An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c.
{"id": "DEBIANCVE:CVE-2021-26932", "vendorId": null, "type": "debiancve", "bulletinFamily": "info", "title": "CVE-2021-26932", "description": "An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c.", "published": "2021-02-17T02:15:00", "modified": "2021-02-17T02:15:00", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "accessVector": "LOCAL", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 1.9}, "severity": "LOW", "exploitabilityScore": 3.4, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "href": "https://security-tracker.debian.org/tracker/CVE-2021-26932", "reporter": "Debian Security Bug Tracker", "references": [], "cvelist": ["CVE-2021-26932"], "immutableFields": [], "lastseen": "2022-06-23T06:00:18", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2021-1487", "ALAS2-2021-1616"]}, {"type": "citrix", "idList": ["CTX296603"]}, {"type": "cve", "idList": ["CVE-2021-26932"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2586-1:6B2FD", "DEBIAN:DLA-2610-1:A54F6"]}, {"type": "fedora", "idList": ["FEDORA:14B79306C927", "FEDORA:38CB530B1D04"]}, {"type": "freebsd", "idList": ["5B8C6E1E-770F-11EB-B87A-901B0EF719AB"]}, {"type": "nessus", "idList": ["AL2_ALAS-2021-1616.NASL", "ALA_ALAS-2021-1487.NASL", "DEBIAN_DLA-2586.NASL", "DEBIAN_DLA-2610.NASL", "FEDORA_2021-7143ACA8CB.NASL", "FEDORA_2021-8D45D297C6.NASL", "FREEBSD_PKG_5B8C6E1E770F11EBB87A901B0EF719AB.NASL", "OPENSUSE-2021-393.NASL", "ORACLELINUX_ELSA-2021-9051.NASL", "ORACLELINUX_ELSA-2021-9052.NASL", "ORACLELINUX_ELSA-2021-9053.NASL", "ORACLELINUX_ELSA-2021-9057.NASL", "ORACLELINUX_ELSA-2021-9058.NASL", "ORACLELINUX_ELSA-2021-9067.NASL", "ORACLELINUX_ELSA-2021-9068.NASL", "ORACLELINUX_ELSA-2021-9079.NASL", "ORACLELINUX_ELSA-2021-9085.NASL", "ORACLELINUX_ELSA-2021-9086.NASL", "ORACLELINUX_ELSA-2021-9135.NASL", "ORACLELINUX_ELSA-2021-9136.NASL", "SUSE_SU-2021-0735-1.NASL", "SUSE_SU-2021-0736-1.NASL", "SUSE_SU-2021-0737-1.NASL", "SUSE_SU-2021-0740-1.NASL", "SUSE_SU-2021-0741-1.NASL", "SUSE_SU-2021-0743-1.NASL", "SUSE_SU-2021-0744-1.NASL", "SUSE_SU-2021-1175-1.NASL", "SUSE_SU-2021-1210-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-9051", "ELSA-2021-9052", "ELSA-2021-9053", "ELSA-2021-9057", "ELSA-2021-9058", "ELSA-2021-9067", "ELSA-2021-9068", "ELSA-2021-9079", "ELSA-2021-9085", "ELSA-2021-9086", "ELSA-2021-9135", "ELSA-2021-9136", "ELSA-2021-9140"]}, {"type": "photon", "idList": ["PHSA-2021-0007", "PHSA-2021-0201"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0393-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-26932"]}, {"type": "xen", "idList": ["XSA-361"]}], "rev": 4}, "score": {"value": 4.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "amazon", "idList": ["ALAS-2021-1487", "ALAS2-2021-1616"]}, {"type": "citrix", "idList": ["CTX296603"]}, {"type": "cve", "idList": ["CVE-2021-26932"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2586-1:6B2FD"]}, {"type": "fedora", "idList": ["FEDORA:14B79306C927", "FEDORA:38CB530B1D04"]}, {"type": "freebsd", "idList": ["5B8C6E1E-770F-11EB-B87A-901B0EF719AB"]}, {"type": "nessus", "idList": ["AL2_ALAS-2021-1616.NASL", "ALA_ALAS-2021-1487.NASL", "DEBIAN_DLA-2586.NASL", "FEDORA_2021-7143ACA8CB.NASL", "FEDORA_2021-8D45D297C6.NASL", "FREEBSD_PKG_5B8C6E1E770F11EBB87A901B0EF719AB.NASL", "OPENSUSE-2021-393.NASL", "ORACLELINUX_ELSA-2021-9052.NASL", "ORACLELINUX_ELSA-2021-9053.NASL", "ORACLELINUX_ELSA-2021-9058.NASL", "ORACLELINUX_ELSA-2021-9067.NASL", "ORACLELINUX_ELSA-2021-9068.NASL", "ORACLELINUX_ELSA-2021-9079.NASL", "ORACLELINUX_ELSA-2021-9085.NASL", "ORACLELINUX_ELSA-2021-9086.NASL", "SUSE_SU-2021-0735-1.NASL", "SUSE_SU-2021-0736-1.NASL", "SUSE_SU-2021-0737-1.NASL", "SUSE_SU-2021-0740-1.NASL", "SUSE_SU-2021-0741-1.NASL", "SUSE_SU-2021-0743-1.NASL", "SUSE_SU-2021-0744-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-9051", "ELSA-2021-9053", "ELSA-2021-9057", "ELSA-2021-9058", "ELSA-2021-9067", "ELSA-2021-9068", "ELSA-2021-9079", "ELSA-2021-9085", "ELSA-2021-9086", "ELSA-2021-9135", "ELSA-2021-9136"]}, {"type": "photon", "idList": ["PHSA-2021-0007", "PHSA-2021-0201", "PHSA-2021-0322", "PHSA-2021-0366"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0393-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-26932"]}, {"type": "xen", "idList": ["XSA-361"]}]}, "exploitation": null, "vulnersScore": 4.4}, "_state": {"dependencies": 0}, "_internal": {}, "affectedPackage": [{"OS": "Debian", "OSVersion": "12", "arch": "all", "packageFilename": "linux_5.18.5-1_all.deb", "packageVersion": "5.18.5-1", "operator": "lt", "status": "resolved", "packageName": "linux"}, {"OS": "Debian", "OSVersion": "11", "arch": "all", "packageFilename": "linux_5.10.106-1_all.deb", "packageVersion": "5.10.106-1", "operator": "lt", "status": "resolved", "packageName": "linux"}, {"OS": "Debian", "OSVersion": "10", "arch": "all", "packageFilename": "linux_4.19.235-1_all.deb", "packageVersion": "4.19.235-1", "operator": "lt", "status": "resolved", "packageName": "linux"}, {"OS": "Debian", "OSVersion": "999", "arch": "all", "packageFilename": "linux_5.18.5-1_all.deb", "packageVersion": "5.18.5-1", "operator": "lt", "status": "resolved", "packageName": "linux"}, {"OS": "Debian", "OSVersion": "9", "arch": "all", "packageFilename": "linux_4.9.228-1_all.deb", "packageVersion": "4.9.228-1", "operator": "lt", "status": "resolved", "packageName": "linux"}, {"OS": "Debian", "OSVersion": "9", "arch": "all", "packageFilename": "linux-4.19_4.19.181-1~deb9u1_all.deb", "packageVersion": "4.19.181-1~deb9u1", "operator": "lt", "status": "resolved", "packageName": "linux-4.19"}]}
{"ubuntucve": [{"lastseen": "2022-02-17T11:34:28", "description": "An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by\nXen. Grant mapping operations often occur in batch hypercalls, where a\nnumber of operations are done in a single hypercall, the success or failure\nof each one is reported to the backend driver, and the backend driver then\nloops over the results, performing follow-up actions based on the success\nor failure of each operation. Unfortunately, when running in PV mode, the\nLinux backend drivers mishandle this: Some errors are ignored, effectively\nimplying their success from the success of related batch elements. In other\ncases, errors resulting from one batch element lead to further batch\nelements not being inspected, and hence successful ones to not be possible\nto properly unmap upon error recovery. Only systems with Linux backends\nrunning in PV mode are vulnerable. Linux backends run in HVM / PVH modes\nare not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-02-17T00:00:00", "type": "ubuntucve", "title": "CVE-2021-26932", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26932"], "modified": "2021-02-17T00:00:00", "id": "UB:CVE-2021-26932", "href": "https://ubuntu.com/security/CVE-2021-26932", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P"}}], "xen": [{"lastseen": "2022-02-09T20:38:38", "description": "#### ISSUE DESCRIPTION\nGrant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation.\nUnfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery.\n#### IMPACT\nA malicious or buggy frontend driver may be able to crash the corresponding backend driver, causing a denial of service potentially affecting the entire domain running the backend driver.\nA malicious or buggy frontend driver may be able to cause resource leaks in the domain running the corresponding backend driver, leading to a denial of service.\n#### VULNERABLE SYSTEMS\nAll Linux versions back to at least 3.2 are vulnerable, when running in PV mode on x86 or when running on Arm.\nOn x86, only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-02-16T12:00:00", "type": "xen", "title": "Linux: grant mapping error handling issues", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26932"], "modified": "2021-02-16T12:35:00", "id": "XSA-361", "href": "http://xenbits.xen.org/xsa/advisory-361.html", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:30", "description": "\n\nProblem Description:\nGrant mapping operations often occur in batch hypercalls, where a\n\tnumber of operations are done in a single hypercall, the success or\n\tfailure of each one reported to the backend driver, and the backend\n\tdriver then loops over the results, performing follow-up actions\n\tbased on the success or failure of each operation.\nUnfortunately, when running in HVM/PVH mode, the FreeBSD backend\n\tdrivers mishandle this: Some errors are ignored, effectively implying\n\ttheir success from the success of related batch elements. In other\n\tcases, errors resulting from one batch element lead to further batch\n\telements not being inspected, and hence successful ones to not be\n\tpossible to properly unmap upon error recovery.\nImpact:\nA malicious or buggy frontend driver may be able to cause resource\n\tleaks in the domain running the corresponding backend driver.\n\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-02-24T00:00:00", "type": "freebsd", "title": "FreeBSD -- Xen grant mapping error handling issues", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26932"], "modified": "2021-02-24T00:00:00", "id": "5B8C6E1E-770F-11EB-B87A-901B0EF719AB", "href": "https://vuxml.freebsd.org/freebsd/5b8c6e1e-770f-11eb-b87a-901b0ef719ab.html", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2022-06-16T14:54:10", "description": "Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation.\n\nUnfortunately, when running in HVM/PVH mode, the FreeBSD backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Impact : A malicious or buggy frontend driver may be able to cause resource leaks in the domain running the corresponding backend driver.", "cvss3": {"score": 5.5, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2021-02-25T00:00:00", "type": "nessus", "title": "FreeBSD : FreeBSD -- Xen grant mapping error handling issues (5b8c6e1e-770f-11eb-b87a-901b0ef719ab)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26932"], "modified": "2021-03-01T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:FreeBSD", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_5B8C6E1E770F11EBB87A901B0EF719AB.NASL", "href": "https://www.tenable.com/plugins/nessus/146833", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(146833);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/01\");\n\n script_cve_id(\"CVE-2021-26932\");\n script_xref(name:\"FreeBSD\", value:\"SA-21:06.xen\");\n\n script_name(english:\"FreeBSD : FreeBSD -- Xen grant mapping error handling issues (5b8c6e1e-770f-11eb-b87a-901b0ef719ab)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Grant mapping operations often occur in batch hypercalls, where a\nnumber of operations are done in a single hypercall, the success or\nfailure of each one reported to the backend driver, and the backend\ndriver then loops over the results, performing follow-up actions based\non the success or failure of each operation.\n\nUnfortunately, when running in HVM/PVH mode, the FreeBSD backend\ndrivers mishandle this: Some errors are ignored, effectively implying\ntheir success from the success of related batch elements. In other\ncases, errors resulting from one batch element lead to further batch\nelements not being inspected, and hence successful ones to not be\npossible to properly unmap upon error recovery. Impact : A malicious\nor buggy frontend driver may be able to cause resource leaks in the\ndomain running the corresponding backend driver.\"\n );\n # https://vuxml.freebsd.org/freebsd/5b8c6e1e-770f-11eb-b87a-901b0ef719ab.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?10ec28c7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26932\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:FreeBSD\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=12.2<12.2_4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"FreeBSD>=11.4<11.4_8\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:pkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-06-16T14:53:50", "description": "The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-9068 advisory.\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. (CVE-2021-26932)\n\n - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c. (CVE-2021-26930)\n\n - An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.\n (CVE-2021-26931)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-02-19T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9068)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-container"], "id": "ORACLELINUX_ELSA-2021-9068.NASL", "href": "https://www.tenable.com/plugins/nessus/146587", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9068.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146587);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2021-26930\", \"CVE-2021-26931\", \"CVE-2021-26932\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9068)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2021-9068 advisory.\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations\n often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success\n or failure of each one is reported to the backend driver, and the backend driver then loops over the\n results, performing follow-up actions based on the success or failure of each operation. Unfortunately,\n when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively\n implying their success from the success of related batch elements. In other cases, errors resulting from\n one batch element lead to further batch elements not being inspected, and hence successful ones to not be\n possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are\n vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and\n drivers/xen/gntdev.c. (CVE-2021-26932)\n\n - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to\n the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be\n encountered. In one case, an error encountered earlier might be discarded by later processing, resulting\n in the caller assuming successful mapping, and hence subsequent operations trying to access space that\n wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery\n from the error. This affects drivers/block/xen-blkback/blkback.c. (CVE-2021-26930)\n\n - An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI\n backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially\n being at least under the influence of guests (such as out of memory conditions), it isn't correct to\n assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running\n in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.\n (CVE-2021-26931)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9068.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26930\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-4.14.35-2047.500.10.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-4.14.35'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container');\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:54:44", "description": "The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-9058 advisory.\n\n - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c. (CVE-2021-26930)\n\n - An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.\n (CVE-2021-26931)\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. (CVE-2021-26932)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-02-16T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9058)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-container"], "id": "ORACLELINUX_ELSA-2021-9058.NASL", "href": "https://www.tenable.com/plugins/nessus/146549", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9058.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146549);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2021-26930\", \"CVE-2021-26931\", \"CVE-2021-26932\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9058)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2021-9058 advisory.\n\n - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to\n the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be\n encountered. In one case, an error encountered earlier might be discarded by later processing, resulting\n in the caller assuming successful mapping, and hence subsequent operations trying to access space that\n wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery\n from the error. This affects drivers/block/xen-blkback/blkback.c. (CVE-2021-26930)\n\n - An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI\n backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially\n being at least under the influence of guests (such as out of memory conditions), it isn't correct to\n assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running\n in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.\n (CVE-2021-26931)\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations\n often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success\n or failure of each one is reported to the backend driver, and the backend driver then loops over the\n results, performing follow-up actions based on the success or failure of each operation. Unfortunately,\n when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively\n implying their success from the success of related batch elements. In other cases, errors resulting from\n one batch element lead to further batch elements not being inspected, and hence successful ones to not be\n possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are\n vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and\n drivers/xen/gntdev.c. (CVE-2021-26932)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9058.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26930\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-4.14.35-2047.500.9.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-4.14.35'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container');\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:55:45", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9135 advisory.\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. (CVE-2021-26932)\n\n - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c. (CVE-2021-26930)\n\n - An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.\n (CVE-2021-26931)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-24T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9135)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2021-9135.NASL", "href": "https://www.tenable.com/plugins/nessus/148036", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9135.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148036);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2021-26930\", \"CVE-2021-26931\", \"CVE-2021-26932\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9135)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-9135 advisory.\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations\n often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success\n or failure of each one is reported to the backend driver, and the backend driver then loops over the\n results, performing follow-up actions based on the success or failure of each operation. Unfortunately,\n when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively\n implying their success from the success of related batch elements. In other cases, errors resulting from\n one batch element lead to further batch elements not being inspected, and hence successful ones to not be\n possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are\n vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and\n drivers/xen/gntdev.c. (CVE-2021-26932)\n\n - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to\n the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be\n encountered. In one case, an error encountered earlier might be discarded by later processing, resulting\n in the caller assuming successful mapping, and hence subsequent operations trying to access space that\n wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery\n from the error. This affects drivers/block/xen-blkback/blkback.c. (CVE-2021-26930)\n\n - An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI\n backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially\n being at least under the influence of guests (such as out of memory conditions), it isn't correct to\n assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running\n in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.\n (CVE-2021-26931)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9135.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26930\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.14.35-2047.500.9.3.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-9135');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.14.35-2047.500.9.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-4.14.35-2047.500.9.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2047.500.9.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2047.500.9.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2047.500.9.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2047.500.9.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2047.500.9.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2047.500.9.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-doc-4.14.35-2047.500.9.3.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.14.35'},\n {'reference':'kernel-uek-headers-4.14.35-2047.500.9.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2047.500.9.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2047.500.9.3.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-libs-4.14.35-2047.500.9.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-4.14.35'},\n {'reference':'kernel-uek-tools-libs-devel-4.14.35-2047.500.9.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-devel-4.14.35'},\n {'reference':'perf-4.14.35-2047.500.9.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.35-2047.500.9.3.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:56:13", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9052 advisory.\n\n - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c. (CVE-2021-26930)\n\n - An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.\n (CVE-2021-26931)\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. (CVE-2021-26932)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-15T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9052)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2021-9052.NASL", "href": "https://www.tenable.com/plugins/nessus/147804", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9052.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147804);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2021-26930\", \"CVE-2021-26931\", \"CVE-2021-26932\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9052)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-9052 advisory.\n\n - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to\n the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be\n encountered. In one case, an error encountered earlier might be discarded by later processing, resulting\n in the caller assuming successful mapping, and hence subsequent operations trying to access space that\n wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery\n from the error. This affects drivers/block/xen-blkback/blkback.c. (CVE-2021-26930)\n\n - An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI\n backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially\n being at least under the influence of guests (such as out of memory conditions), it isn't correct to\n assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running\n in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.\n (CVE-2021-26931)\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations\n often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success\n or failure of each one is reported to the backend driver, and the backend driver then loops over the\n results, performing follow-up actions based on the success or failure of each operation. Unfortunately,\n when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively\n implying their success from the success of related batch elements. In other cases, errors resulting from\n one batch element lead to further batch elements not being inspected, and hence successful ones to not be\n possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are\n vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and\n drivers/xen/gntdev.c. (CVE-2021-26932)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9052.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26930\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.14.35-2047.500.9.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-9052');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.14.35-2047.500.9.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-4.14.35-2047.500.9.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2047.500.9.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2047.500.9.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2047.500.9.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2047.500.9.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2047.500.9.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2047.500.9.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-doc-4.14.35-2047.500.9.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.14.35'},\n {'reference':'kernel-uek-headers-4.14.35-2047.500.9.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2047.500.9.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2047.500.9.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-libs-4.14.35-2047.500.9.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-4.14.35'},\n {'reference':'kernel-uek-tools-libs-devel-4.14.35-2047.500.9.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-devel-4.14.35'},\n {'reference':'perf-4.14.35-2047.500.9.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.35-2047.500.9.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:58:23", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9057 advisory.\n\n - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c. (CVE-2021-26930)\n\n - An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.\n (CVE-2021-26931)\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. (CVE-2021-26932)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-04-14T00:00:00", "type": "nessus", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9057)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek-container", "p-cpe:/a:oracle:linux:kernel-uek-container-debug"], "id": "ORACLELINUX_ELSA-2021-9057.NASL", "href": "https://www.tenable.com/plugins/nessus/148548", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9057.