return error code in omap_dmm_probe()\n (git-fixes).\n - drm/rockchip: Avoid uninitialized use of endpoint id in LVDS (git-fixes).\n - epoll: Keep a reference on files added to the check list (bsc#1180031).\n - ethernet: ucc_geth: fix use-after-free in ucc_geth_remove() (git-fixes).\n - ext4: correctly report \"not supported\" for {usr,grp}jquota when\n !CONFIG_QUOTA (bsc#1179672).\n - ext4: fix bogus warning in ext4_update_dx_flag() (bsc#1179716).\n - ext4: fix error handling code in add_new_gdb (bsc#1179722).\n - ext4: fix invalid inode checksum (bsc#1179723).\n - ext4: fix leaking sysfs kobject after failed mount (bsc#1179670).\n - ext4: limit entries returned when counting fsmap records (bsc#1179671).\n - ext4: unlock xattr_sem properly in ext4_inline_data_truncate()\n (bsc#1179673).\n - extcon: max77693: Fix modalias string (git-fixes).\n - fbcon: Fix user font detection test at fbcon_resize(). (bsc#1112178)\n - fbcon: Remove the superfluous break (bsc#1129770)\n - firmware: qcom: scm: Ensure 'a0' status code is treated as signed\n (git-fixes).\n - fix regression in \"epoll: Keep a reference on files added to the check\n list\" (bsc#1180031, git-fixes).\n - forcedeth: use per cpu to collect xmit/recv statistics (git-fixes).\n - fs: Do not invalidate page buffers in block_write_full_page()\n (bsc#1179711).\n - geneve: change from tx_error to tx_dropped on missing metadata\n (git-fixes).\n - genirq/irqdomain: Add an irq_create_mapping_affinity() function\n (bsc#1065729).\n - gpio: arizona: handle pm_runtime_get_sync failure case (git-fixes).\n - gpio: gpio-grgpio: fix possible sleep-in-atomic-context bugs in\n grgpio_irq_map/unmap() (git-fixes).\n - gpio: max77620: Add missing dependency on GPIOLIB_IRQCHIP (git-fixes).\n - gpio: max77620: Fixup debounce delays (git-fixes).\n - gpio: max77620: Use correct unit for debounce times (git-fixes).\n - gpio: mpc8xxx: Add platform device to gpiochip->parent (git-fixes).\n - gpio: mvebu: fix potential user-after-free on probe (git-fixes).\n - gpiolib: acpi: Add honor_wakeup module-option + quirk mechanism\n (git-fixes).\n - gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 BYT + AXP288\n model (git-fixes).\n - gpiolib: acpi: Add quirk to ignore EC wakeups on HP x2 10 CHT + AXP288\n model (git-fixes).\n - gpiolib: acpi: Correct comment for HP x2 10 honor_wakeup quirk\n (git-fixes).\n - gpiolib: acpi: Rework honor_wakeup option into an ignore_wake option\n (git-fixes).\n - gpiolib: acpi: Turn dmi_system_id table into a generic quirk table\n (git-fixes).\n - gpiolib: fix up emulated open drain outputs (git-fixes).\n - hwmon: (aspeed-pwm-tacho) Avoid possible buffer overflow (git-fixes).\n - hwmon: (jc42) Fix name to have no illegal characters (git-fixes).\n - i2c: algo: pca: Reapply i2c bus settings after reset (git-fixes).\n - i2c: i801: Fix resume bug (git-fixes).\n - i2c: piix4: Detect secondary SMBus controller on AMD AM4 chipsets\n (git-fixes).\n - i2c: pxa: clear all master action bits in i2c_pxa_stop_message()\n (git-fixes).\n - i2c: pxa: fix i2c_pxa_scream_blue_murder() debug output (git-fixes).\n - i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc()\n (git-fixes).\n - ibmvnic: add some debugs (bsc#1179896 ltc#190255).\n - ibmvnic: avoid memset null scrq msgs (bsc#1044767 ltc#155231 git-fixes).\n - ibmvnic: continue fatal error reset after passive init (bsc#1171078\n ltc#184239 git-fixes).\n - ibmvnic: delay next reset if hard reset fails (bsc#1094840 ltc#167098\n git-fixes).\n - ibmvnic: enhance resetting status check during module exit (bsc#1065729).\n - ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues\n (bsc#1040855 ltc#155067 git-fixes).\n - ibmvnic: fix call_netdevice_notifiers in do_reset (bsc#1115431\n ltc#171853 git-fixes).\n - ibmvnic: fix: NULL pointer dereference (bsc#1044767 ltc#155231\n git-fixes).\n - ibmvnic: notify peers when failover and migration happen (bsc#1044120\n ltc#155423 git-fixes).\n - ibmvnic: restore adapter state on failed reset (bsc#1152457 ltc#174432\n git-fixes).\n - iio: adc: max1027: Reset the device at probe time (git-fixes).\n - iio: adc: rockchip_saradc: fix missing clk_disable_unprepare() on error\n in rockchip_saradc_resume (git-fixes).\n - iio: bmp280: fix compensation of humidity (git-fixes).\n - iio: buffer: Fix demux update (git-fixes).\n - iio: dac: ad5592r: fix unbalanced mutex unlocks in ad5592r_read_raw()\n (git-fixes).