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148548);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2021-26930\", \"CVE-2021-26931\", \"CVE-2021-26932\");\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9057)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2021-9057 advisory.\n\n - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to\n the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be\n encountered. In one case, an error encountered earlier might be discarded by later processing, resulting\n in the caller assuming successful mapping, and hence subsequent operations trying to access space that\n wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery\n from the error. This affects drivers/block/xen-blkback/blkback.c. (CVE-2021-26930)\n\n - An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI\n backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially\n being at least under the influence of guests (such as out of memory conditions), it isn't correct to\n assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running\n in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.\n (CVE-2021-26931)\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations\n often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success\n or failure of each one is reported to the backend driver, and the backend driver then loops over the\n results, performing follow-up actions based on the success or failure of each operation. Unfortunately,\n when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively\n implying their success from the success of related batch elements. In other cases, errors resulting from\n one batch element lead to further batch elements not being inspected, and hence successful ones to not be\n possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are\n vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and\n drivers/xen/gntdev.c. (CVE-2021-26932)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9057.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container and / or kernel-uek-container-debug packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26930\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container-debug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-5.4.17-2036.103.3.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2036.103.3.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.4.17'},\n {'reference':'kernel-uek-container-5.4.17-2036.103.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2036.103.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.4.17'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container / kernel-uek-container-debug');\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:53:27", "description": "The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-8d45d297c6 advisory.\n\n - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c. (CVE-2021-26930)\n\n - An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.\n (CVE-2021-26931)\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. (CVE-2021-26932)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-01T00:00:00", "type": "nessus", "title": "Fedora 32 : kernel (2021-8d45d297c6)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932"], "modified": "2021-04-12T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:32", "p-cpe:/a:fedoraproject:fedora:kernel"], "id": "FEDORA_2021-8D45D297C6.NASL", "href": "https://www.tenable.com/plugins/nessus/146894", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2021-8d45d297c6\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146894);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/12\");\n\n script_cve_id(\"CVE-2021-26930\", \"CVE-2021-26931\", \"CVE-2021-26932\");\n script_xref(name:\"FEDORA\", value:\"2021-8d45d297c6\");\n\n script_name(english:\"Fedora 32 : kernel (2021-8d45d297c6)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2021-8d45d297c6 advisory.\n\n - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to\n the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be\n encountered. In one case, an error encountered earlier might be discarded by later processing, resulting\n in the caller assuming successful mapping, and hence subsequent operations trying to access space that\n wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery\n from the error. This affects drivers/block/xen-blkback/blkback.c. (CVE-2021-26930)\n\n - An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI\n backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially\n being at least under the influence of guests (such as out of memory conditions), it isn't correct to\n assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running\n in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.\n (CVE-2021-26931)\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations\n often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success\n or failure of each one is reported to the backend driver, and the backend driver then loops over the\n results, performing follow-up actions based on the success or failure of each operation. Unfortunately,\n when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively\n implying their success from the success of related batch elements. In other cases, errors resulting from\n one batch element lead to further batch elements not being inspected, and hence successful ones to not be\n possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are\n vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and\n drivers/xen/gntdev.c. (CVE-2021-26932)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2021-8d45d297c6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26930\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Fedora' >!< release) audit(AUDIT_OS_NOT, 'Fedora');\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^32([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 32', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2021-26930', 'CVE-2021-26931', 'CVE-2021-26932');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for FEDORA-2021-8d45d297c6');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'reference':'kernel-5.10.18-100.fc32', 'release':'FC32', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:53:32", "description": "The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-7143aca8cb advisory.\n\n - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c. (CVE-2021-26930)\n\n - An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.\n (CVE-2021-26931)\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. (CVE-2021-26932)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-01T00:00:00", "type": "nessus", "title": "Fedora 33 : kernel (2021-7143aca8cb)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932"], "modified": "2021-04-12T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:33", "p-cpe:/a:fedoraproject:fedora:kernel"], "id": "FEDORA_2021-7143ACA8CB.NASL", "href": "https://www.tenable.com/plugins/nessus/146905", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2021-7143aca8cb\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146905);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/12\");\n\n script_cve_id(\"CVE-2021-26930\", \"CVE-2021-26931\", \"CVE-2021-26932\");\n script_xref(name:\"FEDORA\", value:\"2021-7143aca8cb\");\n\n script_name(english:\"Fedora 33 : kernel (2021-7143aca8cb)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2021-7143aca8cb advisory.\n\n - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to\n the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be\n encountered. In one case, an error encountered earlier might be discarded by later processing, resulting\n in the caller assuming successful mapping, and hence subsequent operations trying to access space that\n wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery\n from the error. This affects drivers/block/xen-blkback/blkback.c. (CVE-2021-26930)\n\n - An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI\n backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially\n being at least under the influence of guests (such as out of memory conditions), it isn't correct to\n assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running\n in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.\n (CVE-2021-26931)\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations\n often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success\n or failure of each one is reported to the backend driver, and the backend driver then loops over the\n results, performing follow-up actions based on the success or failure of each operation. Unfortunately,\n when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively\n implying their success from the success of related batch elements. In other cases, errors resulting from\n one batch element lead to further batch elements not being inspected, and hence successful ones to not be\n possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are\n vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and\n drivers/xen/gntdev.c. (CVE-2021-26932)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2021-7143aca8cb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26930\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:33\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Fedora' >!< release) audit(AUDIT_OS_NOT, 'Fedora');\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^33([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 33', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n cve_list = make_list('CVE-2021-26930', 'CVE-2021-26931', 'CVE-2021-26932');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for FEDORA-2021-7143aca8cb');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\npkgs = [\n {'reference':'kernel-5.10.18-200.fc33', 'release':'FC33', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:59:18", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9051 advisory.\n\n - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c. (CVE-2021-26930)\n\n - An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.\n (CVE-2021-26931)\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. (CVE-2021-26932)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-04-14T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9051)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2021-9051.NASL", "href": "https://www.tenable.com/plugins/nessus/148546", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9051.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148546);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2021-26930\", \"CVE-2021-26931\", \"CVE-2021-26932\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9051)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2021-9051 advisory.\n\n - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to\n the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be\n encountered. In one case, an error encountered earlier might be discarded by later processing, resulting\n in the caller assuming successful mapping, and hence subsequent operations trying to access space that\n wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery\n from the error. This affects drivers/block/xen-blkback/blkback.c. (CVE-2021-26930)\n\n - An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI\n backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially\n being at least under the influence of guests (such as out of memory conditions), it isn't correct to\n assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running\n in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.\n (CVE-2021-26931)\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations\n often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success\n or failure of each one is reported to the backend driver, and the backend driver then loops over the\n results, performing follow-up actions based on the success or failure of each operation. Unfortunately,\n when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively\n implying their success from the success of related batch elements. In other cases, errors resulting from\n one batch element lead to further batch elements not being inspected, and hence successful ones to not be\n possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are\n vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and\n drivers/xen/gntdev.c. (CVE-2021-26932)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9051.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26930\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.48.3.1.el6uek', '4.1.12-124.48.3.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-9051');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.48.3.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.48.3.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.48.3.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.48.3.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.48.3.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.48.3.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.48.3.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.48.3.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.48.3.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.48.3.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.48.3.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.48.3.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:55:42", "description": "The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2021-9136 advisory.\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. (CVE-2021-26932)\n\n - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c. (CVE-2021-26930)\n\n - An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.\n (CVE-2021-26931)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-24T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9136)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-container"], "id": "ORACLELINUX_ELSA-2021-9136.NASL", "href": "https://www.tenable.com/plugins/nessus/148088", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9136.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148088);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2021-26930\", \"CVE-2021-26931\", \"CVE-2021-26932\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2021-9136)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2021-9136 advisory.\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations\n often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success\n or failure of each one is reported to the backend driver, and the backend driver then loops over the\n results, performing follow-up actions based on the success or failure of each operation. Unfortunately,\n when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively\n implying their success from the success of related batch elements. In other cases, errors resulting from\n one batch element lead to further batch elements not being inspected, and hence successful ones to not be\n possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are\n vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and\n drivers/xen/gntdev.c. (CVE-2021-26932)\n\n - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to\n the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be\n encountered. In one case, an error encountered earlier might be discarded by later processing, resulting\n in the caller assuming successful mapping, and hence subsequent operations trying to access space that\n wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery\n from the error. This affects drivers/block/xen-blkback/blkback.c. (CVE-2021-26930)\n\n - An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI\n backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially\n being at least under the influence of guests (such as out of memory conditions), it isn't correct to\n assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running\n in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.\n (CVE-2021-26931)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9136.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26930\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-4.14.35-2047.500.9.3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-4.14.35'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container');\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:54:31", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9067 advisory.\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. (CVE-2021-26932)\n\n - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c. (CVE-2021-26930)\n\n - An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.\n (CVE-2021-26931)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-02-19T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9067)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2021-9067.NASL", "href": "https://www.tenable.com/plugins/nessus/146588", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9067.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146588);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2021-26930\", \"CVE-2021-26931\", \"CVE-2021-26932\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2021-9067)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-9067 advisory.\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations\n often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success\n or failure of each one is reported to the backend driver, and the backend driver then loops over the\n results, performing follow-up actions based on the success or failure of each operation. Unfortunately,\n when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively\n implying their success from the success of related batch elements. In other cases, errors resulting from\n one batch element lead to further batch elements not being inspected, and hence successful ones to not be\n possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are\n vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and\n drivers/xen/gntdev.c. (CVE-2021-26932)\n\n - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to\n the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be\n encountered. In one case, an error encountered earlier might be discarded by later processing, resulting\n in the caller assuming successful mapping, and hence subsequent operations trying to access space that\n wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery\n from the error. This affects drivers/block/xen-blkback/blkback.c. (CVE-2021-26930)\n\n - An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI\n backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially\n being at least under the influence of guests (such as out of memory conditions), it isn't correct to\n assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running\n in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.\n (CVE-2021-26931)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9067.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26930\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.14.35-2047.500.10.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-9067');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.14.35-2047.500.10.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-4.14.35-2047.500.10.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2047.500.10.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2047.500.10.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2047.500.10.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2047.500.10.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2047.500.10.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2047.500.10.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-doc-4.14.35-2047.500.10.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.14.35'},\n {'reference':'kernel-uek-headers-4.14.35-2047.500.10.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2047.500.10.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2047.500.10.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-libs-4.14.35-2047.500.10.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-4.14.35'},\n {'reference':'kernel-uek-tools-libs-devel-4.14.35-2047.500.10.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-devel-4.14.35'},\n {'reference':'perf-4.14.35-2047.500.10.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.35-2047.500.10.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:54:26", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9053 advisory.\n\n - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c. (CVE-2021-26930)\n\n - An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.\n (CVE-2021-26931)\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. (CVE-2021-26932)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-02-16T00:00:00", "type": "nessus", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9053)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2021-9053.NASL", "href": "https://www.tenable.com/plugins/nessus/146534", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9053.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146534);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\"CVE-2021-26930\", \"CVE-2021-26931\", \"CVE-2021-26932\");\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9053)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2021-9053 advisory.\n\n - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to\n the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be\n encountered. In one case, an error encountered earlier might be discarded by later processing, resulting\n in the caller assuming successful mapping, and hence subsequent operations trying to access space that\n wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery\n from the error. This affects drivers/block/xen-blkback/blkback.c. (CVE-2021-26930)\n\n - An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI\n backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially\n being at least under the influence of guests (such as out of memory conditions), it isn't correct to\n assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running\n in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.\n (CVE-2021-26931)\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations\n often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success\n or failure of each one is reported to the backend driver, and the backend driver then loops over the\n results, performing follow-up actions based on the success or failure of each operation. Unfortunately,\n when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively\n implying their success from the success of related batch elements. In other cases, errors resulting from\n one batch element lead to further batch elements not being inspected, and hence successful ones to not be\n possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are\n vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and\n drivers/xen/gntdev.c. (CVE-2021-26932)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9053.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26930\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.4.17-2036.103.3.1.el7uek', '5.4.17-2036.103.3.1.el8uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-9053');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-5.4.17-2036.103.3.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2036.103.3.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2036.103.3.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2036.103.3.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2036.103.3.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2036.103.3.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2036.103.3.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2036.103.3.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2036.103.3.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2036.103.3.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2036.103.3.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-libs-5.4.17-2036.103.3.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-5.4.17'},\n {'reference':'perf-5.4.17-2036.103.3.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-5.4.17-2036.103.3.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-5.4.17-2036.103.3.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2036.103.3.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2036.103.3.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2036.103.3.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2036.103.3.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2036.103.3.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2036.103.3.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2036.103.3.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2036.103.3.1.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:57:23", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9079 advisory.\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. (CVE-2021-26932)\n\n - In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459 (CVE-2020-0431)\n\n - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c. (CVE-2021-26930)\n\n - An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.\n (CVE-2021-26931)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-03T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9079)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0431", "CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2021-9079.NASL", "href": "https://www.tenable.com/plugins/nessus/146993", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9079.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146993);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2020-0431\",\n \"CVE-2021-26930\",\n \"CVE-2021-26931\",\n \"CVE-2021-26932\"\n );\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2021-9079)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2021-9079 advisory.