\n - iio: fix center temperature of bmc150-accel-core (git-fixes).\n - iio: humidity: hdc100x: fix IIO_HUMIDITYRELATIVE channel reporting\n (git-fixes).\n - iio: light: bh1750: Resolve compiler warning and make code more readable\n (git-fixes).\n - iio: srf04: fix wrong limitation in distance measuring (git-fixes).\n - iio:imu:bmi160: Fix too large a buffer (git-fixes).\n - iio:pressure:mpl3115: Force alignment of buffer (git-fixes).\n - inet_ecn: Fix endianness of checksum update when setting ECT(1)\n (git-fixes).\n - ipw2x00: Fix -Wcast-function-type (git-fixes).\n - irqchip/alpine-msi: Fix freeing of interrupts on allocation error path\n (git-fixes).\n - iwlwifi: mvm: fix kernel panic in case of assert during CSA (git-fixes).\n - iwlwifi: mvm: fix unaligned read of rx_pkt_status (git-fixes).\n - iwlwifi: pcie: limit memory read spin time (git-fixes).\n - kABI fix for g2d (git-fixes).\n - kABI workaround for HD-audio generic parser (git-fixes).\n - kABI workaround for dsa/b53 changes (git-fixes).\n - kABI workaround for net/ipvlan changes (git-fixes).\n - kABI: ath10k: move a new structure member to the end (git-fixes).\n - kABI: genirq: add back irq_create_mapping (bsc#1065729).\n - kernel-source.spec: Fix build with rpm 4.16 (boo#1179015).\n - kernel-{binary,source}.spec.in: do not create loop symlinks (bsc#1179082)\n - kgdb: Fix spurious true from in_dbg_master() (git-fixes).\n - mac80211: Check port authorization in the ieee80211_tx_dequeue() case\n (git-fixes).\n - mac80211: allow rx of mesh eapol frames with default rx key (git-fixes).\n - mac80211: do not set set TDLS STA bandwidth wider than possible\n (git-fixes).\n - mac80211: fix authentication with iwlwifi/mvm (git-fixes).\n - mac80211: fix use of skb payload instead of header (git-fixes).\n - mac80211: mesh: fix mesh_pathtbl_init() error path (git-fixes).\n - matroxfb: avoid -Warray-bounds warning (git-fixes).\n - md-cluster: fix rmmod issue when md_cluster convert bitmap to none\n (bsc#1163727).\n - md-cluster: fix safemode_delay value when converting to clustered bitmap\n (bsc#1163727).\n - md-cluster: fix wild pointer of unlock_all_bitmaps() (bsc#1163727).\n - md/bitmap: fix memory leak of temporary bitmap (bsc#1163727).\n - md/bitmap: md_bitmap_get_counter returns wrong blocks (bsc#1163727).\n - md/bitmap: md_bitmap_read_sb uses wrong bitmap blocks (bsc#1163727).\n - md/cluster: block reshape with remote resync job (bsc#1163727).\n - md/cluster: fix deadlock when node is doing resync job (bsc#1163727).\n - md/raid5: fix oops during stripe resizing (git-fixes).\n - media: am437x-vpfe: Setting STD to current value is not an error\n (git-fixes).\n - media: cec-funcs.h: add status_req checks (git-fixes).\n - media: cx88: Fix some error handling path in 'cx8800_initdev()'\n (git-fixes).\n - media: gp8psk: initialize stats at power control logic (git-fixes).\n - media: gspca: Fix memory leak in probe (git-fixes).\n - media: i2c: mt9v032: fix enum mbus codes and frame sizes (git-fixes).\n - media: i2c: ov2659: Fix missing 720p register config (git-fixes).\n - media: i2c: ov2659: fix s_stream return value (git-fixes).\n - media: msi2500: assign SPI bus number dynamically (git-fixes).\n - media: mtk-mdp: Fix a refcounting bug on error in init (git-fixes).\n - media: mtk-vcodec: add missing put_device() call in\n mtk_vcodec_release_dec_pm() (git-fixes).\n - media: platform: add missing put_device() call in mtk_jpeg_probe() and\n mtk_jpeg_remove() (git-patches).\n - media: pvrusb2: Fix oops on tear-down when radio support is not present\n (git-fixes).\n - media: s5p-g2d: Fix a memory leak in an error handling path in\n 'g2d_probe()' (git-fixes).\n - media: saa7146: fix array overflow in vidioc_s_audio() (git-fixes).\n - media: si470x-i2c: add missed operations in remove (git-fixes).\n - media: siano: fix memory leak of debugfs members in smsdvb_hotplug\n (git-fixes).\n - media: solo6x10: fix missing snd_card_free in error handling case\n (git-fixes).\n - media: sti: bdisp: fix a possible sleep-in-atomic-context bug in\n bdisp_device_run() (git-fixes).\n - media: sunxi-cir: ensure IR is handled when it is continuous (git-fixes).\n - media: ti-vpe: vpe: Make sure YUYV is set as default format (git-fixes).\n - media: ti-vpe: vpe: ensure buffers are cleaned up properly in abort\n cases (git-fixes).\n - media: ti-vpe: vpe: fix a v4l2-compliance failure about frame sequence\n number (git-fixes).