\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations\n often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success\n or failure of each one is reported to the backend driver, and the backend driver then loops over the\n results, performing follow-up actions based on the success or failure of each operation. Unfortunately,\n when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively\n implying their success from the success of related batch elements. In other cases, errors resulting from\n one batch element lead to further batch elements not being inspected, and hence successful ones to not be\n possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are\n vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and\n drivers/xen/gntdev.c. (CVE-2021-26932)\n\n - In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This\n could lead to local escalation of privilege with no additional execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459\n (CVE-2020-0431)\n\n - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to\n the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be\n encountered. In one case, an error encountered earlier might be discarded by later processing, resulting\n in the caller assuming successful mapping, and hence subsequent operations trying to access space that\n wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery\n from the error. This affects drivers/block/xen-blkback/blkback.c. (CVE-2021-26930)\n\n - An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI\n backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially\n being at least under the influence of guests (such as out of memory conditions), it isn't correct to\n assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running\n in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.\n (CVE-2021-26931)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9079.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-26930\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.48.5.el6uek', '4.1.12-124.48.5.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-9079');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.48.5.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.48.5.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.48.5.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.48.5.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.48.5.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.48.5.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.48.5.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.48.5.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.48.5.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.48.5.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.48.5.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.48.5.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:55:16", "description": "The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843).\n\nCVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753).\n\nCVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747).\n\nCVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI target code which could have been used by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0743-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28374", "CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932"], "modified": "2021-03-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-kgraft", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_141-default", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_141-default-debuginfo", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-0743-1.NASL", "href": "https://www.tenable.com/plugins/nessus/147544", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0743-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(147544);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/12\");\n\n script_cve_id(\"CVE-2020-28374\", \"CVE-2021-26930\", \"CVE-2021-26931\", \"CVE-2021-26932\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0743-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 12 SP3 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-26930: Fixed an improper error handling in blkback's grant\nmapping (XSA-365 bsc#1181843).\n\nCVE-2021-26931: Fixed an issue where Linux kernel was treating grant\nmapping errors as bugs (XSA-362 bsc#1181753).\n\nCVE-2021-26932: Fixed improper error handling issues in Linux grant\nmapping (XSA-361 bsc#1181747).\n\nCVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI\ntarget code which could have been used by remote attackers to read or\nwrite files via directory traversal in an XCOPY request (bsc#178372).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177440\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181747\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-28374/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-26930/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-26931/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-26932/\"\n );\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210743-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e4b23d6c\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-743=1\n\nSUSE OpenStack Cloud 8 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-8-2021-743=1\n\nSUSE Linux Enterprise Server for SAP 12-SP3 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP3-2021-743=1\n\nSUSE Linux Enterprise Server 12-SP3-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-2021-743=1\n\nSUSE Linux Enterprise Server 12-SP3-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2021-743=1\n\nSUSE Linux Enterprise High Availability 12-SP3 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP3-2021-743=1\n\nHPE Helion Openstack 8 :\n\nzypper in -t patch HPE-Helion-OpenStack-8-2021-743=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-kgraft\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_141-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_180-94_141-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kernel-default-kgraft-4.4.180-94.141.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_141-default-1-4.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_180-94_141-default-debuginfo-1-4.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.180-94.141.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-4.4.180-94.141.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-4.4.180-94.141.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-base-debuginfo-4.4.180-94.141.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debuginfo-4.4.180-94.141.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-debugsource-4.4.180-94.141.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-default-devel-4.4.180-94.141.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"kernel-syms-4.4.180-94.141.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2022-06-16T14:56:18", "description": "The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843).\n\nCVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753).\n\nCVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747).\n\nCVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI target code which could have been used by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0744-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-28374", "CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932"], "modified": "2021-03-12T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_152-default", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-0744-1.NASL", "href": "https://www.tenable.com/plugins/nessus/147597", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0744-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(147597);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/12\");\n\n script_cve_id(\"CVE-2020-28374\", \"CVE-2021-26930\", \"CVE-2021-26931\", \"CVE-2021-26932\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0744-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-26930: Fixed an improper error handling in blkback's grant\nmapping (XSA-365 bsc#1181843).\n\nCVE-2021-26931: Fixed an issue where Linux kernel was treating grant\nmapping errors as bugs (XSA-362 bsc#1181753).\n\nCVE-2021-26932: Fixed improper error handling issues in Linux grant\nmapping (XSA-361 bsc#1181747).\n\nCVE-2020-28374: Fixed insufficient identifier checking in the LIO SCSI\ntarget code which could have been used by remote attackers to read or\nwrite files via directory traversal in an XCOPY request (bsc#178372).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178372\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181747\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-28374/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-26930/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-26931/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-26932/\"\n );\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210744-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b174d09f\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-7-2021-744=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP2-2021-744=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-2021-744=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2021-744=1\n\nSUSE Linux Enterprise High Availability 12-SP2 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP2-2021-744=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_4_121-92_152-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"kgraft-patch-4_4_121-92_152-default-1-3.3.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"s390x\", reference:\"kernel-default-man-4.4.121-92.152.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-4.4.121-92.152.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-base-4.4.121-92.152.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-base-debuginfo-4.4.121-92.152.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-debuginfo-4.4.121-92.152.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-debugsource-4.4.121-92.152.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-default-devel-4.4.121-92.152.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"kernel-syms-4.4.121-92.152.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N"}}, {"lastseen": "2022-05-13T15:06:47", "description": "The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843).\n\nCVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753).\n\nCVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747). by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372).\n\nCVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0740-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-29368", "CVE-2020-29374", "CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base", "p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-0740-1.NASL", "href": "https://www.tenable.com/plugins/nessus/147586", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0740-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147586);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-29368\",\n \"CVE-2020-29374\",\n \"CVE-2021-26930\",\n \"CVE-2021-26931\",\n \"CVE-2021-26932\"\n );\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0740-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-26930: Fixed an improper error handling in blkback's grant\nmapping (XSA-365 bsc#1181843).\n\nCVE-2021-26931: Fixed an issue where Linux kernel was treating grant\nmapping errors as bugs (XSA-362 bsc#1181753).\n\nCVE-2021-26932: Fixed improper error handling issues in Linux grant\nmapping (XSA-361 bsc#1181747). by remote attackers to read or write\nfiles via directory traversal in an XCOPY request (bsc#178372).\n\nCVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write\nimplementation which could have granted unintended write access\nbecause of a race condition in a THP mapcount check (bsc#1179660,\nbsc#1179428).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163592\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181747\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181753\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182175\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29368/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29374/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26930/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26931/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26932/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210740-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?91dafdd0\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 15 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2021-740=1\n\nSUSE Linux Enterprise Server 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-2021-740=1\n\nSUSE Linux Enterprise Module for Live Patching 15 :\n\nzypper in -t patch SUSE-SLE-Module-Live-Patching-15-2021-740=1\n\nSUSE Linux Enterprise High Performance Computing 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2021-740=1\n\nSUSE Linux Enterprise High Performance Computing 15-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2021-740=1\n\nSUSE Linux Enterprise High Availability 15 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-2021-740=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29368\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-26930\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-vanilla-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"s390x\") audit(AUDIT_ARCH_NOT, \"s390x\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-4.12.14-150.69.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-base-4.12.14-150.69.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-debuginfo-4.12.14-150.69.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-debugsource-4.12.14-150.69.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-devel-4.12.14-150.69.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-devel-debuginfo-4.12.14-150.69.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-150.69.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-obs-build-4.12.14-150.69.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-obs-build-debugsource-4.12.14-150.69.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-syms-4.12.14-150.69.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-vanilla-base-4.12.14-150.69.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-vanilla-base-debuginfo-4.12.14-150.69.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-vanilla-debuginfo-4.12.14-150.69.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-vanilla-debugsource-4.12.14-150.69.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-150.69.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-150.69.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"reiserfs-kmp-default-4.12.14-150.69.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"reiserfs-kmp-default-debuginfo-4.12.14-150.69.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-13T15:01:57", "description": "The SUSE Linux Enterprise 15 SP1 kernel was updated receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843).\n\nCVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753).\n\nCVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747). by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372).\n\nCVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0737-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-29368", "CVE-2020-29374", "CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-0737-1.NASL", "href": "https://www.tenable.com/plugins/nessus/147464", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0737-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147464);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-29368\",\n \"CVE-2020-29374\",\n \"CVE-2021-26930\",\n \"CVE-2021-26931\",\n \"CVE-2021-26932\"\n );\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0737-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP1 kernel was updated receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-26930: Fixed an improper error handling in blkback's grant\nmapping (XSA-365 bsc#1181843).\n\nCVE-2021-26931: Fixed an issue where Linux kernel was treating grant\nmapping errors as bugs (XSA-362 bsc#1181753).\n\nCVE-2021-26932: Fixed improper error handling issues in Linux grant\nmapping (XSA-361 bsc#1181747). by remote attackers to read or write\nfiles via directory traversal in an XCOPY request (bsc#178372).\n\nCVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write\nimplementation which could have granted unintended write access\nbecause of a race condition in a THP mapcount check (bsc#1179660,\nbsc#1179428).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180262\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181747\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181753\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182047\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182175\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29368/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29374/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26930/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26931/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26932/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210737-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a3eb38ab\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Manager Server 4.0 :\n\nzypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-737=1\n\nSUSE Manager Retail Branch Server 4.0 :\n\nzypper in -t patch\nSUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-737=1\n\nSUSE Manager Proxy 4.0 :\n\nzypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-737=1\n\nSUSE Linux Enterprise Server for SAP 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-737=1\n\nSUSE Linux Enterprise Server 15-SP1-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-737=1\n\nSUSE Linux Enterprise Server 15-SP1-BCL :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-737=1\n\nSUSE Linux Enterprise Module for Live Patching 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2021-737=1\n\nSUSE Linux Enterprise High Performance Computing 15-SP1-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-737=1\n\nSUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-737=1\n\nSUSE Linux Enterprise High Availability 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-SP1-2021-737=1\n\nSUSE Enterprise Storage 6 :\n\nzypper in -t patch SUSE-Storage-6-2021-737=1\n\nSUSE CaaS Platform 4.0 :\n\nTo install this update, use the SUSE CaaS Platform 'skuba' tool. I\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29368\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-26930\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-zfcpdump-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-197.86.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debuginfo-4.12.14-197.86.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", cpu:\"s390x\", reference:\"kernel-zfcpdump-debugsource-4.12.14-197.86.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-4.12.14-197.86.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-4.12.14-197.86.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-base-debuginfo-4.12.14-197.86.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debuginfo-4.12.14-197.86.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-debugsource-4.12.14-197.86.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-4.12.14-197.86.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-default-devel-debuginfo-4.12.14-197.86.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-4.12.14-197.86.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-obs-build-debugsource-4.12.14-197.86.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"kernel-syms-4.12.14-197.86.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-4.12.14-197.86.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"reiserfs-kmp-default-debuginfo-4.12.14-197.86.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-13T15:06:55", "description": "The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843).\n\nCVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753).\n\nCVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747). by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372).\n\nCVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0736-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-29368", "CVE-2020-29374", "CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-0736-1.NASL", "href": "https://www.tenable.com/plugins/nessus/147568", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0736-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147568);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-29368\",\n \"CVE-2020-29374\",\n \"CVE-2021-26930\",\n \"CVE-2021-26931\",\n \"CVE-2021-26932\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2021:0736-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-26930: Fixed an improper error handling in blkback's grant\nmapping (XSA-365 bsc#1181843).\n\nCVE-2021-26931: Fixed an issue where Linux kernel was treating grant\nmapping errors as bugs (XSA-362 bsc#1181753).\n\nCVE-2021-26932: Fixed improper error handling issues in Linux grant\nmapping (XSA-361 bsc#1181747). by remote attackers to read or write\nfiles via directory traversal in an XCOPY request (bsc#178372).\n\nCVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write\nimplementation which could have granted unintended write access\nbecause of a race condition in a THP mapcount check (bsc#1179660,\nbsc#1179428).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163592\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176831\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179045\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180906\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181441\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181747\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181753\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182175\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29368/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29374/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26930/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26931/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26932/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210736-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a7c1966e\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud Crowbar 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-736=1\n\nSUSE OpenStack Cloud 9 :\n\nzypper in -t patch SUSE-OpenStack-Cloud-9-2021-736=1\n\nSUSE Linux Enterprise Server for SAP 12-SP4 :\n\nzypper in -t patch SUSE-SLE-SAP-12-SP4-2021-736=1\n\nSUSE Linux Enterprise Server 12-SP4-LTSS :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2021-736=1\n\nSUSE Linux Enterprise Live Patching 12-SP4 :\n\nzypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2021-736=1\n\nSUSE Linux Enterprise High Availability 12-SP4 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP4-2021-736=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29368\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-26930\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-95.71.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-95.71.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-4.12.14-95.71.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-base-4.12.14-95.71.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-base-debuginfo-4.12.14-95.71.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-debuginfo-4.12.14-95.71.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-debugsource-4.12.14-95.71.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-default-devel-4.12.14-95.71.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"kernel-syms-4.12.14-95.71.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:56:08", "description": "The version of kernel installed on the remote host is prior to 4.14.225-121.357. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2021-1487 advisory.\n\n - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c. (CVE-2021-26930)\n\n - An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.\n (CVE-2021-26931)\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. (CVE-2021-26932)\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message. (CVE-2021-27365)\n\n - An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.\n (CVE-2021-28038)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-20T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2021-1487)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-28038"], "modified": "2021-03-20T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2021-1487.NASL", "href": "https://www.tenable.com/plugins/nessus/147919", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2021-1487.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147919);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/20\");\n\n script_cve_id(\n \"CVE-2021-26930\",\n \"CVE-2021-26931\",\n \"CVE-2021-26932\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\",\n \"CVE-2021-28038\"\n );\n script_xref(name:\"ALAS\", value:\"2021-1487\");\n\n script_name(english:\"Amazon Linux AMI : kernel (ALAS-2021-1487)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 4.14.225-121.357. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS-2021-1487 advisory.\n\n - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to\n the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be\n encountered. In one case, an error encountered earlier might be discarded by later processing, resulting\n in the caller assuming successful mapping, and hence subsequent operations trying to access space that\n wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery\n from the error. This affects drivers/block/xen-blkback/blkback.c. (CVE-2021-26930)\n\n - An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI\n backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially\n being at least under the influence of guests (such as out of memory conditions), it isn't correct to\n assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running\n in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.\n (CVE-2021-26931)\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations\n often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success\n or failure of each one is reported to the backend driver, and the backend driver then loops over the\n results, performing follow-up actions based on the success or failure of each operation. Unfortunately,\n when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively\n implying their success from the success of related batch elements. In other cases, errors resulting from\n one batch element lead to further batch elements not being inspected, and hence successful ones to not be\n possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are\n vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and\n drivers/xen/gntdev.c. (CVE-2021-26932)\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine\n the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI\n subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at\n /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in\n drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the\n pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is\n adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have\n appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can\n send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a\n Netlink message. (CVE-2021-27365)\n\n - An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the\n netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of\n changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior\n of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.\n (CVE-2021-28038)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2021-1487.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-26930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-26931\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-26932\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-27363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-27364\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-27365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-28038\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27365\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n cve_list = make_list(\"CVE-2021-26930\", \"CVE-2021-26931\", \"CVE-2021-26932\", \"CVE-2021-27363\", \"CVE-2021-27364\", \"CVE-2021-27365\", \"CVE-2021-28038\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALAS-2021-1487\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\npkgs = [\n {'reference':'kernel-4.14.225-121.357.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.14.225-121.357.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.14.225-121.357.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.14.225-121.357.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-i686-4.14.225-121.357.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-x86_64-4.14.225-121.357.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.225-121.357.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.225-121.357.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.225-121.357.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.225-121.357.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.225-121.357.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.225-121.357.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.14.225-121.357.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.14.225-121.357.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-4.14.225-121.357.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-4.14.225-121.357.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.225-121.357.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.225-121.357.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.14.225-121.357.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.14.225-121.357.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:57:24", "description": "The version of kernel installed on the remote host is prior to 4.14.225-168.357. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1616 advisory.\n\n - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c. (CVE-2021-26930)\n\n - An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.\n (CVE-2021-26931)\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. (CVE-2021-26932)\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message. (CVE-2021-27365)\n\n - An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.\n (CVE-2021-28038)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-19T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALAS-2021-1616)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-28038"], "modified": "2021-03-19T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-livepatch-4.14.225-168.357", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2021-1616.NASL", "href": "https://www.tenable.com/plugins/nessus/147914", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2021-1616.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147914);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/19\");\n\n script_cve_id(\n \"CVE-2021-26930\",\n \"CVE-2021-26931\",\n \"CVE-2021-26932\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\",\n \"CVE-2021-28038\"\n );\n script_xref(name:\"ALAS\", value:\"2021-1616\");\n\n script_name(english:\"Amazon Linux 2 : kernel (ALAS-2021-1616)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 4.14.225-168.357. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2-2021-1616 advisory.\n\n - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to\n the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be\n encountered. In one case, an error encountered earlier might be discarded by later processing, resulting\n in the caller assuming successful mapping, and hence subsequent operations trying to access space that\n wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery\n from the error. This affects drivers/block/xen-blkback/blkback.c. (CVE-2021-26930)\n\n - An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI\n backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially\n being at least under the influence of guests (such as out of memory conditions), it isn't correct to\n assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running\n in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.\n (CVE-2021-26931)\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations\n often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success\n or failure of each one is reported to the backend driver, and the backend driver then loops over the\n results, performing follow-up actions based on the success or failure of each operation. Unfortunately,\n when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively\n implying their success from the success of related batch elements. In other cases, errors resulting from\n one batch element lead to further batch elements not being inspected, and hence successful ones to not be\n possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are\n vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and\n drivers/xen/gntdev.c. (CVE-2021-26932)\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine\n the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI\n subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at\n /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in\n drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the\n pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is\n adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have\n appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can\n send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a\n Netlink message. (CVE-2021-27365)\n\n - An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the\n netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of\n changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior\n of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.\n (CVE-2021-28038)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2021-1616.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-26930\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-26931\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-26932\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-27363\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-27364\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-27365\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-28038\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27365\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-4.14.225-168.357\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n cve_list = make_list(\"CVE-2021-26930\", \"CVE-2021-26931\", \"CVE-2021-26932\", \"CVE-2021-27363\", \"CVE-2021-27364\", \"CVE-2021-27365\", \"CVE-2021-28038\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALAS-2021-1616\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\npkgs = [\n {'reference':'kernel-4.14.225-168.357.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.14.225-168.357.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.14.225-168.357.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.14.225-168.357.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-aarch64-4.14.225-168.357.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-x86_64-4.14.225-168.357.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.225-168.357.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.14.225-168.357.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.225-168.357.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.225-168.357.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.14.225-168.357.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-livepatch-4.14.225-168.357-1.0-0.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.225-168.357.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.14.225-168.357.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.14.225-168.357.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.14.225-168.357.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-4.14.225-168.357.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-4.14.225-168.357.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.225-168.357.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.14.225-168.357.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.14.225-168.357.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.14.225-168.357.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.225-168.357.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.225-168.357.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-debuginfo-4.14.225-168.357.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-debuginfo-4.14.225-168.357.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-debuginfo / kernel-debuginfo-common-x86_64 / etc\");\n}", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-06-16T14:56:41", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9085 advisory.\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. (CVE-2021-26932)\n\n - In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459 (CVE-2020-0431)\n\n - Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef (ovl:\n stack file ops). This was fixed in kernel version 5.8 by commits 56230d9 (ovl: verify permissions in ovl_path_open()), 48bd024 (ovl: switch to mounter creds in readdir) and 05acefb (ovl: check permission to open real file). Additionally, commits 130fdbc (ovl: pass correct flags for opening real directory) and 292f902 (ovl: call secutiry hook in ovl_real_ioctl()) in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da (ovl: do not fail because of O_NOATIMEi) in kernel 5.11. (CVE-2020-16120)\n\n - An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.\n (CVE-2021-3347)\n\n - nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after- free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71. (CVE-2021-3348)\n\n - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c. (CVE-2021-26930)\n\n - An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.\n (CVE-2021-26931)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-09T00:00:00", "type": "nessus", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9085)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0431", "CVE-2020-16120", "CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932", "CVE-2021-3347", "CVE-2021-3348"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2021-9085.NASL", "href": "https://www.tenable.com/plugins/nessus/147204", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9085.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147204);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2020-0431\",\n \"CVE-2020-16120\",\n \"CVE-2021-3347\",\n \"CVE-2021-3348\",\n \"CVE-2021-26930\",\n \"CVE-2021-26931\",\n \"CVE-2021-26932\"\n );\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9085)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2021-9085 advisory.\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations\n often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success\n or failure of each one is reported to the backend driver, and the backend driver then loops over the\n results, performing follow-up actions based on the success or failure of each operation. Unfortunately,\n when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively\n implying their success from the success of related batch elements. In other cases, errors resulting from\n one batch element lead to further batch elements not being inspected, and hence successful ones to not be\n possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are\n vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and\n drivers/xen/gntdev.c. (CVE-2021-26932)\n\n - In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This\n could lead to local escalation of privilege with no additional execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459\n (CVE-2020-0431)\n\n - Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be\n exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was\n possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by\n the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef (ovl:\n stack file ops). This was fixed in kernel version 5.8 by commits 56230d9 (ovl: verify permissions in\n ovl_path_open()), 48bd024 (ovl: switch to mounter creds in readdir) and 05acefb (ovl: check permission\n to open real file). Additionally, commits 130fdbc (ovl: pass correct flags for opening real directory)\n and 292f902 (ovl: call secutiry hook in ovl_real_ioctl()) in kernel 5.8 might also be desired or\n necessary. These additional commits introduced a regression in overlay mounts within user namespaces which\n prevented access to files with ownership outside of the user namespace. This regression was mitigated by\n subsequent commit b6650da (ovl: do not fail because of O_NOATIMEi) in kernel 5.11. (CVE-2020-16120)\n\n - An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free\n during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.\n (CVE-2021-3347)\n\n - nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-\n free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a\n certain point during device setup, aka CID-b98e762e3d71. (CVE-2021-3348)\n\n - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to\n the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be\n encountered. In one case, an error encountered earlier might be discarded by later processing, resulting\n in the caller assuming successful mapping, and hence subsequent operations trying to access space that\n wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery\n from the error. This affects drivers/block/xen-blkback/blkback.c. (CVE-2021-26930)\n\n - An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI\n backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially\n being at least under the influence of guests (such as out of memory conditions), it isn't correct to\n assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running\n in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.\n (CVE-2021-26931)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9085.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3347\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.4.17-2036.104.4.el7uek', '5.4.17-2036.104.4.el8uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2021-9085');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-5.4.17-2036.104.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2036.104.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2036.104.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2036.104.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2036.104.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2036.104.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2036.104.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2036.104.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2036.104.4.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2036.104.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2036.104.4.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-libs-5.4.17-2036.104.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-5.4.17'},\n {'reference':'perf-5.4.17-2036.104.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-5.4.17-2036.104.4.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-5.4.17-2036.104.4.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2036.104.4.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2036.104.4.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2036.104.4.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2036.104.4.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2036.104.4.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2036.104.4.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2036.104.4.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2036.104.4.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:55:22", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9086 advisory.\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. (CVE-2021-26932)\n\n - In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459 (CVE-2020-0431)\n\n - Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef (ovl:\n stack file ops). This was fixed in kernel version 5.8 by commits 56230d9 (ovl: verify permissions in ovl_path_open()), 48bd024 (ovl: switch to mounter creds in readdir) and 05acefb (ovl: check permission to open real file). Additionally, commits 130fdbc (ovl: pass correct flags for opening real directory) and 292f902 (ovl: call secutiry hook in ovl_real_ioctl()) in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the user namespace. This regression was mitigated by subsequent commit b6650da (ovl: do not fail because of O_NOATIMEi) in kernel 5.11. (CVE-2020-16120)\n\n - An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.\n (CVE-2021-3347)\n\n - nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after- free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a certain point during device setup, aka CID-b98e762e3d71. (CVE-2021-3348)\n\n - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c. (CVE-2021-26930)\n\n - An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.\n (CVE-2021-26931)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-09T00:00:00", "type": "nessus", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9086)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0431", "CVE-2020-16120", "CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932", "CVE-2021-3347", "CVE-2021-3348"], "modified": "2021-09-08T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek-container", "p-cpe:/a:oracle:linux:kernel-uek-container-debug"], "id": "ORACLELINUX_ELSA-2021-9086.NASL", "href": "https://www.tenable.com/plugins/nessus/147203", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9086.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147203);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/09/08\");\n\n script_cve_id(\n \"CVE-2020-0431\",\n \"CVE-2020-16120\",\n \"CVE-2021-3347\",\n \"CVE-2021-3348\",\n \"CVE-2021-26930\",\n \"CVE-2021-26931\",\n \"CVE-2021-26932\"\n );\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2021-9086)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2021-9086 advisory.\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations\n often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success\n or failure of each one is reported to the backend driver, and the backend driver then loops over the\n results, performing follow-up actions based on the success or failure of each operation. Unfortunately,\n when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively\n implying their success from the success of related batch elements. In other cases, errors resulting from\n one batch element lead to further batch elements not being inspected, and hence successful ones to not be\n possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are\n vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and\n drivers/xen/gntdev.c. (CVE-2021-26932)\n\n - In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This\n could lead to local escalation of privilege with no additional execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-144161459\n (CVE-2020-0431)\n\n - Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be\n exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was\n possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by\n the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef (ovl:\n stack file ops). This was fixed in kernel version 5.8 by commits 56230d9 (ovl: verify permissions in\n ovl_path_open()), 48bd024 (ovl: switch to mounter creds in readdir) and 05acefb (ovl: check permission\n to open real file). Additionally, commits 130fdbc (ovl: pass correct flags for opening real directory)\n and 292f902 (ovl: call secutiry hook in ovl_real_ioctl()) in kernel 5.8 might also be desired or\n necessary. These additional commits introduced a regression in overlay mounts within user namespaces which\n prevented access to files with ownership outside of the user namespace. This regression was mitigated by\n subsequent commit b6650da (ovl: do not fail because of O_NOATIMEi) in kernel 5.11. (CVE-2020-16120)\n\n - An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free\n during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.\n (CVE-2021-3347)\n\n - nbd_add_socket in drivers/block/nbd.c in the Linux kernel through 5.10.12 has an ndb_queue_rq use-after-\n free that could be triggered by local attackers (with access to the nbd device) via an I/O request at a\n certain point during device setup, aka CID-b98e762e3d71. (CVE-2021-3348)\n\n - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to\n the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be\n encountered. In one case, an error encountered earlier might be discarded by later processing, resulting\n in the caller assuming successful mapping, and hence subsequent operations trying to access space that\n wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery\n from the error. This affects drivers/block/xen-blkback/blkback.c. (CVE-2021-26930)\n\n - An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI\n backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially\n being at least under the influence of guests (such as out of memory conditions), it isn't correct to\n assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running\n in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.\n (CVE-2021-26931)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9086.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container and / or kernel-uek-container-debug packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3347\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container-debug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-5.4.17-2036.104.4.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2036.104.4.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.4.17'},\n {'reference':'kernel-uek-container-5.4.17-2036.104.4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2036.104.4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.4.17'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container / kernel-uek-container-debug');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-15T16:59:52", "description": "The version of kernel installed on the remote host is prior to 5.4.105-48.177. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-001 advisory.\n\n - A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system. (CVE-2020-25639)\n\n - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be encountered. In one case, an error encountered earlier might be discarded by later processing, resulting in the caller assuming successful mapping, and hence subsequent operations trying to access space that wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery from the error. This affects drivers/block/xen-blkback/blkback.c. (CVE-2021-26930)\n\n - An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially being at least under the influence of guests (such as out of memory conditions), it isn't correct to assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.\n (CVE-2021-26931)\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. (CVE-2021-26932)\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message. (CVE-2021-27365)\n\n - An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.\n (CVE-2021-28038)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-05-02T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-001)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-25639", "CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-28038"], "modified": "2022-05-27T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:bpftool", "p-cpe:/a:amazon:linux:bpftool-debuginfo", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALASKERNEL-5_4-2022-001.NASL", "href": "https://www.tenable.com/plugins/nessus/160419", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASKERNEL-5.4-2022-001.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160419);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/27\");\n\n script_cve_id(\n \"CVE-2020-25639\",\n \"CVE-2021-26930\",\n \"CVE-2021-26931\",\n \"CVE-2021-26932\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\",\n \"CVE-2021-28038\"\n );\n\n script_name(english:\"Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-001)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 5.4.105-48.177. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-001 advisory.\n\n - A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in\n versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw\n allows a local user to crash the system. (CVE-2020-25639)\n\n - An issue was discovered in the Linux kernel 3.11 through 5.10.16, as used by Xen. To service requests to\n the PV backend, the driver maps grant references provided by the frontend. In this process, errors may be\n encountered. In one case, an error encountered earlier might be discarded by later processing, resulting\n in the caller assuming successful mapping, and hence subsequent operations trying to access space that\n wasn't mapped. In another case, internal state would be insufficiently updated, preventing safe recovery\n from the error. This affects drivers/block/xen-blkback/blkback.c. (CVE-2021-26930)\n\n - An issue was discovered in the Linux kernel 2.6.39 through 5.10.16, as used in Xen. Block, net, and SCSI\n backends consider certain errors a plain bug, deliberately causing a kernel crash. For errors potentially\n being at least under the influence of guests (such as out of memory conditions), it isn't correct to\n assume a plain bug. Memory allocations potentially causing such crashes occur only when Linux is running\n in PV mode, though. This affects drivers/block/xen-blkback/blkback.c and drivers/xen/xen-scsiback.c.