\n - media: ti-vpe: vpe: fix a v4l2-compliance failure about invalid\n sizeimage (git-fixes).\n - media: ti-vpe: vpe: fix a v4l2-compliance failure causing a kernel panic\n (git-fixes).\n - media: ti-vpe: vpe: fix a v4l2-compliance warning about invalid pixel\n format (git-fixes).\n - media: uvcvideo: Set media controller entity functions (git-fixes).\n - media: uvcvideo: Silence shift-out-of-bounds warning (git-fixes).\n - media: v4l2-async: Fix trivial documentation typo (git-fixes).\n - media: v4l2-core: fix touch support in v4l_g_fmt (git-fixes).\n - media: v4l2-device.h: Explicitly compare grp{id,mask} to zero in\n v4l2_device macros (git-fixes).\n - mei: bus: do not clean driver pointer (git-fixes).\n - mei: protect mei_cl_mtu from null dereference (git-fixes).\n - memstick: fix a double-free bug in memstick_check (git-fixes).\n - memstick: r592: Fix error return in r592_probe() (git-fixes).\n - mfd: rt5033: Fix errorneous defines (git-fixes).\n - mfd: wm8994: Fix driver operation if loaded as modules (git-fixes).\n - misc: vmw_vmci: fix kernel info-leak by initializing dbells in\n vmci_ctx_get_chkpt_doorbells() (git-fixes).\n - mm,memory_failure: always pin the page in madvise_inject_error\n (bsc#1180258).\n - mm/userfaultfd: do not access vma->vm_mm after calling\n handle_userfault() (bsc#1179204).\n - mm: do not wake kswapd prematurely when watermark boosting is disabled\n (git fixes (mm/vmscan)).\n - mwifiex: fix mwifiex_shutdown_sw() causing sw reset failure (git-fixes).\n - net/smc: fix valid DMBE buffer sizes (git-fixes).\n - net/x25: prevent a couple of overflows (bsc#1178590).\n - net: aquantia: Fix aq_vec_isr_legacy() return value (git-fixes).\n - net: aquantia: fix LRO with FCS error (git-fixes).\n - net: bcmgenet: reapply manual settings to the PHY (git-fixes).\n - net: broadcom/bcmsysport: Fix signedness in bcm_sysport_probe()\n (git-fixes).\n - net: dsa: b53: Always use dev->vlan_enabled in b53_configure_vlan()\n (git-fixes).\n - net: dsa: b53: Ensure the default VID is untagged (git-fixes).\n - net: dsa: b53: Fix default VLAN ID (git-fixes).\n - net: dsa: b53: Properly account for VLAN filtering (git-fixes).\n - net: dsa: bcm_sf2: Do not assume DSA master supports WoL (git-fixes).\n - net: dsa: bcm_sf2: potential array overflow in bcm_sf2_sw_suspend()\n (git-fixes).\n - net: dsa: qca8k: remove leftover phy accessors (git-fixes).\n - net: ethernet: stmmac: Fix signedness bug in ipq806x_gmac_of_parse()\n (git-fixes).\n - net: ethernet: ti: cpsw: clear all entries when delete vid (git-fixes).\n - net: ethernet: ti: cpsw: fix runtime_pm while add/kill vlan (git-fixes).\n - net: hisilicon: Fix signedness bug in hix5hd2_dev_probe() (git-fixes).\n - net: macb: add missing barriers when reading descriptors (git-fixes).\n - net: macb: fix dropped RX frames due to a race (git-fixes).\n - net: macb: fix error format in dev_err() (git-fixes).\n - net: macb: fix random memory corruption on RX with 64-bit DMA\n (git-fixes). - blacklist.conf:\n - net: pasemi: fix an use-after-free in pasemi_mac_phy_init() (git-fixes).\n - net: phy: Avoid multiple suspends (git-fixes).\n - net: phy: micrel: Discern KSZ8051 and KSZ8795 PHYs (git-fixes).\n - net: phy: micrel: make sure the factory test bit is cleared (git-fixes).\n - net: qca_spi: Move reset_count to struct qcaspi (git-fixes).\n - net: seeq: Fix the function used to release some memory in an error\n handling path (git-fixes).\n - net: sh_eth: fix a missing check of of_get_phy_mode (git-fixes).\n - net: sonic: replace dev_kfree_skb in sonic_send_packet (git-fixes).\n - net: sonic: return NETDEV_TX_OK if failed to map buffer (git-fixes).\n - net: stmmac: Fix reception of Broadcom switches tags (git-fixes).\n - net: stmmac: dwmac-meson8b: Fix signedness bug in probe (git-fixes).\n - net: stmmac: fix csr_clk can't be zero issue (git-fixes).\n - net: stmmac: fix length of PTP clock's name string (git-fixes).\n - net: stmmac: gmac4+: Not all Unicast addresses may be available\n (git-fixes).\n - net: usb: sr9800: fix uninitialized local variable (git-fixes).\n - net:ethernet:aquantia: Extra spinlocks removed (git-fixes).\n - nfc: s3fwrn5: Release the nfc firmware (git-fixes).\n - nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame\n (git-fixes).\n - ocfs2: fix unbalanced locking (bsc#1180506).\n - ocfs2: initialize ip_next_orphan (bsc#1179724).\n - orinoco: Move context allocation after processing the skb (git-fixes).\n - pNFS/flexfiles: Fix list corruption if the mirror count changes\n (git-fixes).\n - parport: load lowlevel driver if ports not found (git-fixes).\n - phy: Revert toggling reset changes (git-fixes).\n - pinctrl: amd: fix __iomem annotation in amd_gpio_irq_handler()\n (git-fixes).\n - pinctrl: amd: fix npins for uart0 in kerncz_groups (git-fixes).\n - pinctrl: amd: remove debounce filter setting in IRQ type setting\n (git-fixes).\n - pinctrl: baytrail: Avoid clearing debounce value when turning it off\n (git-fixes).\n - pinctrl: falcon: add missing put_device() call in pinctrl_falcon_probe()\n (git-fixes).\n - pinctrl: merrifield: Set default bias in case no particular value given\n (git-fixes).\n - pinctrl: sh-pfc: sh7734: Fix duplicate TCLK1_B (git-fixes).\n - platform/x86: acer-wmi: add automatic keyboard background light toggle\n key as KEY_LIGHTS_TOGGLE (git-fixes).\n - platform/x86: dell-smbios-base: Fix error return code in\n dell_smbios_init (git-fixes).\n - platform/x86: mlx-platform: Fix item counter assignment for MSN2700,\n MSN24xx systems (git-fixes).\n - platform/x86: mlx-platform: Remove PSU EEPROM from MSN274x platform\n configuration (git-fixes).\n - platform/x86: mlx-platform: Remove PSU EEPROM from default platform\n configuration (git-fixes).\n - platform/x86: mlx-platform: remove an unused variable (git-fixes).\n - power: supply: bq24190_charger: fix reference leak (git-fixes).\n - power: supply: bq27xxx_battery: Silence deferred-probe error (git-fixes).\n - powerpc/64: Set up a kernel stack for secondaries before cpu_restore()\n (bsc#1065729).\n - powerpc/64s/pseries: Fix hash tlbiel_all_isa300 for guest kernels\n (bsc#1179888 ltc#190253).\n - powerpc/64s: Fix hash ISA v3.0 TLBIEL instruction generation\n (bsc#1055117 ltc#159753 git-fixes bsc#1179888 ltc#190253).\n - powerpc/pci: Fix broken INTx configuration via OF (bsc#1172145\n ltc#184630).\n - powerpc/pci: Remove LSI mappings on device teardown (bsc#1172145\n ltc#184630).\n - powerpc/pci: Remove legacy debug code (bsc#1172145 ltc#184630 git-fixes).\n - powerpc/pci: Use of_irq_parse_and_map_pci() helper (bsc#1172145\n ltc#184630).\n - powerpc/perf: Add generic compat mode pmu driver (bsc#1178900\n ltc#189284).\n - powerpc/perf: Fix crash with is_sier_available when pmu is not set\n (bsc#1179578 ltc#189313).\n - powerpc/perf: Fix crashes with generic_compat_pmu & BHRB (bsc#1178900\n ltc#189284 git-fixes).\n - powerpc/perf: init pmu from core-book3s (bsc#1178900 ltc#189284).\n - powerpc/pseries/hibernation: remove redundant cacheinfo update\n (bsc#1138374 ltc#178199 git-fixes).\n - powerpc/pseries: Pass MSI affinity to irq_create_mapping() (bsc#1065729).\n - powerpc/smp: Add __init to init_big_cores() (bsc#1109695 ltc#171067\n git-fixes).\n - powerpc/xmon: Change printk() to pr_cont() (bsc#1065729).\n - powerpc: Convert to using %pOF instead of full_name (bsc#1172145\n ltc#184630).\n - powerpc: Fix incorrect stw{, ux, u, x} instructions in __set_pte_at\n (bsc#1065729).\n - ppp: remove the PPPIOCDETACH ioctl (git-fixes).\n - pwm: lp3943: Dynamically allocate PWM chip base (git-fixes).\n - quota: clear padding in v2r1_mem2diskdqb() (bsc#1179714).\n - radeon: insert 10ms sleep in dce5_crtc_load_lut (git-fixes).\n - ravb: Fix use-after-free ravb_tstamp_skb (git-fixes).\n - regmap: Remove duplicate `type` field from regmap `regcache_sync` trace\n event (git-fixes).\n - regmap: debugfs: check count when read regmap file (git-fixes).\n - regmap: dev_get_regmap_match(): fix string comparison (git-fixes).\n - regulator: max8907: Fix the usage of uninitialized variable in\n max8907_regulator_probe() (git-fixes).\n - regulator: pfuze100-regulator: Variable \"val\" in\n pfuze100_regulator_probe() could be uninitialized (git-fixes).\n - regulator: ti-abb: Fix timeout in\n ti_abb_wait_txdone/ti_abb_clear_all_txdone (git-fixes).\n - reiserfs: Fix oops during mount (bsc#1179715).\n - reiserfs: Initialize inode keys properly (bsc#1179713).\n - remoteproc: Fix wrong rvring index computation (git-fixes).\n - rfkill: Fix incorrect check to avoid NULL pointer dereference\n (git-fixes).\n - rpm/kernel-binary.spec.in: avoid using barewords (bsc#1179014)\n - rpm/kernel-binary.spec.in: avoid using more barewords (bsc#1179014)\n - rpm/kernel-binary.spec.in: use grep -E instead of egrep (bsc#1179045)\n - rpm/kernel-obs-build.spec.in: Add -q option to modprobe calls\n (bsc#1178401)\n - rpm/kernel-{source,binary}.spec: do not include ghost symlinks\n (boo#1179082).