\n (CVE-2021-26931)\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations\n often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success\n or failure of each one is reported to the backend driver, and the backend driver then loops over the\n results, performing follow-up actions based on the success or failure of each operation. Unfortunately,\n when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively\n implying their success from the success of related batch elements. In other cases, errors resulting from\n one batch element lead to further batch elements not being inspected, and hence successful ones to not be\n possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are\n vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and\n drivers/xen/gntdev.c. (CVE-2021-26932)\n\n - An issue was discovered in the Linux kernel through 5.11.3. A kernel pointer leak can be used to determine\n the address of the iscsi_transport structure. When an iSCSI transport is registered with the iSCSI\n subsystem, the transport's handle is available to unprivileged users via the sysfs file system, at\n /sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When read, the show_transport_handle function (in\n drivers/scsi/scsi_transport_iscsi.c) is called, which leaks the handle. This handle is actually the\n pointer to an iscsi_transport struct in the kernel module's global variables. (CVE-2021-27363)\n\n - An issue was discovered in the Linux kernel through 5.11.3. drivers/scsi/scsi_transport_iscsi.c is\n adversely affected by the ability of an unprivileged user to craft Netlink messages. (CVE-2021-27364)\n\n - An issue was discovered in the Linux kernel through 5.11.3. Certain iSCSI data structures do not have\n appropriate length constraints or checks, and can exceed the PAGE_SIZE value. An unprivileged user can\n send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a\n Netlink message. (CVE-2021-27365)\n\n - An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the\n netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of\n changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior\n of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.\n (CVE-2021-28038)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2022-001.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-25639.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-26930.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-26931.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-26932.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-27363.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-27364.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-27365.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-28038.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-27365\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2020-25639\", \"CVE-2021-26930\", \"CVE-2021-26931\", \"CVE-2021-26932\", \"CVE-2021-27363\", \"CVE-2021-27364\", \"CVE-2021-27365\", \"CVE-2021-28038\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALASKERNEL-5.4-2022-001\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-5.4.105-48.177.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-5.4.105-48.177.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-debuginfo-5.4.105-48.177.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-debuginfo-5.4.105-48.177.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-5.4.105-48.177.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-5.4.105-48.177.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-5.4.105-48.177.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-5.4.105-48.177.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-common-aarch64-5.4.105-48.177.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-common-x86_64-5.4.105-48.177.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-devel-5.4.105-48.177.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-devel-5.4.105-48.177.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.105-48.177.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.105-48.177.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.105-48.177.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-5.4.105-48.177.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-5.4.105-48.177.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-debuginfo-5.4.105-48.177.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-debuginfo-5.4.105-48.177.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-devel-5.4.105-48.177.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-devel-5.4.105-48.177.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-5.4.105-48.177.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-5.4.105-48.177.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-debuginfo-5.4.105-48.177.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-debuginfo-5.4.105-48.177.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-5.4.105-48.177.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-5.4.105-48.177.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-debuginfo-5.4.105-48.177.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-debuginfo-5.4.105-48.177.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / etc\");\n}", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-05-13T15:06:44", "description": "The openSUSE Linux Leap 15.2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843).\n\n - CVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753).\n\n - CVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747). by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372).\n\n - CVE-2020-12362: Fixed an integer overflow in the firmware which may have allowed a privileged user to potentially enable an escalation of privilege via local access (bsc#1181720).\n\n - CVE-2020-12363: Fixed an improper input validation which may have allowed a privileged user to potentially enable a denial of service via local access (bsc#1181735).\n\n - CVE-2020-12364: Fixed a NULL pointer reference which may have allowed a privileged user to potentially enable a denial of service via local access (bsc#1181736 ).\n\n - CVE-2020-12373: Fixed an expired pointer dereference which may have allowed a privileged user to potentially enable a denial of service via local access (bsc#1181738).\n\n - CVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428).\n\nThe following non-security bugs were fixed :\n\n - ACPICA: Fix exception code class checks (git-fixes).\n\n - ACPI: configfs: add missing check after configfs_register_default_group() (git-fixes).\n\n - ACPI: property: Fix fwnode string properties matching (git-fixes).\n\n - ACPI: property: Satisfy kernel doc validator (part 1) (git-fixes).\n\n - ACPI: property: Satisfy kernel doc validator (part 2) (git-fixes).\n\n - ALSA: hda: Add another CometLake-H PCI ID (git-fixes).\n\n - ALSA: hda/hdmi: Drop bogus check at closing a stream (git-fixes).\n\n - ALSA: hda/realtek: modify EAPD in the ALC886 (git-fixes).\n\n - ALSA: pcm: Assure sync with the pending stop operation at suspend (git-fixes).\n\n - ALSA: pcm: Call sync_stop at disconnection (git-fixes).\n\n - ALSA: pcm: Do not call sync_stop if it hasn't been stopped (git-fixes).\n\n - ALSA: usb-audio: Add implicit fb quirk for BOSS GP-10 (git-fixes).\n\n - ALSA: usb-audio: Correct document for snd_usb_endpoint_free_all() (git-fixes).\n\n - ALSA: usb-audio: Do not avoid stopping the stream at disconnection (git-fixes).\n\n - ALSA: usb-audio: Fix PCM buffer allocation in non-vmalloc mode (git-fixes).\n\n - ALSA: usb-audio: Handle invalid running state at releasing EP (git-fixes).\n\n - ALSA: usb-audio: More strict state change in EP (git-fixes).\n\n - amba: Fix resource leak for drivers without .remove (git-fixes).\n\n - arm64: Update config file. Set CONFIG_WATCHDOG_SYSFS to true (bsc#1182560)\n\n - armv7hl: lpae: Update config files. Disable KVM support (bsc#1182697)\n\n - ASoC: cpcap: fix microphone timeslot mask (git-fixes).\n\n - ASoC: cs42l56: fix up error handling in probe (git-fixes).\n\n - ASoC: simple-card-utils: Fix device module clock (git-fixes).\n\n - ASoC: SOF: debug: Fix a potential issue on string buffer termination (git-fixes).\n\n - ata: ahci_brcm: Add back regulators management (git-fixes).\n\n - ata: sata_nv: Fix retrieving of active qcs (git-fixes).\n\n - ath10k: Fix error handling in case of CE pipe init failure (git-fixes).\n\n - ath9k: fix data bus crash when setting nf_override via debugfs (git-fixes).\n\n - bcache: fix overflow in offset_to_stripe() (git-fixes).\n\n - blk-mq: call commit_rqs while list empty but error happen (bsc#1182442).\n\n - blk-mq: insert request not through ->queue_rq into sw/scheduler queue (bsc#1182443).\n\n - blk-mq: move cancel of hctx->run_work to the front of blk_exit_queue (bsc#1182444).\n\n - block: fix inflight statistics of part0 (bsc#1182445).\n\n - block: respect queue limit of max discard segment (bsc#1182441).\n\n - block: virtio_blk: fix handling single range discard request (bsc#1182439).\n\n - Bluetooth: btqcomsmd: Fix a resource leak in error handling paths in the probe function (git-fixes).\n\n - Bluetooth: btusb: Fix memory leak in btusb_mtk_wmt_recv (git-fixes).\n\n - Bluetooth: drop HCI device reference before return (git-fixes).\n\n - Bluetooth: Fix initializing response id after clearing struct (git-fixes).\n\n - Bluetooth: hci_uart: Fix a race for write_work scheduling (git-fixes).\n\n - Bluetooth: Put HCI device if inquiry procedure interrupts (git-fixes).\n\n - bnxt_en: Fix accumulation of bp->net_stats_prev (git-fixes).\n\n - bnxt_en: fix error return code in bnxt_init_board() (git-fixes).\n\n - bnxt_en: fix error return code in bnxt_init_one() (git-fixes).\n\n - bnxt_en: Improve stats context resource accounting with RDMA driver loaded (git-fixes).\n\n - bnxt_en: read EEPROM A2h address using page 0 (git-fixes).\n\n - bnxt_en: Release PCI regions when DMA mask setup fails during probe (git-fixes).\n\n - bonding: Fix reference count leak in bond_sysfs_slave_add (git-fixes).\n\n - bonding: set dev->needed_headroom in bond_setup_by_slave() (git-fixes).\n\n - bonding: wait for sysfs kobject destruction before freeing struct slave (git-fixes).\n\n - bpf, cgroup: Fix optlen WARN_ON_ONCE toctou (bsc#1155518).\n\n - bpf, cgroup: Fix problematic bounds check (bsc#1155518).\n\n - btrfs: add assertion for empty list of transactions at late stage of umount (bsc#1182626).\n\n - btrfs: Cleanup try_flush_qgroup (bsc#1182047).\n\n - btrfs: Do not flush from btrfs_delayed_inode_reserve_metadata (bsc#1182047).\n\n - btrfs: Fix race between extent freeing/allocation when using bitmaps (bsc#1181574).\n\n - btrfs: fix race between RO remount and the cleaner task (bsc#1182626).\n\n - btrfs: fix transaction leak and crash after cleaning up orphans on RO mount (bsc#1182626).\n\n - btrfs: fix transaction leak and crash after RO remount caused by qgroup rescan (bsc#1182626).\n\n - btrfs: Free correct amount of space in btrfs_delayed_inode_reserve_metadata (bsc#1182047).\n\n - btrfs: lift read-write mount setup from mount and remount (bsc#1182626).\n\n - btrfs: Remove btrfs_inode from btrfs_delayed_inode_reserve_metadata (bsc#1182047).\n\n - btrfs: run delayed iputs when remounting RO to avoid leaking them (bsc#1182626).\n\n - btrfs: Simplify code flow in btrfs_delayed_inode_reserve_metadata (bsc#1182047).\n\n - btrfs: Unlock extents in btrfs_zero_range in case of errors (bsc#1182047).\n\n - caif: no need to check return value of debugfs_create functions (git-fixes).\n\n - ceph: fix flush_snap logic after putting caps (bsc#1182854).\n\n - cgroup: Fix memory leak when parsing multiple source parameters (bsc#1182683).\n\n - cgroup: fix psi monitor for root cgroup (bsc#1182686).\n\n - cgroup-v1: add disabled controller check in cgroup1_parse_param() (bsc#1182684).\n\n - chelsio/chtls: correct function return and return type (git-fixes).\n\n - chelsio/chtls: correct netdevice for vlan interface (git-fixes).\n\n - chelsio/chtls: fix a double free in chtls_setkey() (git-fixes).\n\n - chelsio/chtls: fix always leaking ctrl_skb (git-fixes).\n\n - chelsio/chtls: fix deadlock issue (git-fixes).\n\n - chelsio/chtls: fix memory leaks caused by a race (git-fixes).\n\n - chelsio/chtls: fix memory leaks in CPL handlers (git-fixes).\n\n - chelsio/chtls: fix panic during unload reload chtls (git-fixes).\n\n - chelsio/chtls: fix socket lock (git-fixes).\n\n - chelsio/chtls: fix tls record info to user (git-fixes).\n\n - Cherry-pick ibmvnic patches from SP3 (jsc#SLE-17268).\n\n - chtls: Added a check to avoid NULL pointer dereference (git-fixes).\n\n - chtls: Fix chtls resources release sequence (git-fixes).\n\n - chtls: Fix hardware tid leak (git-fixes).\n\n - chtls: Fix panic when route to peer not configured (git-fixes).\n\n - chtls: Remove invalid set_tcb call (git-fixes).\n\n - chtls: Replace skb_dequeue with skb_peek (git-fixes).\n\n - cifs: check all path components in resolved dfs target (bsc#1181710).\n\n - cifs: fix nodfs mount option (bsc#1181710).\n\n - cifs: introduce helper for finding referral server (bsc#1181710).\n\n - cifs: report error instead of invalid when revalidating a dentry fails (bsc#1177440).\n\n - cirrus: cs89x0: remove set but not used variable 'lp' (git-fixes).\n\n - cirrus: cs89x0: use devm_platform_ioremap_resource() to simplify code (git-fixes).\n\n - clk: meson: clk-pll: fix initializing the old rate (fallback) for a PLL (git-fixes).\n\n - clk: meson: clk-pll: make 'ret' a signed integer (git-fixes).\n\n - clk: meson: clk-pll: propagate the error from meson_clk_pll_set_rate() (git-fixes).\n\n - clk: qcom: gcc-msm8998: Fix Alpha PLL type for all GPLLs (git-fixes).\n\n - clk: sunxi-ng: h6: Fix CEC clock (git-fixes).\n\n - clk: sunxi-ng: h6: Fix clock divider range on some clocks (git-fixes).\n\n - clk: sunxi-ng: mp: fix parent rate change flag check (git-fixes).\n\n - clocksource/drivers/ixp4xx: Select TIMER_OF when needed (git-fixes).\n\n - cpufreq: brcmstb-avs-cpufreq: Fix resource leaks in\n ->remove() (git-fixes).\n\n - cpufreq: brcmstb-avs-cpufreq: Free resources in error path (git-fixes).\n\n - cpuset: fix race between hotplug work and later CPU offline (bsc#1182676).\n\n - crypto: ecdh_helper - Ensure 'len >= secret.len' in decode_key() (git-fixes).\n\n - crypto: talitos - Work around SEC6 ERRATA (AES-CTR mode data size error) (git-fixes).\n\n - cxgb3: fix error return code in t3_sge_alloc_qset() (git-fixes).\n\n - cxgb4: fix all-mask IP address comparison (git-fixes).\n\n - cxgb4: fix checks for max queues to allocate (git-fixes).\n\n - cxgb4: fix endian conversions for L4 ports in filters (git-fixes).\n\n - cxgb4: fix set but unused variable when DCB is disabled (git-fixes).\n\n - cxgb4: fix SGE queue dump destination buffer context (git-fixes).\n\n - cxgb4: fix the panic caused by non smac rewrite (git-fixes).\n\n - cxgb4: move DCB version extern to header file (git-fixes).\n\n - cxgb4: move handling L2T ARP failures to caller (git-fixes).\n\n - cxgb4: move PTP lock and unlock to caller in Tx path (git-fixes).\n\n - cxgb4: parse TC-U32 key values and masks natively (git-fixes).\n\n - cxgb4: remove cast when saving IPv4 partial checksum (git-fixes).\n\n - cxgb4: set up filter action after rewrites (git-fixes).\n\n - cxgb4: use correct type for all-mask IP address comparison (git-fixes).\n\n - cxgb4: use unaligned conversion for fetching timestamp (git-fixes).\n\n - dmaengine: fsldma: Fix a resource leak in an error handling path of the probe function (git-fixes).\n\n - dmaengine: fsldma: Fix a resource leak in the remove function (git-fixes).\n\n - dmaengine: hsu: disable spurious interrupt (git-fixes).\n\n - dmaengine: owl-dma: Fix a resource leak in the remove function (git-fixes).\n\n - dm crypt: avoid truncating the logical block size (git-fixes).\n\n - dm: fix bio splitting and its bio completion order for regular IO (git-fixes).\n\n - dm thin: fix use-after-free in metadata_pre_commit_callback (bsc#1177529).\n\n - dm thin metadata: Avoid returning cmd->bm wild pointer on error (bsc#1177529).\n\n - dm thin metadata: fix lockdep complaint (bsc#1177529).\n\n - dm thin metadata: Fix use-after-free in dm_bm_set_read_only (bsc#1177529).\n\n - dm: use noio when sending kobject event (bsc#1177529).\n\n - docs: filesystems: vfs: correct flag name (bsc#1182856).\n\n - dpaa2-eth: fix return codes used in ndo_setup_tc (git-fixes).\n\n - Drivers: hv: vmbus: Avoid use-after-free in vmbus_onoffer_rescind() (git-fixes).\n\n - drivers: net: davinci_mdio: fix potential NULL dereference in davinci_mdio_probe() (git-fixes).\n\n - drivers: soc: atmel: add null entry at the end of at91_soc_allowed_list[] (git-fixes).\n\n - drivers: soc: atmel: Avoid calling at91_soc_init on non AT91 SoCs (git-fixes).\n\n - drm/amd/display: Change function decide_dp_link_settings to avoid infinite looping (git-fixes).\n\n - drm/amd/display: Decrement refcount of dc_sink before reassignment (git-fixes).\n\n - drm/amd/display: Fix 10/12 bpc setup in DCE output bit depth reduction (git-fixes).\n\n - drm/amd/display: Fix dc_sink kref count in emulated_link_detect (git-fixes).\n\n - drm/amd/display: Fix HDMI deep color output for DCE 6-11 (git-fixes).\n\n - drm/amd/display: Free atomic state after drm_atomic_commit (git-fixes).\n\n - drm/amd/display: Revert 'Fix EDID parsing after resume from suspend' (git-fixes).\n\n - drm/amdgpu: Fix macro name _AMDGPU_TRACE_H_ in preprocessor if condition (git-fixes).\n\n - drm/fb-helper: Add missed unlocks in setcmap_legacy() (git-fixes).\n\n - drm/gma500: Fix error return code in psb_driver_load() (git-fixes).\n\n - drm/meson: Unbind all connectors on module removal (bsc#1152472)\n\n - drm/sun4i: dw-hdmi: always set clock rate (bsc#1152472)\n\n - drm/sun4i: dw-hdmi: Fix max. frequency for H6 (bsc#1152472)\n\n - drm/sun4i: Fix H6 HDMI PHY configuration (bsc#1152472)\n\n - drm/sun4i: tcon: set sync polarity for tcon1 channel (bsc#1152472)\n\n - drm/vc4: hvs: Fix buffer overflow with the dlist handling (bsc#1152489)\n\n - exec: Always set cap_ambient in cap_bprm_set_creds (git-fixes).\n\n - exfat: Avoid allocating upcase table using kcalloc() (git-fixes).\n\n - ext4: do not remount read-only with errors=continue on reboot (bsc#1182464).\n\n - ext4: fix a memory leak of ext4_free_data (bsc#1182447).\n\n - ext4: fix bug for rename with RENAME_WHITEOUT (bsc#1182449).\n\n - ext4: fix deadlock with fs freezing and EA inodes (bsc#1182463).\n\n - ext4: fix superblock checksum failure when setting password salt (bsc#1182465).\n\n - ext4: prevent creating duplicate encrypted filenames (bsc#1182446).\n\n - fgraph: Initialize tracing_graph_pause at task creation (git-fixes).\n\n - firmware_loader: align .builtin_fw to 8 (git-fixes).\n\n - fscrypt: add fscrypt_is_nokey_name() (bsc#1182446).\n\n - fscrypt: rename DCACHE_ENCRYPTED_NAME to DCACHE_NOKEY_NAME (bsc#1182446).\n\n - fs: fix lazytime expiration handling in\n __writeback_single_inode() (bsc#1182466).\n\n - gma500: clean up error handling in init (git-fixes).\n\n - gpio: pcf857x: Fix missing first interrupt (git-fixes).\n\n - HID: core: detect and skip invalid inputs to snto32() (git-fixes).\n\n - HID: make arrays usage and value to be the same (git-fixes).\n\n - HID: wacom: Ignore attempts to overwrite the touch_max value from HID (git-fixes).\n\n - hwrng: timeriomem - Fix cooldown period calculation (git-fixes).\n\n - i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition (git-fixes).\n\n - i2c: iproc: handle only slave interrupts which are enabled (git-fixes).\n\n - i2c: mediatek: Move suspend and resume handling to NOIRQ phase (git-fixes).\n\n - i2c: stm32f7: fix configuration of the digital filter (git-fixes).\n\n - i3c: master: dw: Drop redundant disec call (git-fixes).\n\n - i40e: acquire VSI pointer only after VF is initialized (jsc#SLE-8025).\n\n - i40e: avoid premature Rx buffer reuse (git-fixes).\n\n - i40e: Fix Error I40E_AQ_RC_EINVAL when removing VFs (git-fixes).\n\n - i40e: Fix MAC address setting for a VF via Host/VM (git-fixes).\n\n - i40e: Fix removing driver while bare-metal VFs pass traffic (git-fixes).\n\n - i40e: Revert 'i40e: do not report link up for a VF who hasn't enabled queues' (jsc#SLE-8025).\n\n - iavf: fix double-release of rtnl_lock (git-fixes).\n\n - iavf: fix error return code in iavf_init_get_resources() (git-fixes).\n\n - iavf: fix speed reporting over virtchnl (git-fixes).\n\n - iavf: Fix updating statistics (git-fixes).\n\n - ibmvnic: add memory barrier to protect long term buffer (bsc#1182485 ltc#191591).\n\n - ibmvnic: change IBMVNIC_MAX_IND_DESCS to 16 (bsc#1182485 ltc#191591).\n\n - ibmvnic: Clean up TX code and TX buffer data structure (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: Clear failover_pending if unable to schedule (bsc#1181960 ltc#190997).\n\n - ibmvnic: compare adapter->init_done_rc with more readable ibmvnic_rc_codes (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: Correctly re-enable interrupts in NAPI polling routine (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: create send_control_ip_offload (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: create send_query_ip_offload (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: device remove has higher precedence over reset (bsc#1065729).\n\n - ibmvnic: Do not replenish RX buffers after every polling loop (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: Ensure that CRQ entry read are correctly ordered (bsc#1182485 ltc#191591).\n\n - ibmvnic: Ensure that device queue memory is cache-line aligned (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: Ensure that SCRQ entry reads are correctly ordered (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: fix a race between open and reset (bsc#1176855 ltc#187293).\n\n - ibmvnic: fix login buffer memory leak (bsc#1081134 ltc#164631).\n\n - ibmvnic: fix NULL pointer dereference in ibmvic_reset_crq (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: fix rx buffer tracking and index management in replenish_rx_pool partial success (bsc#1179929 ltc#189960).\n\n - ibmvnic: Fix TX completion error handling (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: Fix use-after-free of VNIC login response buffer (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: handle inconsistent login with reset (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: Harden device Command Response Queue handshake (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: improve ibmvnic_init and ibmvnic_reset_init (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: Introduce batched RX buffer descriptor transmission (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: Introduce indirect subordinate Command Response Queue buffer (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: Introduce xmit_more support using batched subCRQ hcalls (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: merge ibmvnic_reset_init and ibmvnic_init (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: no reset timeout for 5 seconds after reset (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: reduce wait for completion time (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: remove never executed if statement (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: Remove send_subcrq function (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: rename ibmvnic_send_req_caps to send_request_cap (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: rename send_cap_queries to send_query_cap (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: rename send_map_query to send_query_map (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: send_login should check for crq errors (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: serialize access to work queue on remove (bsc#1065729).\n\n - ibmvnic: Set to CLOSED state even on error (bsc#1084610 ltc#165122 git-fixes).\n\n - ibmvnic: skip send_request_unmap for timeout reset (bsc#1182485 ltc#191591).\n\n - ibmvnic: skip tx timeout reset while in resetting (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: stop free_all_rwi on failed reset (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: store RX and TX subCRQ handle array in ibmvnic_adapter struct (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: track pending login (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: update MAINTAINERS (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: Use netdev_alloc_skb instead of alloc_skb to replenish RX buffers (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ice: Do not allow more channels than LAN MSI-X available (jsc#SLE-7926).\n\n - ice: Fix MSI-X vector fallback logic (jsc#SLE-7926).\n\n - igc: check return value of ret_val in igc_config_fc_after_link_up (git-fixes).\n\n - igc: fix link speed advertising (git-fixes).\n\n - igc: Fix returning wrong statistics (git-fixes).\n\n - igc: Report speed and duplex as unknown when device is runtime suspended (git-fixes).\n\n - igc: set the default return value to -IGC_ERR_NVM in igc_write_nvm_srwr (git-fixes).\n\n - include/linux/memremap.h: remove stale comments (git-fixes).\n\n - Input: elo - fix an error code in elo_connect() (git-fixes).\n\n - Input: i8042 - unbreak Pegatron C15B (git-fixes).\n\n - Input: joydev - prevent potential read overflow in ioctl (git-fixes).\n\n - Input: sur40 - fix an error code in sur40_probe() (git-fixes).\n\n - Input: xpad - sync supported devices with fork on GitHub (git-fixes).\n\n - iwlwifi: mvm: do not send RFH_QUEUE_CONFIG_CMD with no queues (git-fixes).\n\n - iwlwifi: mvm: guard against device removal in reprobe (git-fixes).\n\n - iwlwifi: mvm: invalidate IDs of internal stations at mvm start (git-fixes).\n\n - iwlwifi: mvm: skip power command when unbinding vif during CSA (git-fixes).\n\n - iwlwifi: mvm: take mutex for calling iwl_mvm_get_sync_time() (git-fixes).\n\n - iwlwifi: pcie: add a NULL check in iwl_pcie_txq_unmap (git-fixes).\n\n - iwlwifi: pcie: fix context info memory leak (git-fixes).\n\n - iwlwifi: pcie: reschedule in long-running memory reads (git-fixes).\n\n - iwlwifi: pcie: use jiffies for memory read spin time limit (git-fixes).\n\n - ixgbe: avoid premature Rx buffer reuse (git-fixes).\n\n - ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K (git-fixes).\n\n - kABI: Fix kABI after AMD SEV PCID fixes (bsc#1178995).\n\n - kABI: Fix kABI after modifying struct __call_single_data (bsc#1180846).\n\n - kABI: Fix kABI for extended APIC-ID support (bsc#1181259, jsc#ECO-3191).