\n - rtc: 88pm860x: fix possible race condition (git-fixes).\n - rtc: hym8563: enable wakeup when applicable (git-fixes).\n - rtl8xxxu: fix RTL8723BU connection failure issue after warm reboot\n (git-fixes).\n - rtlwifi: fix memory leak in rtl92c_set_fw_rsvdpagepkt() (git-fixes).\n - s390/bpf: Fix multiple tail calls (git-fixes).\n - s390/cpuinfo: show processor physical address (git-fixes).\n - s390/cpum_sf.c: fix file permission for cpum_sfb_size (git-fixes).\n - s390/dasd: fix hanging device offline processing (bsc#1144912).\n - s390/dasd: fix null pointer dereference for ERP requests (git-fixes).\n - s390/pci: fix CPU address in MSI for directed IRQ (git-fixes).\n - s390/qeth: fix af_iucv notification race (git-fixes).\n - s390/qeth: fix tear down of async TX buffers (git-fixes).\n - s390/qeth: make af_iucv TX notification call more robust (git-fixes).\n - s390/stp: add locking to sysfs functions (git-fixes).\n - s390/zcrypt: Fix ZCRYPT_PERDEV_REQCNT ioctl (git-fixes).\n - scripts/lib/SUSE/MyBS.pm: properly close prjconf Macros: section\n - scsi: Remove unneeded break statements (bsc#1164780).\n - scsi: core: Fix VPD LUN ID designator priorities (bsc#1178049,\n git-fixes).\n - scsi: lpfc: Add FDMI Vendor MIB support (bsc#1164780).\n - scsi: lpfc: Convert SCSI I/O completions to SLI-3 and SLI-4 handlers\n (bsc#1164780).\n - scsi: lpfc: Convert SCSI path to use common I/O submission path\n (bsc#1164780).\n - scsi: lpfc: Convert abort handling to SLI-3 and SLI-4 handlers\n (bsc#1164780).\n - scsi: lpfc: Correct null ndlp reference on routine exit (bsc#1164780).\n - scsi: lpfc: Drop nodelist reference on error in lpfc_gen_req()\n (bsc#1164780).\n - scsi: lpfc: Enable common send_io interface for SCSI and NVMe\n (bsc#1164780).\n - scsi: lpfc: Enable common wqe_template support for both SCSI and NVMe\n (bsc#1164780).\n - scsi: lpfc: Enlarge max_sectors in scsi host templates (bsc#1164780).\n - scsi: lpfc: Extend the RDF FPIN Registration descriptor for additional\n events (bsc#1164780).\n - scsi: lpfc: Fix FLOGI/PLOGI receive race condition in pt2pt discovery\n (bsc#1164780).\n - scsi: lpfc: Fix NPIV Fabric Node reference counting (bsc#1164780).\n - scsi: lpfc: Fix NPIV discovery and Fabric Node detection (bsc#1164780).\n - scsi: lpfc: Fix duplicate wq_create_version check (bsc#1164780).\n - scsi: lpfc: Fix fall-through warnings for Clang (bsc#1164780).\n - scsi: lpfc: Fix invalid sleeping context in lpfc_sli4_nvmet_alloc()\n (bsc#1164780).\n - scsi: lpfc: Fix memory leak on lcb_context (bsc#1164780).\n - scsi: lpfc: Fix missing prototype for lpfc_nvmet_prep_abort_wqe()\n (bsc#1164780).\n - scsi: lpfc: Fix missing prototype warning for lpfc_fdmi_vendor_attr_mi()\n (bsc#1164780).\n - scsi: lpfc: Fix pointer defereference before it is null checked issue\n (bsc#1164780).\n - scsi: lpfc: Fix refcounting around SCSI and NVMe transport APIs\n (bsc#1164780).\n - scsi: lpfc: Fix removal of SCSI transport device get and put on dev\n structure (bsc#1164780).\n - scsi: lpfc: Fix scheduling call while in softirq context in\n lpfc_unreg_rpi (bsc#1164780).\n - scsi: lpfc: Fix set but not used warnings from Rework remote port lock\n handling (bsc#1164780).\n - scsi: lpfc: Fix set but unused variables in lpfc_dev_loss_tmo_handler()\n (bsc#1164780).\n - scsi: lpfc: Fix spelling mistake \"Cant\" -> \"Can't\" (bsc#1164780).\n - scsi: lpfc: Fix variable 'vport' set but not used in\n lpfc_sli4_abts_err_handler() (bsc#1164780).\n - scsi: lpfc: Refactor WQE structure definitions for common use\n (bsc#1164780).\n - scsi: lpfc: Reject CT request for MIB commands (bsc#1164780).\n - scsi: lpfc: Remove dead code on second !ndlp check (bsc#1164780).\n - scsi: lpfc: Remove ndlp when a PLOGI/ADISC/PRLI/REG_RPI ultimately fails\n (bsc#1164780).\n - scsi: lpfc: Remove set but not used 'qp' (bsc#1164780).\n - scsi: lpfc: Remove unneeded variable 'status' in\n lpfc_fcp_cpu_map_store() (bsc#1164780).\n - scsi: lpfc: Removed unused macros in lpfc_attr.c (bsc#1164780).\n - scsi: lpfc: Rework locations of ndlp reference taking (bsc#1164780).\n - scsi: lpfc: Rework remote port lock handling (bsc#1164780).\n - scsi: lpfc: Rework remote port ref counting and node freeing\n (bsc#1164780).\n - scsi: lpfc: Unsolicited ELS leaves node in incorrect state while\n dropping it (bsc#1164780).\n - scsi: lpfc: Update changed file copyrights for 2020 (bsc#1164780).\n - scsi: lpfc: Update lpfc version to 12.8.0.4 (bsc#1164780).\n - scsi: lpfc: Update lpfc version to 12.8.0.5 (bsc#1164780).\n - scsi: lpfc: Update lpfc version to 12.8.0.6 (bsc#1164780).\n - scsi: lpfc: Use generic power management (bsc#1164780).\n - scsi: lpfc: lpfc_attr: Demote kernel-doc format for redefined functions\n (bsc#1164780).\n - scsi: lpfc: lpfc_attr: Fix-up a bunch of kernel-doc misdemeanours\n (bsc#1164780).\n - scsi: lpfc: lpfc_debugfs: Fix a couple of function documentation issues\n (bsc#1164780).\n - scsi: lpfc: lpfc_scsi: Fix a whole host of kernel-doc issues\n (bsc#1164780).\n - scsi: qla2xxx: Change post del message from debug level to log level\n (bsc#1172538 bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Convert to DEFINE_SHOW_ATTRIBUTE (bsc#1172538 bsc#1179142\n bsc#1179810).\n - scsi: qla2xxx: Do not check for fw_started while posting NVMe command\n (bsc#1172538 bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Do not consume srb greedily (bsc#1172538 bsc#1179142\n bsc#1179810).\n - scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (bsc#1172538\n bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Fix FW initialization error on big endian machines\n (bsc#1172538 bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Fix N2N and NVMe connect retry failure (bsc#1172538\n bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Fix compilation issue in PPC systems (bsc#1172538\n bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Fix crash during driver load on big endian machines\n (bsc#1172538 bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Fix device loss on 4G and older HBAs (bsc#1172538\n bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines\n (bsc#1172538 bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Fix return of uninitialized value in rval (bsc#1172538\n bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Fix the call trace for flush workqueue (bsc#1172538\n bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Handle aborts correctly for port undergoing deletion\n (bsc#1172538 bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Handle incorrect entry_type entries (bsc#1172538\n bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry\n (bsc#1172538 bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (bsc#1172538\n bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Limit interrupt vectors to number of CPUs (bsc#1172538\n bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Move sess cmd list/lock to driver (bsc#1172538\n bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code\n (bsc#1172538 bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code\n (bsc#1172538 bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Remove trailing semicolon in macro definition\n (bsc#1172538 bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Return EBUSY on fcport deletion (bsc#1172538 bsc#1179142\n bsc#1179810).\n - scsi: qla2xxx: Tear down session if FW say it is down (bsc#1172538\n bsc#1179142 bsc#1179810).\n - scsi: qla2xxx: Update version to 10.02.00.104-k (bsc#1172538 bsc#1179142\n bsc#1179810).\n - scsi: qla2xxx: Use constant when it is known (bsc#1172538 bsc#1179142\n bsc#1179810).\n - scsi: qla2xxx: remove incorrect sparse #ifdef (bsc#1172538 bsc#1179142\n bsc#1179810).\n - scsi: storvsc: Fix error return in storvsc_probe() (git-fixes).\n - scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (bsc#1172538\n bsc#1179142 bsc#1179810).\n - serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access\n (git-fixes).\n - serial: 8250_pci: Add Realtek 816a and 816b (git-fixes).\n - serial: amba-pl011: Make sure we initialize the port.lock spinlock\n (git-fixes).\n - serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE (git-fixes).\n - serial: txx9: add missing platform_driver_unregister() on error in\n serial_txx9_init (git-fixes).\n - serial_core: Check for port state when tty is in error state (git-fixes).\n - soc/tegra: fuse: Fix index bug in get_process_id (git-fixes).\n - soc: imx: gpc: fix power up sequencing (git-fixes).\n - soc: mediatek: Check if power domains can be powered on at boot time\n (git-fixes).\n - soc: qcom: smp2p: Safely acquire spinlock without IRQs (git-fixes).\n - soc: ti: Fix reference imbalance in knav_dma_probe (git-fixes).\n - soc: ti: knav_qmss: fix reference leak in knav_queue_probe (git-fixes).