\n\n - kABI: repair, after 'nVMX: Emulate MTF when performinginstruction emulation' kvm_x86_ops is part of kABI as it's used by LTTng. But it's only read and never allocated in there, so growing it (without altering existing members' offsets) is fine.\n\n - kernel-binary.spec: Add back initrd and image symlink ghosts to filelist (bsc#1182140). Fixes: 76a9256314c3 ('rpm/kernel-(source,binary).spec: do not include ghost symlinks (boo#1179082).')\n\n - kernel/smp: add boot parameter for controlling CSD lock debugging (bsc#1180846).\n\n - kernel/smp: add more data to CSD lock debugging (bsc#1180846).\n\n - kernel/smp: prepare more CSD lock debugging (bsc#1180846).\n\n - kernel/smp: Provide CSD lock timeout diagnostics (bsc#1180846).\n\n - KVM: arm64: Assume write fault on S1PTW permission fault on instruction fetch (bsc#1181818).\n\n - KVM: arm64: Remove S1PTW check from kvm_vcpu_dabt_iswrite() (bsc#1181818).\n\n - KVM: nVMX: do not clear mtf_pending when nested events are blocked (bsc#1182489).\n\n - KVM: nVMX: Emulate MTF when performing instruction emulation (bsc#1182380).\n\n - KVM: nVMX: Handle pending #DB when injecting INIT VM-exit. Pulling in as a dependency of: 'KVM: nVMX:\n Emulate MTF when performing instruction emulation' (bsc#1182380).\n\n - KVM: SVM: Update cr3_lm_rsvd_bits for AMD SEV guests (bsc#1178995).\n\n - KVM: tracing: Fix unmatched kvm_entry and kvm_exit events (bsc#1182770).\n\n - KVM: VMX: Condition ENCLS-exiting enabling on CPU support for SGX1 (bsc#1182798).\n\n - KVM: x86: Allocate new rmap and large page tracking when moving memslot (bsc#1182800).\n\n - KVM: x86: allow KVM_STATE_NESTED_MTF_PENDING in kvm_state flags (bsc#1182490).\n\n - KVM: x86: clear stale x86_emulate_ctxt->intercept value (bsc#1182381).\n\n - KVM: x86: do not notify userspace IOAPIC on edge-triggered interrupt EOI (bsc#1182374).\n\n - KVM: x86: Gracefully handle __vmalloc() failure during VM allocation (bsc#1182801).\n\n - KVM: x86: Introduce cr3_lm_rsvd_bits in kvm_vcpu_arch (bsc#1178995).\n\n - KVM: x86: remove stale comment from struct x86_emulate_ctxt (bsc#1182406).\n\n - libnvdimm/dimm: Avoid race between probe and available_slots_show() (bsc#1170442).\n\n - lib/vsprintf: no_hash_pointers prints all addresses as unhashed (bsc#1182599).\n\n - linux/clk.h: use correct kernel-doc notation for 2 functions (git-fixes).\n\n - mac80211: 160MHz with extended NSS BW in CSA (git-fixes).\n\n - mac80211: fix fast-rx encryption check (git-fixes).\n\n - mac80211: fix potential overflow when multiplying to u32 integers (git-fixes).\n\n - mac80211: pause TX while changing interface type (git-fixes).\n\n - macros.kernel-source: Use spec_install_pre for certificate installation (boo#1182672). Since rpm 4.16 files installed during build phase are lost.\n\n - MAINTAINERS: remove John Allen from ibmvnic (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - matroxfb: avoid -Warray-bounds warning (bsc#1152472)\n\n - media: aspeed: fix error return code in aspeed_video_setup_video() (git-fixes).\n\n - media: camss: missing error code in msm_video_register() (git-fixes).\n\n - media: cx25821: Fix a bug when reallocating some dma memory (git-fixes).\n\n - media: em28xx: Fix use-after-free in em28xx_alloc_urbs (git-fixes).\n\n - media: i2c: ov5670: Fix PIXEL_RATE minimum value (git-fixes).\n\n - media: ipu3-cio2: Fix mbus_code processing in cio2_subdev_set_fmt() (git-fixes).\n\n - media: lmedm04: Fix misuse of comma (git-fixes).\n\n - media: media/pci: Fix memleak in empress_init (git-fixes).\n\n - media: mt9v111: Remove unneeded device-managed puts (git-fixes).\n\n - media: pwc: Use correct device for DMA (bsc#1181133).\n\n - media: pxa_camera: declare variable when DEBUG is defined (git-fixes).\n\n - media: qm1d1c0042: fix error return code in qm1d1c0042_init() (git-fixes).\n\n - media: software_node: Fix refcounts in software_node_get_next_child() (git-fixes).\n\n - media: tm6000: Fix memleak in tm6000_start_stream (git-fixes).\n\n - media: vsp1: Fix an error handling path in the probe function (git-fixes).\n\n - mei: hbm: call mei_set_devstate() on hbm stop response (git-fixes).\n\n - memory: ti-aemif: Drop child node when jumping out loop (git-fixes).\n\n - mfd: bd9571mwv: Use devm_mfd_add_devices() (git-fixes).\n\n - mfd: wm831x-auxadc: Prevent use after free in wm831x_auxadc_read_irq() (git-fixes).\n\n - misc: eeprom_93xx46: Add module alias to avoid breaking support for non device tree users (git-fixes).\n\n - misc: eeprom_93xx46: Fix module alias to enable module autoprobe (git-fixes).\n\n - mlxsw: core: Add validation of transceiver temperature thresholds (git-fixes).\n\n - mlxsw: core: Fix memory leak on module removal (git-fixes).\n\n - mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish() (git-fixes).\n\n - mlxsw: core: Free EMAD transactions using kfree_rcu() (git-fixes).\n\n - mlxsw: core: Increase critical threshold for ASIC thermal zone (git-fixes).\n\n - mlxsw: core: Increase scope of RCU read-side critical section (git-fixes).\n\n - mlxsw: core: Use variable timeout for EMAD retries (git-fixes).\n\n - mlxsw: spectrum_acl: Fix mlxsw_sp_acl_tcam_group_add()'s error path (git-fixes).\n\n - mlxsw: spectrum: Fix use-after-free of split/unsplit/type_set in case reload fails (git-fixes).\n\n - mmc: core: Limit retries when analyse of SDIO tuples fails (git-fixes).\n\n - mmc: renesas_sdhi_internal_dmac: Fix DMA buffer alignment from 8 to 128-bytes (git-fixes).\n\n - mmc: sdhci-sprd: Fix some resource leaks in the remove function (git-fixes).\n\n - mmc: usdhi6rol0: Fix a resource leak in the error handling path of the probe (git-fixes).\n\n - mm/pmem: avoid inserting hugepage PTE entry with fsdax if hugepage support is disabled (bsc#1181896 ltc#191273).\n\n - mm: proc: Invalidate TLB after clearing soft-dirty page state (bsc#1163776 ltc#183929 git-fixes).\n\n - mm: thp: kABI: move the added flag to the end of enum (bsc#1181896 ltc#191273).\n\n - mt76: dma: fix a possible memory leak in mt76_add_fragment() (git-fixes).\n\n - net: ag71xx: add missed clk_disable_unprepare in error path of probe (git-fixes).\n\n - net: axienet: Fix error return code in axienet_probe() (git-fixes).\n\n - net: bcmgenet: Fix WoL with password after deep sleep (git-fixes).\n\n - net: bcmgenet: keep MAC in reset until PHY is up (git-fixes).\n\n - net: bcmgenet: re-remove bcmgenet_hfb_add_filter (git-fixes).\n\n - net: bcmgenet: set Rx mode before starting netif (git-fixes).\n\n - net: bcmgenet: use hardware padding of runt frames (git-fixes).\n\n - net: broadcom CNIC: requires MMU (git-fixes).\n\n - net: caif: Fix debugfs on 64-bit platforms (git-fixes).\n\n - net/cxgb4: Check the return from t4_query_params properly (git-fixes).\n\n - net: cxgb4: fix return error value in t4_prep_fw (git-fixes).\n\n - net: dsa: bcm_sf2: Fix overflow checks (git-fixes).\n\n - net: dsa: lantiq_gswip: fix and improve the unsupported interface error (git-fixes).\n\n - net: dsa: mt7530: Change the LINK bit to reflect the link status (git-fixes).\n\n - net: dsa: mt7530: set CPU port to fallback mode (git-fixes).\n\n - net: ena: set initial DMA width to avoid intel iommu issue (git-fixes).\n\n - net: ethernet: ave: Fix error returns in ave_init (git-fixes).\n\n - net: ethernet: mlx4: Avoid assigning a value to ring_cons but not used it anymore in mlx4_en_xmit() (git-fixes).\n\n - net: ethernet: ti: ale: fix allmulti for nu type ale (git-fixes).\n\n - net: ethernet: ti: ale: fix seeing unreg mcast packets with promisc and allmulti disabled (git-fixes).\n\n - net: ethernet: ti: ale: modify vlan/mdb api for switchdev (git-fixes).\n\n - net: ethernet: ti: cpsw: allow untagged traffic on host port (git-fixes).\n\n - net: ethernet: ti: fix some return value check of cpsw_ale_create() (git-fixes).\n\n - net: gemini: Fix missing clk_disable_unprepare() in error path of gemini_ethernet_port_probe() (git-fixes).\n\n - net: gro: do not keep too many GRO packets in napi->rx_list (bsc#1154353).\n\n - net: hns3: add a check for queue_id in hclge_reset_vf_queue() (git-fixes).\n\n - net: hns3: add a missing uninit debugfs when unload driver (git-fixes).\n\n - net: hns3: add reset check for VF updating port based VLAN (git-fixes).\n\n - net: hns3: clear port base VLAN when unload PF (git-fixes).\n\n - net: hns3: fix aRFS FD rules leftover after add a user FD rule (git-fixes).\n\n - net: hns3: fix a TX timeout issue (git-fixes).\n\n - net: hns3: fix desc filling bug when skb is expanded or lineared (git-fixes).\n\n - net: hns3: fix for mishandle of asserting VF reset fail (git-fixes).\n\n - net: hns3: fix for VLAN config when reset failed (git-fixes).\n\n - net: hns3: fix RSS config lost after VF reset (git-fixes).\n\n - net: hns3: fix set and get link ksettings issue (git-fixes).\n\n - net: hns3: fix 'tc qdisc del' failed issue (git-fixes).\n\n - net: hns3: fix the number of queues actually used by ARQ (git-fixes).\n\n - net: hns3: fix use-after-free when doing self test (git-fixes).\n\n - net: hns3: fix VF VLAN table entries inconsistent issue (git-fixes).\n\n - net: hns: fix return value check in __lb_other_process() (git-fixes).\n\n - net: lpc-enet: fix error return code in lpc_mii_init() (git-fixes).\n\n - net: macb: fix call to pm_runtime in the suspend/resume functions (git-fixes).\n\n - net: macb: fix wakeup test in runtime suspend/resume routines (git-fixes).\n\n - net: macb: mark device wake capable when 'magic-packet' property present (git-fixes).\n\n - net/mlx4_core: fix a memory leak bug (git-fixes).\n\n - net/mlx4_core: Fix init_hca fields offset (git-fixes).\n\n - net/mlx4_en: Avoid scheduling restart task if it is already running (bsc#1181854).\n\n - net/mlx4_en: Handle TX error CQE (bsc#1181854).\n\n - net/mlx5: Add handling of port type in rule deletion (git-fixes).\n\n - net/mlx5: Annotate mutex destroy for root ns (git-fixes).\n\n - net/mlx5: Clear LAG notifier pointer after unregister (git-fixes).\n\n - net/mlx5: Disable QoS when min_rates on all VFs are zero (git-fixes).\n\n - net/mlx5: Do not call timecounter cyc2time directly from 1PPS flow (git-fixes).\n\n - net/mlx5: Do not maintain a case of del_sw_func being null (git-fixes).\n\n - net/mlx5e: Correctly handle changing the number of queues when the interface is down (git-fixes).\n\n - net/mlx5e: Do not trigger IRQ multiple times on XSK wakeup to avoid WQ overruns (git-fixes).\n\n - net/mlx5e: en_accel, Add missing net/geneve.h include (git-fixes).\n\n - net/mlx5e: Encapsulate updating netdev queues into a function (git-fixes).\n\n - net/mlx5e: E-switch, Fix rate calculation for overflow (jsc#SLE-8464).\n\n - net/mlx5e: fix bpf_prog reference count leaks in mlx5e_alloc_rq (git-fixes).\n\n - net/mlx5e: Fix configuration of XPS cpumasks and netdev queues in corner cases (git-fixes).\n\n - net/mlx5e: Fix endianness handling in pedit mask (git-fixes).\n\n - net/mlx5e: Fix error path of device attach (git-fixes).\n\n - net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups (git-fixes).\n\n - net/mlx5e: Fix two double free cases (git-fixes).\n\n - net/mlx5e: Fix VLAN cleanup flow (git-fixes).\n\n - net/mlx5e: Fix VLAN create flow (git-fixes).\n\n - net/mlx5e: Get the latest values from counters in switchdev mode (git-fixes).\n\n - net/mlx5e: IPoIB, Drop multicast packets that this interface sent (git-fixes).\n\n - net/mlx5e: kTLS, Fix wrong value in record tracker enum (git-fixes).\n\n - net/mlx5e: Reduce tc unsupported key print level (git-fixes).\n\n - net/mlx5e: Rename hw_modify to preactivate (git-fixes).\n\n - net/mlx5e: Set of completion request bit should not clear other adjacent bits (git-fixes).\n\n - net/mlx5: E-switch, Destroy TSAR after reload interface (git-fixes).\n\n - net/mlx5: E-Switch, Hold mutex when querying drop counter in legacy mode (git-fixes).\n\n - net/mlx5: E-Switch, Use vport metadata matching by default (git-fixes).\n\n - net/mlx5: E-Switch, Use vport metadata matching only when mandatory (git-fixes).\n\n - net/mlx5e: Use preactivate hook to set the indirection table (git-fixes).\n\n - net/mlx5e: vxlan: Use RCU for vxlan table lookup (git-fixes).\n\n - net/mlx5: Fix a bug of using ptp channel index as pin index (git-fixes).\n\n - net/mlx5: Fix deletion of duplicate rules (git-fixes).\n\n - net/mlx5: Fix failing fw tracer allocation on s390 (git-fixes).\n\n - net/mlx5: Fix memory leak on flow table creation error flow (git-fixes).\n\n - net/mlx5: Fix request_irqs error flow (git-fixes).\n\n - net/mlx5: Fix wrong address reclaim when command interface is down (git-fixes).\n\n - net/mlx5: Query PPS pin operational status before registering it (git-fixes).\n\n - net/mlx5: Verify Hardware supports requested ptp function on a given pin (git-fixes).\n\n - net: moxa: Fix a potential double 'free_irq()' (git-fixes).\n\n - net: mscc: ocelot: ANA_AUTOAGE_AGE_PERIOD holds a value in seconds, not ms (git-fixes).\n\n - net: mscc: ocelot: fix address ageing time (again) (git-fixes).\n\n - net: mscc: ocelot: properly account for VLAN header length when setting MRU (git-fixes).\n\n - net: mvpp2: Add TCAM entry to drop flow control pause frames (git-fixes).\n\n - net: mvpp2: disable force link UP during port init procedure (git-fixes).\n\n - net: mvpp2: Fix error return code in mvpp2_open() (git-fixes).\n\n - net: mvpp2: Fix GoP port 3 Networking Complex Control configurations (git-fixes).\n\n - net: mvpp2: fix memory leak in mvpp2_rx (git-fixes).\n\n - net: mvpp2: fix pkt coalescing int-threshold configuration (git-fixes).\n\n - net: mvpp2: prs: fix PPPoE with ipv6 packet parse (git-fixes).\n\n - net: mvpp2: Remove Pause and Asym_Pause support (git-fixes).\n\n - net: mvpp2: TCAM entry enable should be written after SRAM data (git-fixes).\n\n - net: netsec: Correct dma sync for XDP_TX frames (git-fixes).\n\n - net: nixge: fix potential memory leak in nixge_probe() (git-fixes).\n\n - net: octeon: mgmt: Repair filling of RX ring (git-fixes).\n\n - net: phy: at803x: use operating parameters from PHY-specific status (git-fixes).\n\n - net: phy: extract link partner advertisement reading (git-fixes).\n\n - net: phy: extract pause mode (git-fixes).\n\n - net: phy: marvell10g: fix NULL pointer dereference (git-fixes).\n\n - net: phy: marvell10g: fix temperature sensor on 2110 (git-fixes).\n\n - net: phy: read MII_CTRL1000 in genphy_read_status only if needed (git-fixes).\n\n - net: qca_spi: fix receive buffer size check (git-fixes).\n\n - net: qca_spi: Move reset_count to struct qcaspi (git-fixes).\n\n - net: qede: fix PTP initialization on recovery (git-fixes).\n\n - net: qede: fix use-after-free on recovery and AER handling (git-fixes).\n\n - net: qede: stop adding events on an already destroyed workqueue (git-fixes).\n\n - net: qed: fix async event callbacks unregistering (git-fixes).\n\n - net: qed: fix excessive QM ILT lines consumption (git-fixes).\n\n - net: qed: fix 'maybe uninitialized' warning (git-fixes).\n\n - net: qed: fix NVMe login fails over VFs (git-fixes).\n\n - net: qed: RDMA personality shouldn't fail VF load (git-fixes).\n\n - net: re-solve some conflicts after net -> net-next merge (bsc#1176855 ltc#187293).\n\n - net: rmnet: do not allow to add multiple bridge interfaces (git-fixes).\n\n - net: rmnet: do not allow to change mux id if mux id is duplicated (git-fixes).\n\n - net: rmnet: fix bridge mode bugs (git-fixes).\n\n - net: rmnet: fix lower interface leak (git-fixes).\n\n - net: rmnet: fix NULL pointer dereference in rmnet_changelink() (git-fixes).\n\n - net: rmnet: fix NULL pointer dereference in rmnet_newlink() (git-fixes).\n\n - net: rmnet: fix packet forwarding in rmnet bridge mode (git-fixes).\n\n - net: rmnet: fix suspicious RCU usage (git-fixes).\n\n - net: rmnet: print error message when command fails (git-fixes).\n\n - net: rmnet: remove rcu_read_lock in rmnet_force_unassociate_device() (git-fixes).\n\n - net: rmnet: use upper/lower device infrastructure (git-fixes).\n\n - net, sctp, filter: remap copy_from_user failure error (bsc#1181637).\n\n - net: smc91x: Fix possible memory leak in smc_drv_probe() (git-fixes).\n\n - net/sonic: Add mutual exclusion for accessing shared state (git-fixes).\n\n - net: stmmac: 16KB buffer must be 16 byte aligned (git-fixes).\n\n - net: stmmac: Always arm TX Timer at end of transmission start (git-fixes).\n\n - net: stmmac: Do not accept invalid MTU values (git-fixes).\n\n - net: stmmac: dwmac-sunxi: Provide TX and RX fifo sizes (git-fixes).\n\n - net: stmmac: Enable 16KB buffer size (git-fixes).\n\n - net: stmmac: fix disabling flexible PPS output (git-fixes).\n\n - net: stmmac: fix length of PTP clock's name string (git-fixes).\n\n - net: stmmac: Fix the TX IOC in xmit path (git-fixes).\n\n - net: stmmac: RX buffer size must be 16 byte aligned (git-fixes).\n\n - net: stmmac: selftests: Flow Control test can also run with ASYM Pause (git-fixes).\n\n - net: stmmac: selftests: Needs to check the number of Multicast regs (git-fixes).\n\n - net: stmmac: xgmac: Clear previous RX buffer size (git-fixes).\n\n - net: sun: fix missing release regions in cas_init_one() (git-fixes).\n\n - net: team: fix memory leak in __team_options_register (git-fixes).\n\n - net: thunderx: initialize VF's mailbox mutex before first usage (git-fixes).\n\n - net: usb: qmi_wwan: added support for Thales Cinterion PLSx3 modem family (git-fixes).\n\n - net: usb: qmi_wwan: Adding support for Cinterion MV31 (git-fixes).\n\n - nvme-hwmon: rework to avoid devm allocation (bsc#1177326).\n\n - nvme-multipath: Early exit if no path is available (bsc#1180964).\n\n - nvme: re-read ANA log on NS CHANGED AEN (bsc#1179137).\n\n - nvmet-tcp: Fix NULL dereference when a connect data comes in h2cdata pdu (bsc#1182547).\n\n - objtool: Do not fail on missing symbol table (bsc#1169514).\n\n - perf/x86/intel/uncore: Factor out uncore_pci_find_dev_pmu() (bsc#1180989).\n\n - perf/x86/intel/uncore: Factor out uncore_pci_get_dev_die_info() (bsc#1180989).\n\n - perf/x86/intel/uncore: Factor out uncore_pci_pmu_register() (bsc#1180989).\n\n - perf/x86/intel/uncore: Factor out uncore_pci_pmu_unregister() (bsc#1180989).\n\n - perf/x86/intel/uncore: Generic support for the PCI sub driver (bsc#1180989).\n\n - perf/x86/intel/uncore: Store the logical die id instead of the physical die id (bsc#1180989).\n\n - perf/x86/intel/uncore: With > 8 nodes, get pci bus die id from NUMA info (bsc#1180989).\n\n - phy: cpcap-usb: Fix warning for missing regulator_disable (git-fixes).\n\n - phy: rockchip-emmc: emmc_phy_init() always return 0 (git-fixes).\n\n - platform/x86: hp-wmi: Disable tablet-mode reporting by default (git-fixes).\n\n - platform/x86: intel-vbtn: Support for tablet mode on Dell Inspiron 7352 (git-fixes).\n\n - platform/x86: touchscreen_dmi: Add swap-x-y quirk for Goodix touchscreen on Estar Beauty HD tablet (git-fixes).\n\n - powerpc/book3s64/hash: Add cond_resched to avoid soft lockup warning (bsc#1182571 ltc#191345).\n\n - powerpc/boot: Delete unneeded .globl _zimage_start (bsc#1156395).\n\n - powerpc: Fix alignment bug within the init sections (bsc#1065729).\n\n - powerpc/fpu: Drop cvt_fd() and cvt_df() (bsc#1156395).\n\n - powerpc/hvcall: add token and codes for H_VASI_SIGNAL (bsc#1181674 ltc#189159).\n\n - powerpc: kABI: add back suspend_disable_cpu in machdep_calls (bsc#1181674 ltc#189159).\n\n - powerpc/machdep: remove suspend_disable_cpu() (bsc#1181674 ltc#189159).\n\n - powerpc/mm/pkeys: Make pkey access check work on execute_only_key (bsc#1181544 ltc#191080 git-fixes).\n\n - powerpc/numa: Fix build when CONFIG_NUMA=n (bsc#1132477 ltc#175530).\n\n - powerpc/numa: make vphn_enabled, prrn_enabled flags const (bsc#1181674 ltc#189159).\n\n - powerpc/numa: remove ability to enable topology updates (bsc#1181674 ltc#189159).\n\n - powerpc/numa: remove arch_update_cpu_topology (bsc#1181674 ltc#189159).\n\n - powerpc/numa: Remove late request for home node associativity (bsc#1181674 ltc#189159).\n\n - powerpc/numa: remove prrn_is_enabled() (bsc#1181674 ltc#189159).\n\n - powerpc/numa: remove start/stop_topology_update() (bsc#1181674 ltc#189159).\n\n - powerpc/numa: remove timed_topology_update() (bsc#1181674 ltc#189159).\n\n - powerpc/numa: remove unreachable topology timer code (bsc#1181674 ltc#189159).\n\n - powerpc/numa: remove unreachable topology update code (bsc#1181674 ltc#189159).\n\n - powerpc/numa: remove unreachable topology workqueue code (bsc#1181674 ltc#189159).\n\n - powerpc/numa: remove vphn_enabled and prrn_enabled internal flags (bsc#1181674 ltc#189159).\n\n - powerpc/numa: stub out numa_update_cpu_topology() (bsc#1181674 ltc#189159).\n\n - powerpc/perf: Exclude kernel samples while counting events in user space (bsc#1065729).\n\n - powerpc/perf/hv-24x7: Dont create sysfs event files for dummy events (bsc#1182118 ltc#190624).\n\n - powerpc/pkeys: Avoid using lockless page table walk (bsc#1181544 ltc#191080).\n\n - powerpc/pkeys: Check vma before returning key fault error to the user (bsc#1181544 ltc#191080).\n\n - powerpc/powernv/memtrace: Do not leak kernel memory to user space (bsc#1156395).\n\n - powerpc/powernv/memtrace: Fix crashing the kernel when enabling concurrently (bsc#1156395).\n\n - powerpc/powernv/npu: Do not attempt NPU2 setup on POWER8NVL NPU (bsc#1156395).\n\n - powerpc/prom: Fix 'ibm,arch-vec-5-platform-support' scan (bsc#1182602 ltc#190924).\n\n - powerpc/pseries/dlpar: handle ibm, configure-connector delay status (bsc#1181985 ltc#188074).\n\n - powerpc/pseries: Do not enforce MSI affinity with kdump (bsc#1181655 ltc#190855).\n\n - powerpc/pseries/eeh: Make pseries_pcibios_bus_add_device() static (bsc#1078720, git-fixes).\n\n - powerpc/pseries: extract host bridge from pci_bus prior to bus removal (bsc#1182171 ltc#190900).\n\n - powerpc/pseries/hibernation: drop pseries_suspend_begin() from suspend ops (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/hibernation: pass stream id via function arguments (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/hibernation: perform post-suspend fixups later (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/hibernation: remove prepare_late() callback (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/hibernation: remove pseries_suspend_cpu() (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/hibernation: switch to rtas_ibm_suspend_me() (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/mobility: add missing break to default case (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/mobility: Add pr_debug() for device tree changes (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/mobility: do not error on absence of ibm, update-nodes (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/mobility: error message improvements (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/mobility: extract VASI session polling logic (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/mobility: refactor node lookup during DT update (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/mobility: retry partition suspend after error (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/mobility: Set pr_fmt() (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/mobility: signal suspend cancellation to platform (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/mobility: use rtas_activate_firmware() on resume (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/mobility: use stop_machine for join/suspend (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/ras: Make init_ras_hotplug_IRQ() static (bsc#1065729. git-fixes).\n\n - powerpc/pseries: remove dlpar_cpu_readd() (bsc#1181674 ltc#189159).\n\n - powerpc/pseries: remove memory 're-add' implementation (bsc#1181674 ltc#189159).\n\n - powerpc/pseries: remove obsolete memory hotplug DT notifier code (bsc#1181674 ltc#189159).\n\n - powerpc/pseries: remove prrn special case from DT update path (bsc#1181674 ltc#189159).\n\n - powerpc/rtas: add rtas_activate_firmware() (bsc#1181674 ltc#189159).\n\n - powerpc/rtas: add rtas_ibm_suspend_me() (bsc#1181674 ltc#189159).\n\n - powerpc/rtas: complete ibm,suspend-me status codes (bsc#1181674 ltc#189159).\n\n - powerpc/rtas: dispatch partition migration requests to pseries (bsc#1181674 ltc#189159).\n\n - powerpc/rtasd: simplify handle_rtas_event(), emit message on events (bsc#1181674 ltc#189159).\n\n - powerpc/rtas: prevent suspend-related sys_rtas use on LE (bsc#1181674 ltc#189159).\n\n - powerpc/rtas: remove rtas_ibm_suspend_me_unsafe() (bsc#1181674 ltc#189159).\n\n - powerpc/rtas: remove rtas_suspend_cpu() (bsc#1181674 ltc#189159).\n\n - powerpc/rtas: remove unused rtas_suspend_last_cpu() (bsc#1181674 ltc#189159).\n\n - powerpc/rtas: remove unused rtas_suspend_me_data (bsc#1181674 ltc#189159).\n\n - powerpc/rtas: rtas_ibm_suspend_me -> rtas_ibm_suspend_me_unsafe (bsc#1181674 ltc#189159).\n\n - power: reset: at91-sama5d2_shdwc: fix wkupdbc mask (git-fixes).\n\n - pseries/drmem: do not cache node id in drmem_lmb struct (bsc#1132477 ltc#175530).\n\n - pseries/hotplug-memory: hot-add: skip redundant LMB lookup (bsc#1132477 ltc#175530).\n\n - qed: fix error return code in qed_iwarp_ll2_start() (git-fixes).\n\n - qed: Fix race condition between scheduling and destroying the slowpath workqueue (git-fixes).\n\n - qed: Populate nvm-file attributes while reading nvm config partition (git-fixes).\n\n - qed: select CONFIG_CRC32 (git-fixes).\n\n - qlcnic: fix missing release in qlcnic_83xx_interrupt_test (git-fixes).\n\n - quota: Fix memory leak when handling corrupted quota file (bsc#1182650).\n\n - quota: Sanity-check quota file headers on load (bsc#1182461).\n\n - r8169: fix resuming from suspend on RTL8105e if machine runs on battery (git-fixes).\n\n - r8169: fix WoL on shutdown if CONFIG_DEBUG_SHIRQ is set (git-fixes).\n\n - rcu/nocb: Perform deferred wake up before last idle's (git-fixes)\n\n - rcu/nocb: Trigger self-IPI on late deferred wake up before (git-fixes)\n\n - rcu: Pull deferred rcuog wake up to rcu_eqs_enter() callers (git-fixes)\n\n - RDMA/efa: Add EFA 0xefa1 PCI ID (bsc#1176248).\n\n - RDMA/efa: Count admin commands errors (bsc#1176248).\n\n - RDMA/efa: Count mmap failures (bsc#1176248).\n\n - RDMA/efa: Do not delay freeing of DMA pages (bsc#1176248).\n\n - RDMA/efa: Drop double zeroing for sg_init_table() (bsc#1176248).\n\n - RDMA/efa: Expose maximum TX doorbell batch (bsc#1176248).\n\n - RDMA/efa: Expose minimum SQ size (bsc#1176248).\n\n - RDMA/efa: Fix setting of wrong bit in get/set_feature commands (bsc#1176248).\n\n - RDMA/efa: Properly document the interrupt mask register (bsc#1176248).\n\n - RDMA/efa: Remove redundant udata check from alloc ucontext response (bsc#1176248).\n\n - RDMA/efa: Report create CQ error counter (bsc#1176248).\n\n - RDMA/efa: Report host information to the device (bsc#1176248).\n\n - RDMA/efa: Unified getters/setters for device structs bitmask access (bsc#1176248).\n\n - RDMA/efa: Use in-kernel offsetofend() to check field availability (bsc#1176248).\n\n - RDMA/efa: User/kernel compatibility handshake mechanism (bsc#1176248).\n\n - RDMA/efa: Use the correct current and new states in modify QP (git-fixes).\n\n - regulator: axp20x: Fix reference cout leak (git-fixes).\n\n - regulator: core: Avoid debugfs: Directory ... already present! error (git-fixes).\n\n - regulator: core: avoid regulator_resolve_supply() race condition (git-fixes).\n\n - regulator: Fix lockdep warning resolving supplies (git-fixes).\n\n - regulator: s5m8767: Drop regulators OF node reference (git-fixes).\n\n - regulator: s5m8767: Fix reference count leak (git-fixes).\n\n - reiserfs: add check for an invalid ih_entry_count (bsc#1182462).\n\n - Remove debug patch for boot failure (bsc#1182602 ltc#190924). \n\n - reset: hisilicon: correct vendor prefix (git-fixes).\n\n - Revert 'ibmvnic: remove never executed if statement' (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - Revert 'net: bcmgenet: remove unused function in bcmgenet.c' (git-fixes).\n\n - Revert 'platform/x86: ideapad-laptop: Switch touchpad attribute to be RO' (git-fixes).\n\n - Revert 'RDMA/mlx5: Fix devlink deadlock on net namespace deletion' (jsc#SLE-8464).\n\n - rpm/kernel-subpackage-build: Workaround broken bot (https://github.com/openSUSE/openSUSE-release-tools/issu es/2439)\n\n - rpm/post.sh: Avoid purge-kernel for the first installed kernel (bsc#1180058)\n\n - rtc: s5m: select REGMAP_I2C (git-fixes).\n\n - rxrpc: Fix memory leak in rxrpc_lookup_local (bsc#1154353 bnc#1151927 5.3.9).\n\n - s390/vfio-ap: clean up vfio_ap resources when KVM pointer invalidated (git-fixes).\n\n - s390/vfio-ap: No need to disable IRQ after queue reset (git-fixes).\n\n - sched: Reenable interrupts in do_sched_yield() (git-fixes)\n\n - scsi: lpfc: Fix EEH encountering oops with NVMe traffic (bsc#1181958).\n\n - sh_eth: check sh_eth_cpu_data::cexcr when dumping registers (git-fixes).\n\n - sh_eth: check sh_eth_cpu_data::no_tx_cntrs when dumping registers (git-fixes).\n\n - sh_eth: check sh_eth_cpu_data::no_xdfar when dumping registers (git-fixes).\n\n - smp: Add source and destination CPUs to\n __call_single_data (bsc#1180846).\n\n - smsc95xx: avoid memory leak in smsc95xx_bind (git-fixes).\n\n - smsc95xx: check return value of smsc95xx_reset (git-fixes).\n\n - soc: aspeed: snoop: Add clock control logic (git-fixes).\n\n - spi: atmel: Put allocated master before return (git-fixes).\n\n - spi: pxa2xx: Fix the controller numbering for Wildcat Point (git-fixes).\n\n - spi: spi-synquacer: fix set_cs handling (git-fixes).\n\n - spi: stm32: properly handle 0 byte transfer (git-fixes).\n\n - squashfs: add more sanity checks in id lookup (git-fixes bsc#1182266).\n\n - squashfs: add more sanity checks in inode lookup (git-fixes bsc#1182267).\n\n - squashfs: add more sanity checks in xattr id lookup (git-fixes bsc#1182268).\n\n - staging: rtl8723bs: wifi_regd.c: Fix incorrect number of regulatory rules (git-fixes).\n\n - target: disallow emulate_legacy_capacity with RBD object-map (bsc#1177109).\n\n - team: set dev->needed_headroom in team_setup_by_port() (git-fixes).\n\n - tpm: Remove tpm_dev_wq_lock (git-fixes).\n\n - tpm_tis: Clean up locality release (git-fixes).\n\n - tpm_tis: Fix check_locality for correct locality acquisition (git-fixes).\n\n - tracing: Check length before giving out the filter buffer (git-fixes).\n\n - tracing: Do not count ftrace events in top level enable output (git-fixes).\n\n - tracing/kprobe: Fix to support kretprobe events on unloaded modules (git-fixes).\n\n - tracing/kprobes: Do the notrace functions check without kprobes on ftrace (git-fixes).\n\n - tun: fix return value when the number of iovs exceeds MAX_SKB_FRAGS (git-fixes).\n\n - ubifs: Fix error return code in ubifs_init_authentication() (bsc#1182459).\n\n - ubifs: Fix ubifs_tnc_lookup() usage in do_kill_orphans() (bsc#1182454).\n\n - ubifs: prevent creating duplicate encrypted filenames (bsc#1182457).\n\n - ubifs: ubifs_add_orphan: Fix a memory leak bug (bsc#1182456).\n\n - ubifs: ubifs_jnl_write_inode: Fix a memory leak bug (bsc#1182455). \n\n - ubifs: wbuf: Do not leak kernel memory to flash (bsc#1182458).\n\n - Update config files: activate CONFIG_CSD_LOCK_WAIT_DEBUG for x86 (bsc#1180846).\n\n - Update config files: armv7hl: Set ledtrig-default-on as builtin (bsc#1182128)\n\n - Update config files: Set ledtrig-default-on as builtin (bsc#1182128)\n\n - USB: dwc2: Abort transaction after errors with unknown reason (git-fixes).\n\n - USB: dwc2: Fix endpoint direction check in ep_from_windex (git-fixes).\n\n - USB: dwc2: Make 'trimming xfer length' a debug message (git-fixes).\n\n - USB: dwc3: fix clock issue during resume in OTG mode (git-fixes).\n\n - USB: gadget: legacy: fix an error code in eth_bind() (git-fixes).\n\n - USB: gadget: u_audio: Free requests only after callback (git-fixes).\n\n - USB: musb: Fix runtime PM race in musb_queue_resume_work (git-fixes).\n\n - USB: quirks: add quirk to start video capture on ELMO L-12F document camera reliable (git-fixes).\n\n - USB: quirks: sort quirk entries (git-fixes).\n\n - USB: renesas_usbhs: Clear pipe running flag in usbhs_pkt_pop() (git-fixes).\n\n - USB: serial: cp210x: add new VID/PID for supporting Teraoka AD2000 (git-fixes).\n\n - USB: serial: cp210x: add pid/vid for WSDA-200-USB (git-fixes).\n\n - USB: serial: mos7720: fix error code in mos7720_write() (git-fixes).\n\n - USB: serial: mos7720: improve OOM-handling in read_mos_reg() (git-fixes).\n\n - USB: serial: mos7840: fix error code in mos7840_write() (git-fixes).\n\n - USB: serial: option: Adding support for Cinterion MV31 (git-fixes).\n\n - USB: usblp: do not call usb_set_interface if there's a single alt (git-fixes).\n\n - veth: Adjust hard_start offset on redirect XDP frames (git-fixes).\n\n - vfs: Convert squashfs to use the new mount API (git-fixes bsc#1182265).\n\n - virtio_net: Fix error code in probe() (git-fixes).\n\n - virtio_net: Fix recursive call to cpus_read_lock() (git-fixes).\n\n - virtio_net: Keep vnet header zeroed if XDP is loaded for small buffer (git-fixes).\n\n - virt: vbox: Do not use wait_event_interruptible when called from kernel context (git-fixes).\n\n - vmxnet3: Remove buf_info from device accessible structures (bsc#1181671).\n\n - vxlan: fix memleak of fdb (git-fixes).\n\n - wext: fix NULL-ptr-dereference with cfg80211's lack of commit() (git-fixes).\n\n - writeback: Drop I_DIRTY_TIME_EXPIRE (bsc#1182460).\n\n - x86/alternatives: Sync bp_patching update for avoiding NULL pointer exception (bsc#1152489).\n\n - x86/apic: Add extra serialization for non-serializing MSRs (bsc#1152489).\n\n - x86/apic: Support 15 bits of APIC ID in IOAPIC/MSI where available (bsc#1181259, jsc#ECO-3191).\n\n - x86/ioapic: Handle Extended Destination ID field in RTE (bsc#1181259, jsc#ECO-3191).\n\n - x86/kvm: Add KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181259, jsc#ECO-3191).\n\n - x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181259 jsc#ECO-3191).\n\n - x86/msi: Only use high bits of MSI address for DMAR unit (bsc#1181259, jsc#ECO-3191).\n\n - xen/netback: avoid race in xenvif_rx_ring_slots_available() (bsc#1065600).\n\n - xen/netback: fix spurious event detection for common event case (bsc#1182175).\n\n - xfs: ensure inobt record walks always make forward progress (git-fixes bsc#1182272).\n\n - xfs: fix an ABBA deadlock in xfs_rename (git-fixes bsc#1182558).\n\n - xfs: fix parent pointer scrubber bailing out on unallocated inodes (git-fixes bsc#1182276).\n\n - xfs: fix the forward progress assertion in xfs_iwalk_run_callbacks (git-fixes bsc#1182430).\n\n - xfs: fix the minrecs logic when dealing with inode root child blocks (git-fixes bsc#1182273).\n\n - xfs: ratelimit xfs_discard_page messages (bsc#1182283).\n\n - xfs: reduce quota reservation when doing a dax unwritten extent conversion (git-fixes bsc#1182561).\n\n - xfs: return corresponding errcode if xfs_initialize_perag() fail (git-fixes bsc#1182275).\n\n - xfs: scrub should mark a directory corrupt if any entries cannot be iget'd (git-fixes bsc#1182278).\n\n - xfs: strengthen rmap record flags checking (git-fixes bsc#1182271).\n\n - xhci: fix bounce buffer usage for non-sg list case (git-fixes).", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "openSUSE Security Update : the Linux Kernel (openSUSE-2021-393)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364", "CVE-2020-12373", "CVE-2020-29368", "CVE-2020-29374", "CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:kernel-debug", "p-cpe:/a:novell:opensuse:kernel-debug-debuginfo", "p-cpe:/a:novell:opensuse:kernel-debug-debugsource", "p-cpe:/a:novell:opensuse:kernel-debug-devel", "p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default", "p-cpe:/a:novell:opensuse:kernel-default-base", "p-cpe:/a:novell:opensuse:kernel-default-base-rebuild", "p-cpe:/a:novell:opensuse:kernel-default-debuginfo", "p-cpe:/a:novell:opensuse:kernel-default-debugsource", "p-cpe:/a:novell:opensuse:kernel-default-devel", "p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-devel", "p-cpe:/a:novell:opensuse:kernel-docs-html", "p-cpe:/a:novell:opensuse:kernel-kvmsmall", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel", "p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-macros", "p-cpe:/a:novell:opensuse:kernel-obs-build", "p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource", "p-cpe:/a:novell:opensuse:kernel-obs-qa", "p-cpe:/a:novell:opensuse:kernel-preempt", "p-cpe:/a:novell:opensuse:kernel-preempt-debuginfo", "p-cpe:/a:novell:opensuse:kernel-preempt-debugsource", "p-cpe:/a:novell:opensuse:kernel-preempt-devel", "p-cpe:/a:novell:opensuse:kernel-preempt-devel-debuginfo", "p-cpe:/a:novell:opensuse:kernel-source", "p-cpe:/a:novell:opensuse:kernel-source-vanilla", "p-cpe:/a:novell:opensuse:kernel-syms", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-393.NASL", "href": "https://www.tenable.com/plugins/nessus/147563", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-393.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147563);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-12362\",\n \"CVE-2020-12363\",\n \"CVE-2020-12364\",\n \"CVE-2020-12373\",\n \"CVE-2020-29368\",\n \"CVE-2020-29374\",\n \"CVE-2021-26930\",\n \"CVE-2021-26931\",\n \"CVE-2021-26932\"\n );\n\n script_name(english:\"openSUSE Security Update : the Linux Kernel (openSUSE-2021-393)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The openSUSE Linux Leap 15.2 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\n - CVE-2021-26930: Fixed an improper error handling in\n blkback's grant mapping (XSA-365 bsc#1181843).\n\n - CVE-2021-26931: Fixed an issue where Linux kernel was\n treating grant mapping errors as bugs (XSA-362\n bsc#1181753).\n\n - CVE-2021-26932: Fixed improper error handling issues in\n Linux grant mapping (XSA-361 bsc#1181747). by remote\n attackers to read or write files via directory traversal\n in an XCOPY request (bsc#178372).\n\n - CVE-2020-12362: Fixed an integer overflow in the\n firmware which may have allowed a privileged user to\n potentially enable an escalation of privilege via local\n access (bsc#1181720).\n\n - CVE-2020-12363: Fixed an improper input validation which\n may have allowed a privileged user to potentially enable\n a denial of service via local access (bsc#1181735).\n\n - CVE-2020-12364: Fixed a NULL pointer reference which may\n have allowed a privileged user to potentially enable a\n denial of service via local access (bsc#1181736 ).\n\n - CVE-2020-12373: Fixed an expired pointer dereference\n which may have allowed a privileged user to potentially\n enable a denial of service via local access\n (bsc#1181738).\n\n - CVE-2020-29368,CVE-2020-29374: Fixed an issue in\n copy-on-write implementation which could have granted\n unintended write access because of a race condition in a\n THP mapcount check (bsc#1179660, bsc#1179428).\n\nThe following non-security bugs were fixed :\n\n - ACPICA: Fix exception code class checks (git-fixes).\n\n - ACPI: configfs: add missing check after\n configfs_register_default_group() (git-fixes).\n\n - ACPI: property: Fix fwnode string properties matching\n (git-fixes).\n\n - ACPI: property: Satisfy kernel doc validator (part 1)\n (git-fixes).\n\n - ACPI: property: Satisfy kernel doc validator (part 2)\n (git-fixes).\n\n - ALSA: hda: Add another CometLake-H PCI ID (git-fixes).\n\n - ALSA: hda/hdmi: Drop bogus check at closing a stream\n (git-fixes).\n\n - ALSA: hda/realtek: modify EAPD in the ALC886\n (git-fixes).\n\n - ALSA: pcm: Assure sync with the pending stop operation\n at suspend (git-fixes).\n\n - ALSA: pcm: Call sync_stop at disconnection (git-fixes).\n\n - ALSA: pcm: Do not call sync_stop if it hasn't been\n stopped (git-fixes).\n\n - ALSA: usb-audio: Add implicit fb quirk for BOSS GP-10\n (git-fixes).\n\n - ALSA: usb-audio: Correct document for\n snd_usb_endpoint_free_all() (git-fixes).\n\n - ALSA: usb-audio: Do not avoid stopping the stream at\n disconnection (git-fixes).\n\n - ALSA: usb-audio: Fix PCM buffer allocation in\n non-vmalloc mode (git-fixes).\n\n - ALSA: usb-audio: Handle invalid running state at\n releasing EP (git-fixes).\n\n - ALSA: usb-audio: More strict state change in EP\n (git-fixes).\n\n - amba: Fix resource leak for drivers without .remove\n (git-fixes).\n\n - arm64: Update config file. Set CONFIG_WATCHDOG_SYSFS to\n true (bsc#1182560)\n\n - armv7hl: lpae: Update config files. Disable KVM support\n (bsc#1182697)\n\n - ASoC: cpcap: fix microphone timeslot mask (git-fixes).\n\n - ASoC: cs42l56: fix up error handling in probe\n (git-fixes).\n\n - ASoC: simple-card-utils: Fix device module clock\n (git-fixes).\n\n - ASoC: SOF: debug: Fix a potential issue on string buffer\n termination (git-fixes).\n\n - ata: ahci_brcm: Add back regulators management\n (git-fixes).\n\n - ata: sata_nv: Fix retrieving of active qcs (git-fixes).\n\n - ath10k: Fix error handling in case of CE pipe init\n failure (git-fixes).\n\n - ath9k: fix data bus crash when setting nf_override via\n debugfs (git-fixes).\n\n - bcache: fix overflow in offset_to_stripe() (git-fixes).\n\n - blk-mq: call commit_rqs while list empty but error\n happen (bsc#1182442).\n\n - blk-mq: insert request not through ->queue_rq into\n sw/scheduler queue (bsc#1182443).\n\n - blk-mq: move cancel of hctx->run_work to the front of\n blk_exit_queue (bsc#1182444).\n\n - block: fix inflight statistics of part0 (bsc#1182445).\n\n - block: respect queue limit of max discard segment\n (bsc#1182441).\n\n - block: virtio_blk: fix handling single range discard\n request (bsc#1182439).\n\n - Bluetooth: btqcomsmd: Fix a resource leak in error\n handling paths in the probe function (git-fixes).\n\n - Bluetooth: btusb: Fix memory leak in btusb_mtk_wmt_recv\n (git-fixes).\n\n - Bluetooth: drop HCI device reference before return\n (git-fixes).\n\n - Bluetooth: Fix initializing response id after clearing\n struct (git-fixes).\n\n - Bluetooth: hci_uart: Fix a race for write_work\n scheduling (git-fixes).\n\n - Bluetooth: Put HCI device if inquiry procedure\n interrupts (git-fixes).\n\n - bnxt_en: Fix accumulation of bp->net_stats_prev\n (git-fixes).\n\n - bnxt_en: fix error return code in bnxt_init_board()\n (git-fixes).\n\n - bnxt_en: fix error return code in bnxt_init_one()\n (git-fixes).\n\n - bnxt_en: Improve stats context resource accounting with\n RDMA driver loaded (git-fixes).\n\n - bnxt_en: read EEPROM A2h address using page 0\n (git-fixes).\n\n - bnxt_en: Release PCI regions when DMA mask setup fails\n during probe (git-fixes).\n\n - bonding: Fix reference count leak in\n bond_sysfs_slave_add (git-fixes).\n\n - bonding: set dev->needed_headroom in\n bond_setup_by_slave() (git-fixes).\n\n - bonding: wait for sysfs kobject destruction before\n freeing struct slave (git-fixes).\n\n - bpf, cgroup: Fix optlen WARN_ON_ONCE toctou\n (bsc#1155518).\n\n - bpf, cgroup: Fix problematic bounds check (bsc#1155518).\n\n - btrfs: add assertion for empty list of transactions at\n late stage of umount (bsc#1182626).\n\n - btrfs: Cleanup try_flush_qgroup (bsc#1182047).\n\n - btrfs: Do not flush from\n btrfs_delayed_inode_reserve_metadata (bsc#1182047).\n\n - btrfs: Fix race between extent freeing/allocation when\n using bitmaps (bsc#1181574).\n\n - btrfs: fix race between RO remount and the cleaner task\n (bsc#1182626).\n\n - btrfs: fix transaction leak and crash after cleaning up\n orphans on RO mount (bsc#1182626).\n\n - btrfs: fix transaction leak and crash after RO remount\n caused by qgroup rescan (bsc#1182626).\n\n - btrfs: Free correct amount of space in\n btrfs_delayed_inode_reserve_metadata (bsc#1182047).\n\n - btrfs: lift read-write mount setup from mount and\n remount (bsc#1182626).\n\n - btrfs: Remove btrfs_inode from\n btrfs_delayed_inode_reserve_metadata (bsc#1182047).\n\n - btrfs: run delayed iputs when remounting RO to avoid\n leaking them (bsc#1182626).\n\n - btrfs: Simplify code flow in\n btrfs_delayed_inode_reserve_metadata (bsc#1182047).\n\n - btrfs: Unlock extents in btrfs_zero_range in case of\n errors (bsc#1182047).\n\n - caif: no need to check return value of debugfs_create\n functions (git-fixes).\n\n - ceph: fix flush_snap logic after putting caps\n (bsc#1182854).\n\n - cgroup: Fix memory leak when parsing multiple source\n parameters (bsc#1182683).\n\n - cgroup: fix psi monitor for root cgroup (bsc#1182686).\n\n - cgroup-v1: add disabled controller check in\n cgroup1_parse_param() (bsc#1182684).\n\n - chelsio/chtls: correct function return and return type\n (git-fixes).\n\n - chelsio/chtls: correct netdevice for vlan interface\n (git-fixes).\n\n - chelsio/chtls: fix a double free in chtls_setkey()\n (git-fixes).\n\n - chelsio/chtls: fix always leaking ctrl_skb (git-fixes).\n\n - chelsio/chtls: fix deadlock issue (git-fixes).\n\n - chelsio/chtls: fix memory leaks caused by a race\n (git-fixes).\n\n - chelsio/chtls: fix memory leaks in CPL handlers\n (git-fixes).\n\n - chelsio/chtls: fix panic during unload reload chtls\n (git-fixes).\n\n - chelsio/chtls: fix socket lock (git-fixes).\n\n - chelsio/chtls: fix tls record info to user (git-fixes).\n\n - Cherry-pick ibmvnic patches from SP3 (jsc#SLE-17268).\n\n - chtls: Added a check to avoid NULL pointer dereference\n (git-fixes).\n\n - chtls: Fix chtls resources release sequence (git-fixes).\n\n - chtls: Fix hardware tid leak (git-fixes).\n\n - chtls: Fix panic when route to peer not configured\n (git-fixes).\n\n - chtls: Remove invalid set_tcb call (git-fixes).\n\n - chtls: Replace skb_dequeue with skb_peek (git-fixes).\n\n - cifs: check all path components in resolved dfs target\n (bsc#1181710).\n\n - cifs: fix nodfs mount option (bsc#1181710).\n\n - cifs: introduce helper for finding referral server\n (bsc#1181710).\n\n - cifs: report error instead of invalid when revalidating\n a dentry fails (bsc#1177440).\n\n - cirrus: cs89x0: remove set but not used variable 'lp'\n (git-fixes).\n\n - cirrus: cs89x0: use devm_platform_ioremap_resource() to\n simplify code (git-fixes).\n\n - clk: meson: clk-pll: fix initializing the old rate\n (fallback) for a PLL (git-fixes).\n\n - clk: meson: clk-pll: make 'ret' a signed integer\n (git-fixes).\n\n - clk: meson: clk-pll: propagate the error from\n meson_clk_pll_set_rate() (git-fixes).\n\n - clk: qcom: gcc-msm8998: Fix Alpha PLL type for all GPLLs\n (git-fixes).\n\n - clk: sunxi-ng: h6: Fix CEC clock (git-fixes).\n\n - clk: sunxi-ng: h6: Fix clock divider range on some\n clocks (git-fixes).\n\n - clk: sunxi-ng: mp: fix parent rate change flag check\n (git-fixes).\n\n - clocksource/drivers/ixp4xx: Select TIMER_OF when needed\n (git-fixes).\n\n - cpufreq: brcmstb-avs-cpufreq: Fix resource leaks in\n ->remove() (git-fixes).\n\n - cpufreq: brcmstb-avs-cpufreq: Free resources in error\n path (git-fixes).\n\n - cpuset: fix race between hotplug work and later CPU\n offline (bsc#1182676).\n\n - crypto: ecdh_helper - Ensure 'len >= secret.len' in\n decode_key() (git-fixes).\n\n - crypto: talitos - Work around SEC6 ERRATA (AES-CTR mode\n data size error) (git-fixes).\n\n - cxgb3: fix error return code in t3_sge_alloc_qset()\n (git-fixes).\n\n - cxgb4: fix all-mask IP address comparison (git-fixes).\n\n - cxgb4: fix checks for max queues to allocate\n (git-fixes).\n\n - cxgb4: fix endian conversions for L4 ports in filters\n (git-fixes).\n\n - cxgb4: fix set but unused variable when DCB is disabled\n (git-fixes).\n\n - cxgb4: fix SGE queue dump destination buffer context\n (git-fixes).\n\n - cxgb4: fix the panic caused by non smac rewrite\n (git-fixes).\n\n - cxgb4: move DCB version extern to header file\n (git-fixes).\n\n - cxgb4: move handling L2T ARP failures to caller\n (git-fixes).\n\n - cxgb4: move PTP lock and unlock to caller in Tx path\n (git-fixes).\n\n - cxgb4: parse TC-U32 key values and masks natively\n (git-fixes).\n\n - cxgb4: remove cast when saving IPv4 partial checksum\n (git-fixes).\n\n - cxgb4: set up filter action after rewrites (git-fixes).\n\n - cxgb4: use correct type for all-mask IP address\n comparison (git-fixes).\n\n - cxgb4: use unaligned conversion for fetching timestamp\n (git-fixes).\n\n - dmaengine: fsldma: Fix a resource leak in an error\n handling path of the probe function (git-fixes).\n\n - dmaengine: fsldma: Fix a resource leak in the remove\n function (git-fixes).\n\n - dmaengine: hsu: disable spurious interrupt (git-fixes).\n\n - dmaengine: owl-dma: Fix a resource leak in the remove\n function (git-fixes).\n\n - dm crypt: avoid truncating the logical block size\n (git-fixes).\n\n - dm: fix bio splitting and its bio completion order for\n regular IO (git-fixes).\n\n - dm thin: fix use-after-free in\n metadata_pre_commit_callback (bsc#1177529).\n\n - dm thin metadata: Avoid returning cmd->bm wild pointer\n on error (bsc#1177529).\n\n - dm thin metadata: fix lockdep complaint (bsc#1177529).\n\n - dm thin metadata: Fix use-after-free in\n dm_bm_set_read_only (bsc#1177529).\n\n - dm: use noio when sending kobject event (bsc#1177529).\n\n - docs: filesystems: vfs: correct flag name (bsc#1182856).\n\n - dpaa2-eth: fix return codes used in ndo_setup_tc\n (git-fixes).\n\n - Drivers: hv: vmbus: Avoid use-after-free in\n vmbus_onoffer_rescind() (git-fixes).\n\n - drivers: net: davinci_mdio: fix potential NULL\n dereference in davinci_mdio_probe() (git-fixes).\n\n - drivers: soc: atmel: add null entry at the end of\n at91_soc_allowed_list[] (git-fixes).\n\n - drivers: soc: atmel: Avoid calling at91_soc_init on non\n AT91 SoCs (git-fixes).\n\n - drm/amd/display: Change function decide_dp_link_settings\n to avoid infinite looping (git-fixes).\n\n - drm/amd/display: Decrement refcount of dc_sink before\n reassignment (git-fixes).\n\n - drm/amd/display: Fix 10/12 bpc setup in DCE output bit\n depth reduction (git-fixes).\n\n - drm/amd/display: Fix dc_sink kref count in\n emulated_link_detect (git-fixes).\n\n - drm/amd/display: Fix HDMI deep color output for DCE 6-11\n (git-fixes).\n\n - drm/amd/display: Free atomic state after\n drm_atomic_commit (git-fixes).\n\n - drm/amd/display: Revert 'Fix EDID parsing after resume\n from suspend' (git-fixes).\n\n - drm/amdgpu: Fix macro name _AMDGPU_TRACE_H_ in\n preprocessor if condition (git-fixes).\n\n - drm/fb-helper: Add missed unlocks in setcmap_legacy()\n (git-fixes).\n\n - drm/gma500: Fix error return code in psb_driver_load()\n (git-fixes).\n\n - drm/meson: Unbind all connectors on module removal\n (bsc#1152472)\n\n - drm/sun4i: dw-hdmi: always set clock rate (bsc#1152472)\n\n - drm/sun4i: dw-hdmi: Fix max. frequency for H6\n (bsc#1152472)\n\n - drm/sun4i: Fix H6 HDMI PHY configuration (bsc#1152472)\n\n - drm/sun4i: tcon: set sync polarity for tcon1 channel\n (bsc#1152472)\n\n - drm/vc4: hvs: Fix buffer overflow with the dlist\n handling (bsc#1152489)\n\n - exec: Always set cap_ambient in cap_bprm_set_creds\n (git-fixes).\n\n - exfat: Avoid allocating upcase table using kcalloc()\n (git-fixes).\n\n - ext4: do not remount read-only with errors=continue on\n reboot (bsc#1182464).\n\n - ext4: fix a memory leak of ext4_free_data (bsc#1182447).\n\n - ext4: fix bug for rename with RENAME_WHITEOUT\n (bsc#1182449).\n\n - ext4: fix deadlock with fs freezing and EA inodes\n (bsc#1182463).\n\n - ext4: fix superblock checksum failure when setting\n password salt (bsc#1182465).\n\n - ext4: prevent creating duplicate encrypted filenames\n (bsc#1182446).\n\n - fgraph: Initialize tracing_graph_pause at task creation\n (git-fixes).\n\n - firmware_loader: align .builtin_fw to 8 (git-fixes).\n\n - fscrypt: add fscrypt_is_nokey_name() (bsc#1182446).\n\n - fscrypt: rename DCACHE_ENCRYPTED_NAME to\n DCACHE_NOKEY_NAME (bsc#1182446).\n\n - fs: fix lazytime expiration handling in\n __writeback_single_inode() (bsc#1182466).\n\n - gma500: clean up error handling in init (git-fixes).\n\n - gpio: pcf857x: Fix missing first interrupt (git-fixes).\n\n - HID: core: detect and skip invalid inputs to snto32()\n (git-fixes).\n\n - HID: make arrays usage and value to be the same\n (git-fixes).\n\n - HID: wacom: Ignore attempts to overwrite the touch_max\n value from HID (git-fixes).\n\n - hwrng: timeriomem - Fix cooldown period calculation\n (git-fixes).\n\n - i2c: brcmstb: Fix brcmstd_send_i2c_cmd condition\n (git-fixes).\n\n - i2c: iproc: handle only slave interrupts which are\n enabled (git-fixes).\n\n - i2c: mediatek: Move suspend and resume handling to NOIRQ\n phase (git-fixes).\n\n - i2c: stm32f7: fix configuration of the digital filter\n (git-fixes).\n\n - i3c: master: dw: Drop redundant disec call (git-fixes).\n\n - i40e: acquire VSI pointer only after VF is initialized\n (jsc#SLE-8025).\n\n - i40e: avoid premature Rx buffer reuse (git-fixes).\n\n - i40e: Fix Error I40E_AQ_RC_EINVAL when removing VFs\n (git-fixes).\n\n - i40e: Fix MAC address setting for a VF via Host/VM\n (git-fixes).\n\n - i40e: Fix removing driver while bare-metal VFs pass\n traffic (git-fixes).\n\n - i40e: Revert 'i40e: do not report link up for a VF who\n hasn't enabled queues' (jsc#SLE-8025).\n\n - iavf: fix double-release of rtnl_lock (git-fixes).\n\n - iavf: fix error return code in iavf_init_get_resources()\n (git-fixes).\n\n - iavf: fix speed reporting over virtchnl (git-fixes).\n\n - iavf: Fix updating statistics (git-fixes).\n\n - ibmvnic: add memory barrier to protect long term buffer\n (bsc#1182485 ltc#191591).\n\n - ibmvnic: change IBMVNIC_MAX_IND_DESCS to 16 (bsc#1182485\n ltc#191591).\n\n - ibmvnic: Clean up TX code and TX buffer data structure\n (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: Clear failover_pending if unable to schedule\n (bsc#1181960 ltc#190997).\n\n - ibmvnic: compare adapter->init_done_rc with more\n readable ibmvnic_rc_codes (jsc#SLE-17043 bsc#1179243\n ltc#189290).