\n - spi: Add call to spi_slave_abort() function when spidev driver is\n released (git-fixes).\n - spi: Fix memory leak on splited transfers (git-fixes).\n - spi: bcm63xx-hsspi: fix missing clk_disable_unprepare() on error in\n bcm63xx_hsspi_resume (git-fixes).\n - spi: davinci: Fix use-after-free on unbind (git-fixes).\n - spi: dw: Enable interrupts in accordance with DMA xfer mode (git-fixes).\n - spi: dw: Fix Rx-only DMA transfers (git-fixes).\n - spi: dw: Return any value retrieved from the dma_transfer callback\n (git-fixes).\n - spi: img-spfi: fix potential double release (git-fixes).\n - spi: img-spfi: fix reference leak in img_spfi_resume (git-fixes).\n - spi: pic32: Do not leak DMA channels in probe error path (git-fixes).\n - spi: pxa2xx: Add missed security checks (git-fixes).\n - spi: spi-cavium-thunderx: Add missing pci_release_regions() (git-fixes).\n - spi: spi-loopback-test: Fix out-of-bounds read (git-fixes).\n - spi: spi-mem: Fix passing zero to 'PTR_ERR' warning (git-fixes).\n - spi: spi-mem: fix reference leak in spi_mem_access_start (git-fixes).\n - spi: spi-ti-qspi: fix reference leak in ti_qspi_setup (git-fixes).\n - spi: spidev: fix a potential use-after-free in spidev_release()\n (git-fixes).\n - spi: st-ssc4: Fix unbalanced pm_runtime_disable() in probe error path\n (git-fixes).\n - spi: st-ssc4: add missed pm_runtime_disable (git-fixes).\n - spi: tegra114: fix reference leak in tegra spi ops (git-fixes).\n - spi: tegra20-sflash: fix reference leak in tegra_sflash_resume\n (git-fixes).\n - spi: tegra20-slink: add missed clk_unprepare (git-fixes).\n - spi: tegra20-slink: fix reference leak in slink ops of tegra20\n (git-fixes).\n - splice: only read in as much information as there is pipe buffer space\n (bsc#1179520).\n - staging: comedi: check validity of wMaxPacketSize of usb endpoints found\n (git-fixes).\n - staging: comedi: gsc_hpdi: check dma_alloc_coherent() return value\n (git-fixes).\n - staging: comedi: mf6x4: Fix AI end-of-conversion detection (git-fixes).\n - staging: olpc_dcon: Do not call platform_device_unregister() in\n dcon_probe() (git-fixes).\n - staging: olpc_dcon: add a missing dependency (git-fixes).\n - staging: rtl8188eu: Add device code for TP-Link TL-WN727N v5.21\n (git-fixes).\n - staging: rtl8188eu: Add device id for MERCUSYS MW150US v2 (git-fixes).\n - staging: rtl8188eu: fix possible null dereference (git-fixes).\n - staging: rtl8192u: fix multiple memory leaks on error path (git-fixes).\n - staging: vt6656: set usb_set_intfdata on driver fail (git-fixes).\n - staging: wlan-ng: fix out of bounds read in prism2sta_probe_usb()\n (git-fixes).\n - staging: wlan-ng: properly check endpoint types (git-fixes).\n - sunrpc: fixed rollback in rpc_gssd_dummy_populate() (git-fixes).\n - thunderbolt: Use 32-bit writes when writing ring producer/consumer\n (git-fixes).\n - timer: Fix wheel index calculation on last level (git fixes)\n - timer: Prevent base->clk from moving backward (git-fixes)\n - tty: Fix ->pgrp locking in tiocspgrp() (git-fixes).\n - tty: always relink the port (git-fixes).\n - tty: link tty and port before configuring it as console (git-fixes).\n - tty: synclink_gt: Adjust indentation in several functions (git-fixes).\n - tty: synclinkmp: Adjust indentation in several functions (git-fixes).\n - tty:serial:mvebu-uart:fix a wrong return (git-fixes).\n - uapi/if_ether.h: move __UAPI_DEF_ETHHDR libc define (git-fixes).\n - uapi/if_ether.h: prevent redefinition of struct ethhdr (git-fixes).\n - usb: chipidea: ci_hdrc_imx: Pass DISABLE_DEVICE_STREAMING flag to imx6ul\n (git-fixes).\n - usb: chipidea: ci_hdrc_imx: add missing put_device() call in\n usbmisc_get_init_data() (git-fixes).\n - usb: dwc2: Fix IN FIFO allocation (git-fixes).\n - usb: dwc3: remove the call trace of USBx_GFLADJ (git-fixes).\n - usb: dwc3: ulpi: Use VStsDone to detect PHY regs access completion\n (git-fixes).\n - usb: ehci-omap: Fix PM disable depth umbalance in ehci_hcd_omap_probe\n (git-fixes).\n - usb: fsl: Check memory resource before releasing it (git-fixes).\n - usb: gadget: composite: Fix possible double free memory bug (git-fixes).\n - usb: gadget: configfs: Fix missing spin_lock_init() (git-fixes).\n - usb: gadget: configfs: Preserve function ordering after bind failure\n (git-fixes).\n - usb: gadget: configfs: fix concurrent issue between composite APIs\n (git-fixes).\n - usb: gadget: f_fs: Use local copy of descriptors for userspace copy\n (git-fixes).\n - usb: gadget: f_uac2: reset wMaxPacketSize (git-fixes).\n - usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags (git-fixes).\n - usb: gadget: fix wrong endpoint desc (git-fixes).\n - usb: gadget: goku_udc: fix potential crashes in probe (git-fixes).\n - usb: gadget: net2280: fix memory leak on probe error handling paths\n (git-fixes).\n - usb: gadget: select CONFIG_CRC32 (git-fixes).\n - usb: gadget: serial: fix Tx stall after buffer overflow (git-fixes).\n - usb: gadget: udc: fix possible sleep-in-atomic-context bugs in\n gr_probe() (git-fixes).\n - usb: gadget: udc: gr_udc: fix memleak on error handling path in\n gr_ep_init() (git-fixes).\n - usb: hso: Fix debug compile warning on sparc32 (git-fixes).\n - usb: musb: omap2430: Get rid of musb .set_vbus for omap2430 glue\n (git-fixes).\n - usb: oxu210hp-hcd: Fix memory leak in oxu_create (git-fixes).\n - usb: usbfs: Suppress problematic bind and unbind uevents (git-fixes).\n - usblp: poison URBs upon disconnect (git-fixes).\n - usbnet: ipheth: fix connectivity with iOS 14 (git-fixes).\n - video: fbdev: neofb: fix memory leak in neo_scan_monitor() (git-fixes).\n - vt: Reject zero-sized screen buffer size (git-fixes).\n - vt: do not hardcode the mem allocation upper bound (git-fixes).\n - wan: ds26522: select CONFIG_BITREVERSE (git-fixes).\n - watchdog: coh901327: add COMMON_CLK dependency (git-fixes).\n - watchdog: da9062: No need to ping manually before setting timeout\n (git-fixes).\n - watchdog: da9062: do not ping the hw during stop() (git-fixes).\n - watchdog: qcom: Avoid context switch in restart handler (git-fixes).\n - watchdog: sirfsoc: Add missing dependency on HAS_IOMEM (git-fixes).\n - wil6210: select CONFIG_CRC32 (git-fixes).\n - wimax: fix duplicate initializer warning (git-fixes).\n - wireless: Use linux/stddef.h instead of stddef.h (git-fixes).\n - wireless: Use offsetof instead of custom macro (git-fixes).\n - x86/apic: Fix integer overflow on 10 bit left shift of cpu_khz\n (bsc#1112178).\n - x86/i8259: Use printk_deferred() to prevent deadlock (bsc#1112178).\n - x86/insn-eval: Use new for_each_insn_prefix() macro to loop over\n prefixes bytes (bsc#1112178).\n - x86/mm/ident_map: Check for errors from ident_pud_init() (bsc#1112178).\n - x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP (bsc#1112178).\n - x86/mm/numa: Remove uninitialized_var() usage (bsc#1112178).\n - x86/mm: Fix leak of pmd ptlock (bsc#1112178).\n - x86/mtrr: Correct the range check before performing MTRR type lookups\n (bsc#1112178).\n - x86/resctrl: Add necessary kernfs_put() calls to prevent refcount leak\n (bsc#1112178).\n - x86/resctrl: Do not move a task to the same resource group (bsc#1112178).\n - x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled\n (bsc#1112178).\n - x86/resctrl: Remove superfluous kernfs_get() calls to prevent refcount\n leak (bsc#1112178).\n - x86/resctrl: Remove unused struct mbm_state::chunks_bw (bsc#1112178).\n - x86/resctrl: Use an IPI instead of task_work_add() to update PQR_ASSOC\n MSR (bsc#1112178).\n - x86/speculation: Fix prctl() when spectre_v2_user={seccomp,prctl},ibpb\n (bsc#1112178).\n - x86/tracing: Introduce a static key for exception tracing (bsc#1179895).\n - x86/traps: Simplify pagefault tracing logic (bsc#1179895).\n - x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes\n (bsc#1112178).\n - xhci: Give USB2 ports time to enter U3 in bus suspend (git-fixes).\n - xprtrdma: fix incorrect header size calculations (git-fixes).\n\n\nSpecial Instructions and Notes:\n\n Please reboot the system after installing this update.\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2021-75=1", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2021-01-16T00:00:00", "type": "suse", "title": "Security update for the Linux Kernel (important)", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-20934", "CVE-2020-0444", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-11668", "CVE-2020-25639", "CVE-2020-27068", "CVE-2020-27777", "CVE-2020-27786", "CVE-2020-27825", "CVE-2020-28374", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158", "CVE-2020-4788"], "modified": "2021-01-16T00:00:00", "id": "OPENSUSE-SU-2021:0075-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/H7EJISS2OPKUSJFJ2BG5ZWHA2Z6H3VQB/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}