\n\n - ibmvnic: Correctly re-enable interrupts in NAPI polling\n routine (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: create send_control_ip_offload (jsc#SLE-17043\n bsc#1179243 ltc#189290).\n\n - ibmvnic: create send_query_ip_offload (jsc#SLE-17043\n bsc#1179243 ltc#189290).\n\n - ibmvnic: device remove has higher precedence over reset\n (bsc#1065729).\n\n - ibmvnic: Do not replenish RX buffers after every polling\n loop (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: Ensure that CRQ entry read are correctly\n ordered (bsc#1182485 ltc#191591).\n\n - ibmvnic: Ensure that device queue memory is cache-line\n aligned (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: Ensure that SCRQ entry reads are correctly\n ordered (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: fix a race between open and reset (bsc#1176855\n ltc#187293).\n\n - ibmvnic: fix login buffer memory leak (bsc#1081134\n ltc#164631).\n\n - ibmvnic: fix NULL pointer dereference in\n ibmvic_reset_crq (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: fix rx buffer tracking and index management in\n replenish_rx_pool partial success (bsc#1179929\n ltc#189960).\n\n - ibmvnic: Fix TX completion error handling (jsc#SLE-17043\n bsc#1179243 ltc#189290).\n\n - ibmvnic: Fix use-after-free of VNIC login response\n buffer (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: handle inconsistent login with reset\n (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: Harden device Command Response Queue handshake\n (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: improve ibmvnic_init and ibmvnic_reset_init\n (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: Introduce batched RX buffer descriptor\n transmission (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: Introduce indirect subordinate Command Response\n Queue buffer (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: Introduce xmit_more support using batched\n subCRQ hcalls (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: merge ibmvnic_reset_init and ibmvnic_init\n (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: no reset timeout for 5 seconds after reset\n (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: reduce wait for completion time (jsc#SLE-17043\n bsc#1179243 ltc#189290).\n\n - ibmvnic: remove never executed if statement\n (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: Remove send_subcrq function (jsc#SLE-17043\n bsc#1179243 ltc#189290).\n\n - ibmvnic: rename ibmvnic_send_req_caps to\n send_request_cap (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: rename send_cap_queries to send_query_cap\n (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: rename send_map_query to send_query_map\n (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: send_login should check for crq errors\n (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: serialize access to work queue on remove\n (bsc#1065729).\n\n - ibmvnic: Set to CLOSED state even on error (bsc#1084610\n ltc#165122 git-fixes).\n\n - ibmvnic: skip send_request_unmap for timeout reset\n (bsc#1182485 ltc#191591).\n\n - ibmvnic: skip tx timeout reset while in resetting\n (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: stop free_all_rwi on failed reset\n (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - ibmvnic: store RX and TX subCRQ handle array in\n ibmvnic_adapter struct (jsc#SLE-17043 bsc#1179243\n ltc#189290).\n\n - ibmvnic: track pending login (jsc#SLE-17043 bsc#1179243\n ltc#189290).\n\n - ibmvnic: update MAINTAINERS (jsc#SLE-17043 bsc#1179243\n ltc#189290).\n\n - ibmvnic: Use netdev_alloc_skb instead of alloc_skb to\n replenish RX buffers (jsc#SLE-17043 bsc#1179243\n ltc#189290).\n\n - ice: Do not allow more channels than LAN MSI-X available\n (jsc#SLE-7926).\n\n - ice: Fix MSI-X vector fallback logic (jsc#SLE-7926).\n\n - igc: check return value of ret_val in\n igc_config_fc_after_link_up (git-fixes).\n\n - igc: fix link speed advertising (git-fixes).\n\n - igc: Fix returning wrong statistics (git-fixes).\n\n - igc: Report speed and duplex as unknown when device is\n runtime suspended (git-fixes).\n\n - igc: set the default return value to -IGC_ERR_NVM in\n igc_write_nvm_srwr (git-fixes).\n\n - include/linux/memremap.h: remove stale comments\n (git-fixes).\n\n - Input: elo - fix an error code in elo_connect()\n (git-fixes).\n\n - Input: i8042 - unbreak Pegatron C15B (git-fixes).\n\n - Input: joydev - prevent potential read overflow in ioctl\n (git-fixes).\n\n - Input: sur40 - fix an error code in sur40_probe()\n (git-fixes).\n\n - Input: xpad - sync supported devices with fork on GitHub\n (git-fixes).\n\n - iwlwifi: mvm: do not send RFH_QUEUE_CONFIG_CMD with no\n queues (git-fixes).\n\n - iwlwifi: mvm: guard against device removal in reprobe\n (git-fixes).\n\n - iwlwifi: mvm: invalidate IDs of internal stations at mvm\n start (git-fixes).\n\n - iwlwifi: mvm: skip power command when unbinding vif\n during CSA (git-fixes).\n\n - iwlwifi: mvm: take mutex for calling\n iwl_mvm_get_sync_time() (git-fixes).\n\n - iwlwifi: pcie: add a NULL check in iwl_pcie_txq_unmap\n (git-fixes).\n\n - iwlwifi: pcie: fix context info memory leak (git-fixes).\n\n - iwlwifi: pcie: reschedule in long-running memory reads\n (git-fixes).\n\n - iwlwifi: pcie: use jiffies for memory read spin time\n limit (git-fixes).\n\n - ixgbe: avoid premature Rx buffer reuse (git-fixes).\n\n - ixgbe: Fix XDP redirect on archs with PAGE_SIZE above 4K\n (git-fixes).\n\n - kABI: Fix kABI after AMD SEV PCID fixes (bsc#1178995).\n\n - kABI: Fix kABI after modifying struct __call_single_data\n (bsc#1180846).\n\n - kABI: Fix kABI for extended APIC-ID support\n (bsc#1181259, jsc#ECO-3191).\n\n - kABI: repair, after 'nVMX: Emulate MTF when\n performinginstruction emulation' kvm_x86_ops is part of\n kABI as it's used by LTTng. But it's only read and never\n allocated in there, so growing it (without altering\n existing members' offsets) is fine.\n\n - kernel-binary.spec: Add back initrd and image symlink\n ghosts to filelist (bsc#1182140). Fixes: 76a9256314c3\n ('rpm/kernel-(source,binary).spec: do not include ghost\n symlinks (boo#1179082).')\n\n - kernel/smp: add boot parameter for controlling CSD lock\n debugging (bsc#1180846).\n\n - kernel/smp: add more data to CSD lock debugging\n (bsc#1180846).\n\n - kernel/smp: prepare more CSD lock debugging\n (bsc#1180846).\n\n - kernel/smp: Provide CSD lock timeout diagnostics\n (bsc#1180846).\n\n - KVM: arm64: Assume write fault on S1PTW permission fault\n on instruction fetch (bsc#1181818).\n\n - KVM: arm64: Remove S1PTW check from\n kvm_vcpu_dabt_iswrite() (bsc#1181818).\n\n - KVM: nVMX: do not clear mtf_pending when nested events\n are blocked (bsc#1182489).\n\n - KVM: nVMX: Emulate MTF when performing instruction\n emulation (bsc#1182380).\n\n - KVM: nVMX: Handle pending #DB when injecting INIT\n VM-exit. Pulling in as a dependency of: 'KVM: nVMX:\n Emulate MTF when performing instruction emulation'\n (bsc#1182380).\n\n - KVM: SVM: Update cr3_lm_rsvd_bits for AMD SEV guests\n (bsc#1178995).\n\n - KVM: tracing: Fix unmatched kvm_entry and kvm_exit\n events (bsc#1182770).\n\n - KVM: VMX: Condition ENCLS-exiting enabling on CPU\n support for SGX1 (bsc#1182798).\n\n - KVM: x86: Allocate new rmap and large page tracking when\n moving memslot (bsc#1182800).\n\n - KVM: x86: allow KVM_STATE_NESTED_MTF_PENDING in\n kvm_state flags (bsc#1182490).\n\n - KVM: x86: clear stale x86_emulate_ctxt->intercept value\n (bsc#1182381).\n\n - KVM: x86: do not notify userspace IOAPIC on\n edge-triggered interrupt EOI (bsc#1182374).\n\n - KVM: x86: Gracefully handle __vmalloc() failure during\n VM allocation (bsc#1182801).\n\n - KVM: x86: Introduce cr3_lm_rsvd_bits in kvm_vcpu_arch\n (bsc#1178995).\n\n - KVM: x86: remove stale comment from struct\n x86_emulate_ctxt (bsc#1182406).\n\n - libnvdimm/dimm: Avoid race between probe and\n available_slots_show() (bsc#1170442).\n\n - lib/vsprintf: no_hash_pointers prints all addresses as\n unhashed (bsc#1182599).\n\n - linux/clk.h: use correct kernel-doc notation for 2\n functions (git-fixes).\n\n - mac80211: 160MHz with extended NSS BW in CSA\n (git-fixes).\n\n - mac80211: fix fast-rx encryption check (git-fixes).\n\n - mac80211: fix potential overflow when multiplying to u32\n integers (git-fixes).\n\n - mac80211: pause TX while changing interface type\n (git-fixes).\n\n - macros.kernel-source: Use spec_install_pre for\n certificate installation (boo#1182672). Since rpm 4.16\n files installed during build phase are lost.\n\n - MAINTAINERS: remove John Allen from ibmvnic\n (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - matroxfb: avoid -Warray-bounds warning (bsc#1152472)\n\n - media: aspeed: fix error return code in\n aspeed_video_setup_video() (git-fixes).\n\n - media: camss: missing error code in msm_video_register()\n (git-fixes).\n\n - media: cx25821: Fix a bug when reallocating some dma\n memory (git-fixes).\n\n - media: em28xx: Fix use-after-free in em28xx_alloc_urbs\n (git-fixes).\n\n - media: i2c: ov5670: Fix PIXEL_RATE minimum value\n (git-fixes).\n\n - media: ipu3-cio2: Fix mbus_code processing in\n cio2_subdev_set_fmt() (git-fixes).\n\n - media: lmedm04: Fix misuse of comma (git-fixes).\n\n - media: media/pci: Fix memleak in empress_init\n (git-fixes).\n\n - media: mt9v111: Remove unneeded device-managed puts\n (git-fixes).\n\n - media: pwc: Use correct device for DMA (bsc#1181133).\n\n - media: pxa_camera: declare variable when DEBUG is\n defined (git-fixes).\n\n - media: qm1d1c0042: fix error return code in\n qm1d1c0042_init() (git-fixes).\n\n - media: software_node: Fix refcounts in\n software_node_get_next_child() (git-fixes).\n\n - media: tm6000: Fix memleak in tm6000_start_stream\n (git-fixes).\n\n - media: vsp1: Fix an error handling path in the probe\n function (git-fixes).\n\n - mei: hbm: call mei_set_devstate() on hbm stop response\n (git-fixes).\n\n - memory: ti-aemif: Drop child node when jumping out loop\n (git-fixes).\n\n - mfd: bd9571mwv: Use devm_mfd_add_devices() (git-fixes).\n\n - mfd: wm831x-auxadc: Prevent use after free in\n wm831x_auxadc_read_irq() (git-fixes).\n\n - misc: eeprom_93xx46: Add module alias to avoid breaking\n support for non device tree users (git-fixes).\n\n - misc: eeprom_93xx46: Fix module alias to enable module\n autoprobe (git-fixes).\n\n - mlxsw: core: Add validation of transceiver temperature\n thresholds (git-fixes).\n\n - mlxsw: core: Fix memory leak on module removal\n (git-fixes).\n\n - mlxsw: core: Fix use-after-free in\n mlxsw_emad_trans_finish() (git-fixes).\n\n - mlxsw: core: Free EMAD transactions using kfree_rcu()\n (git-fixes).\n\n - mlxsw: core: Increase critical threshold for ASIC\n thermal zone (git-fixes).\n\n - mlxsw: core: Increase scope of RCU read-side critical\n section (git-fixes).\n\n - mlxsw: core: Use variable timeout for EMAD retries\n (git-fixes).\n\n - mlxsw: spectrum_acl: Fix mlxsw_sp_acl_tcam_group_add()'s\n error path (git-fixes).\n\n - mlxsw: spectrum: Fix use-after-free of\n split/unsplit/type_set in case reload fails (git-fixes).\n\n - mmc: core: Limit retries when analyse of SDIO tuples\n fails (git-fixes).\n\n - mmc: renesas_sdhi_internal_dmac: Fix DMA buffer\n alignment from 8 to 128-bytes (git-fixes).\n\n - mmc: sdhci-sprd: Fix some resource leaks in the remove\n function (git-fixes).\n\n - mmc: usdhi6rol0: Fix a resource leak in the error\n handling path of the probe (git-fixes).\n\n - mm/pmem: avoid inserting hugepage PTE entry with fsdax\n if hugepage support is disabled (bsc#1181896\n ltc#191273).\n\n - mm: proc: Invalidate TLB after clearing soft-dirty page\n state (bsc#1163776 ltc#183929 git-fixes).\n\n - mm: thp: kABI: move the added flag to the end of enum\n (bsc#1181896 ltc#191273).\n\n - mt76: dma: fix a possible memory leak in\n mt76_add_fragment() (git-fixes).\n\n - net: ag71xx: add missed clk_disable_unprepare in error\n path of probe (git-fixes).\n\n - net: axienet: Fix error return code in axienet_probe()\n (git-fixes).\n\n - net: bcmgenet: Fix WoL with password after deep sleep\n (git-fixes).\n\n - net: bcmgenet: keep MAC in reset until PHY is up\n (git-fixes).\n\n - net: bcmgenet: re-remove bcmgenet_hfb_add_filter\n (git-fixes).\n\n - net: bcmgenet: set Rx mode before starting netif\n (git-fixes).\n\n - net: bcmgenet: use hardware padding of runt frames\n (git-fixes).\n\n - net: broadcom CNIC: requires MMU (git-fixes).\n\n - net: caif: Fix debugfs on 64-bit platforms (git-fixes).\n\n - net/cxgb4: Check the return from t4_query_params\n properly (git-fixes).\n\n - net: cxgb4: fix return error value in t4_prep_fw\n (git-fixes).\n\n - net: dsa: bcm_sf2: Fix overflow checks (git-fixes).\n\n - net: dsa: lantiq_gswip: fix and improve the unsupported\n interface error (git-fixes).\n\n - net: dsa: mt7530: Change the LINK bit to reflect the\n link status (git-fixes).\n\n - net: dsa: mt7530: set CPU port to fallback mode\n (git-fixes).\n\n - net: ena: set initial DMA width to avoid intel iommu\n issue (git-fixes).\n\n - net: ethernet: ave: Fix error returns in ave_init\n (git-fixes).\n\n - net: ethernet: mlx4: Avoid assigning a value to\n ring_cons but not used it anymore in mlx4_en_xmit()\n (git-fixes).\n\n - net: ethernet: ti: ale: fix allmulti for nu type ale\n (git-fixes).\n\n - net: ethernet: ti: ale: fix seeing unreg mcast packets\n with promisc and allmulti disabled (git-fixes).\n\n - net: ethernet: ti: ale: modify vlan/mdb api for\n switchdev (git-fixes).\n\n - net: ethernet: ti: cpsw: allow untagged traffic on host\n port (git-fixes).\n\n - net: ethernet: ti: fix some return value check of\n cpsw_ale_create() (git-fixes).\n\n - net: gemini: Fix missing clk_disable_unprepare() in\n error path of gemini_ethernet_port_probe() (git-fixes).\n\n - net: gro: do not keep too many GRO packets in\n napi->rx_list (bsc#1154353).\n\n - net: hns3: add a check for queue_id in\n hclge_reset_vf_queue() (git-fixes).\n\n - net: hns3: add a missing uninit debugfs when unload\n driver (git-fixes).\n\n - net: hns3: add reset check for VF updating port based\n VLAN (git-fixes).\n\n - net: hns3: clear port base VLAN when unload PF\n (git-fixes).\n\n - net: hns3: fix aRFS FD rules leftover after add a user\n FD rule (git-fixes).\n\n - net: hns3: fix a TX timeout issue (git-fixes).\n\n - net: hns3: fix desc filling bug when skb is expanded or\n lineared (git-fixes).\n\n - net: hns3: fix for mishandle of asserting VF reset fail\n (git-fixes).\n\n - net: hns3: fix for VLAN config when reset failed\n (git-fixes).\n\n - net: hns3: fix RSS config lost after VF reset\n (git-fixes).\n\n - net: hns3: fix set and get link ksettings issue\n (git-fixes).\n\n - net: hns3: fix 'tc qdisc del' failed issue (git-fixes).\n\n - net: hns3: fix the number of queues actually used by ARQ\n (git-fixes).\n\n - net: hns3: fix use-after-free when doing self test\n (git-fixes).\n\n - net: hns3: fix VF VLAN table entries inconsistent issue\n (git-fixes).\n\n - net: hns: fix return value check in __lb_other_process()\n (git-fixes).\n\n - net: lpc-enet: fix error return code in lpc_mii_init()\n (git-fixes).\n\n - net: macb: fix call to pm_runtime in the suspend/resume\n functions (git-fixes).\n\n - net: macb: fix wakeup test in runtime suspend/resume\n routines (git-fixes).\n\n - net: macb: mark device wake capable when 'magic-packet'\n property present (git-fixes).\n\n - net/mlx4_core: fix a memory leak bug (git-fixes).\n\n - net/mlx4_core: Fix init_hca fields offset (git-fixes).\n\n - net/mlx4_en: Avoid scheduling restart task if it is\n already running (bsc#1181854).\n\n - net/mlx4_en: Handle TX error CQE (bsc#1181854).\n\n - net/mlx5: Add handling of port type in rule deletion\n (git-fixes).\n\n - net/mlx5: Annotate mutex destroy for root ns\n (git-fixes).\n\n - net/mlx5: Clear LAG notifier pointer after unregister\n (git-fixes).\n\n - net/mlx5: Disable QoS when min_rates on all VFs are zero\n (git-fixes).\n\n - net/mlx5: Do not call timecounter cyc2time directly from\n 1PPS flow (git-fixes).\n\n - net/mlx5: Do not maintain a case of del_sw_func being\n null (git-fixes).\n\n - net/mlx5e: Correctly handle changing the number of\n queues when the interface is down (git-fixes).\n\n - net/mlx5e: Do not trigger IRQ multiple times on XSK\n wakeup to avoid WQ overruns (git-fixes).\n\n - net/mlx5e: en_accel, Add missing net/geneve.h include\n (git-fixes).\n\n - net/mlx5e: Encapsulate updating netdev queues into a\n function (git-fixes).\n\n - net/mlx5e: E-switch, Fix rate calculation for overflow\n (jsc#SLE-8464).\n\n - net/mlx5e: fix bpf_prog reference count leaks in\n mlx5e_alloc_rq (git-fixes).\n\n - net/mlx5e: Fix configuration of XPS cpumasks and netdev\n queues in corner cases (git-fixes).\n\n - net/mlx5e: Fix endianness handling in pedit mask\n (git-fixes).\n\n - net/mlx5e: Fix error path of device attach (git-fixes).\n\n - net/mlx5e: Fix memleak in mlx5e_create_l2_table_groups\n (git-fixes).\n\n - net/mlx5e: Fix two double free cases (git-fixes).\n\n - net/mlx5e: Fix VLAN cleanup flow (git-fixes).\n\n - net/mlx5e: Fix VLAN create flow (git-fixes).\n\n - net/mlx5e: Get the latest values from counters in\n switchdev mode (git-fixes).\n\n - net/mlx5e: IPoIB, Drop multicast packets that this\n interface sent (git-fixes).\n\n - net/mlx5e: kTLS, Fix wrong value in record tracker enum\n (git-fixes).\n\n - net/mlx5e: Reduce tc unsupported key print level\n (git-fixes).\n\n - net/mlx5e: Rename hw_modify to preactivate (git-fixes).\n\n - net/mlx5e: Set of completion request bit should not\n clear other adjacent bits (git-fixes).\n\n - net/mlx5: E-switch, Destroy TSAR after reload interface\n (git-fixes).\n\n - net/mlx5: E-Switch, Hold mutex when querying drop\n counter in legacy mode (git-fixes).\n\n - net/mlx5: E-Switch, Use vport metadata matching by\n default (git-fixes).\n\n - net/mlx5: E-Switch, Use vport metadata matching only\n when mandatory (git-fixes).\n\n - net/mlx5e: Use preactivate hook to set the indirection\n table (git-fixes).\n\n - net/mlx5e: vxlan: Use RCU for vxlan table lookup\n (git-fixes).\n\n - net/mlx5: Fix a bug of using ptp channel index as pin\n index (git-fixes).\n\n - net/mlx5: Fix deletion of duplicate rules (git-fixes).\n\n - net/mlx5: Fix failing fw tracer allocation on s390\n (git-fixes).\n\n - net/mlx5: Fix memory leak on flow table creation error\n flow (git-fixes).\n\n - net/mlx5: Fix request_irqs error flow (git-fixes).\n\n - net/mlx5: Fix wrong address reclaim when command\n interface is down (git-fixes).\n\n - net/mlx5: Query PPS pin operational status before\n registering it (git-fixes).\n\n - net/mlx5: Verify Hardware supports requested ptp\n function on a given pin (git-fixes).\n\n - net: moxa: Fix a potential double 'free_irq()'\n (git-fixes).\n\n - net: mscc: ocelot: ANA_AUTOAGE_AGE_PERIOD holds a value\n in seconds, not ms (git-fixes).\n\n - net: mscc: ocelot: fix address ageing time (again)\n (git-fixes).\n\n - net: mscc: ocelot: properly account for VLAN header\n length when setting MRU (git-fixes).\n\n - net: mvpp2: Add TCAM entry to drop flow control pause\n frames (git-fixes).\n\n - net: mvpp2: disable force link UP during port init\n procedure (git-fixes).\n\n - net: mvpp2: Fix error return code in mvpp2_open()\n (git-fixes).\n\n - net: mvpp2: Fix GoP port 3 Networking Complex Control\n configurations (git-fixes).\n\n - net: mvpp2: fix memory leak in mvpp2_rx (git-fixes).\n\n - net: mvpp2: fix pkt coalescing int-threshold\n configuration (git-fixes).\n\n - net: mvpp2: prs: fix PPPoE with ipv6 packet parse\n (git-fixes).\n\n - net: mvpp2: Remove Pause and Asym_Pause support\n (git-fixes).\n\n - net: mvpp2: TCAM entry enable should be written after\n SRAM data (git-fixes).\n\n - net: netsec: Correct dma sync for XDP_TX frames\n (git-fixes).\n\n - net: nixge: fix potential memory leak in nixge_probe()\n (git-fixes).\n\n - net: octeon: mgmt: Repair filling of RX ring\n (git-fixes).\n\n - net: phy: at803x: use operating parameters from\n PHY-specific status (git-fixes).\n\n - net: phy: extract link partner advertisement reading\n (git-fixes).\n\n - net: phy: extract pause mode (git-fixes).\n\n - net: phy: marvell10g: fix NULL pointer dereference\n (git-fixes).\n\n - net: phy: marvell10g: fix temperature sensor on 2110\n (git-fixes).\n\n - net: phy: read MII_CTRL1000 in genphy_read_status only\n if needed (git-fixes).\n\n - net: qca_spi: fix receive buffer size check (git-fixes).\n\n - net: qca_spi: Move reset_count to struct qcaspi\n (git-fixes).\n\n - net: qede: fix PTP initialization on recovery\n (git-fixes).\n\n - net: qede: fix use-after-free on recovery and AER\n handling (git-fixes).\n\n - net: qede: stop adding events on an already destroyed\n workqueue (git-fixes).\n\n - net: qed: fix async event callbacks unregistering\n (git-fixes).\n\n - net: qed: fix excessive QM ILT lines consumption\n (git-fixes).\n\n - net: qed: fix 'maybe uninitialized' warning (git-fixes).\n\n - net: qed: fix NVMe login fails over VFs (git-fixes).\n\n - net: qed: RDMA personality shouldn't fail VF load\n (git-fixes).\n\n - net: re-solve some conflicts after net -> net-next merge\n (bsc#1176855 ltc#187293).\n\n - net: rmnet: do not allow to add multiple bridge\n interfaces (git-fixes).\n\n - net: rmnet: do not allow to change mux id if mux id is\n duplicated (git-fixes).\n\n - net: rmnet: fix bridge mode bugs (git-fixes).\n\n - net: rmnet: fix lower interface leak (git-fixes).\n\n - net: rmnet: fix NULL pointer dereference in\n rmnet_changelink() (git-fixes).\n\n - net: rmnet: fix NULL pointer dereference in\n rmnet_newlink() (git-fixes).\n\n - net: rmnet: fix packet forwarding in rmnet bridge mode\n (git-fixes).\n\n - net: rmnet: fix suspicious RCU usage (git-fixes).\n\n - net: rmnet: print error message when command fails\n (git-fixes).\n\n - net: rmnet: remove rcu_read_lock in\n rmnet_force_unassociate_device() (git-fixes).\n\n - net: rmnet: use upper/lower device infrastructure\n (git-fixes).\n\n - net, sctp, filter: remap copy_from_user failure error\n (bsc#1181637).\n\n - net: smc91x: Fix possible memory leak in smc_drv_probe()\n (git-fixes).\n\n - net/sonic: Add mutual exclusion for accessing shared\n state (git-fixes).\n\n - net: stmmac: 16KB buffer must be 16 byte aligned\n (git-fixes).\n\n - net: stmmac: Always arm TX Timer at end of transmission\n start (git-fixes).\n\n - net: stmmac: Do not accept invalid MTU values\n (git-fixes).\n\n - net: stmmac: dwmac-sunxi: Provide TX and RX fifo sizes\n (git-fixes).\n\n - net: stmmac: Enable 16KB buffer size (git-fixes).\n\n - net: stmmac: fix disabling flexible PPS output\n (git-fixes).\n\n - net: stmmac: fix length of PTP clock's name string\n (git-fixes).\n\n - net: stmmac: Fix the TX IOC in xmit path (git-fixes).\n\n - net: stmmac: RX buffer size must be 16 byte aligned\n (git-fixes).\n\n - net: stmmac: selftests: Flow Control test can also run\n with ASYM Pause (git-fixes).\n\n - net: stmmac: selftests: Needs to check the number of\n Multicast regs (git-fixes).\n\n - net: stmmac: xgmac: Clear previous RX buffer size\n (git-fixes).\n\n - net: sun: fix missing release regions in cas_init_one()\n (git-fixes).\n\n - net: team: fix memory leak in __team_options_register\n (git-fixes).\n\n - net: thunderx: initialize VF's mailbox mutex before\n first usage (git-fixes).\n\n - net: usb: qmi_wwan: added support for Thales Cinterion\n PLSx3 modem family (git-fixes).\n\n - net: usb: qmi_wwan: Adding support for Cinterion MV31\n (git-fixes).\n\n - nvme-hwmon: rework to avoid devm allocation\n (bsc#1177326).\n\n - nvme-multipath: Early exit if no path is available\n (bsc#1180964).\n\n - nvme: re-read ANA log on NS CHANGED AEN (bsc#1179137).\n\n - nvmet-tcp: Fix NULL dereference when a connect data\n comes in h2cdata pdu (bsc#1182547).\n\n - objtool: Do not fail on missing symbol table\n (bsc#1169514).\n\n - perf/x86/intel/uncore: Factor out\n uncore_pci_find_dev_pmu() (bsc#1180989).\n\n - perf/x86/intel/uncore: Factor out\n uncore_pci_get_dev_die_info() (bsc#1180989).\n\n - perf/x86/intel/uncore: Factor out\n uncore_pci_pmu_register() (bsc#1180989).\n\n - perf/x86/intel/uncore: Factor out\n uncore_pci_pmu_unregister() (bsc#1180989).\n\n - perf/x86/intel/uncore: Generic support for the PCI sub\n driver (bsc#1180989).\n\n - perf/x86/intel/uncore: Store the logical die id instead\n of the physical die id (bsc#1180989).\n\n - perf/x86/intel/uncore: With > 8 nodes, get pci bus die\n id from NUMA info (bsc#1180989).\n\n - phy: cpcap-usb: Fix warning for missing\n regulator_disable (git-fixes).\n\n - phy: rockchip-emmc: emmc_phy_init() always return 0\n (git-fixes).\n\n - platform/x86: hp-wmi: Disable tablet-mode reporting by\n default (git-fixes).\n\n - platform/x86: intel-vbtn: Support for tablet mode on\n Dell Inspiron 7352 (git-fixes).\n\n - platform/x86: touchscreen_dmi: Add swap-x-y quirk for\n Goodix touchscreen on Estar Beauty HD tablet\n (git-fixes).\n\n - powerpc/book3s64/hash: Add cond_resched to avoid soft\n lockup warning (bsc#1182571 ltc#191345).\n\n - powerpc/boot: Delete unneeded .globl _zimage_start\n (bsc#1156395).\n\n - powerpc: Fix alignment bug within the init sections\n (bsc#1065729).\n\n - powerpc/fpu: Drop cvt_fd() and cvt_df() (bsc#1156395).\n\n - powerpc/hvcall: add token and codes for H_VASI_SIGNAL\n (bsc#1181674 ltc#189159).\n\n - powerpc: kABI: add back suspend_disable_cpu in\n machdep_calls (bsc#1181674 ltc#189159).\n\n - powerpc/machdep: remove suspend_disable_cpu()\n (bsc#1181674 ltc#189159).\n\n - powerpc/mm/pkeys: Make pkey access check work on\n execute_only_key (bsc#1181544 ltc#191080 git-fixes).\n\n - powerpc/numa: Fix build when CONFIG_NUMA=n (bsc#1132477\n ltc#175530).\n\n - powerpc/numa: make vphn_enabled, prrn_enabled flags\n const (bsc#1181674 ltc#189159).\n\n - powerpc/numa: remove ability to enable topology updates\n (bsc#1181674 ltc#189159).\n\n - powerpc/numa: remove arch_update_cpu_topology\n (bsc#1181674 ltc#189159).\n\n - powerpc/numa: Remove late request for home node\n associativity (bsc#1181674 ltc#189159).\n\n - powerpc/numa: remove prrn_is_enabled() (bsc#1181674\n ltc#189159).\n\n - powerpc/numa: remove start/stop_topology_update()\n (bsc#1181674 ltc#189159).\n\n - powerpc/numa: remove timed_topology_update()\n (bsc#1181674 ltc#189159).\n\n - powerpc/numa: remove unreachable topology timer code\n (bsc#1181674 ltc#189159).\n\n - powerpc/numa: remove unreachable topology update code\n (bsc#1181674 ltc#189159).\n\n - powerpc/numa: remove unreachable topology workqueue code\n (bsc#1181674 ltc#189159).\n\n - powerpc/numa: remove vphn_enabled and prrn_enabled\n internal flags (bsc#1181674 ltc#189159).\n\n - powerpc/numa: stub out numa_update_cpu_topology()\n (bsc#1181674 ltc#189159).\n\n - powerpc/perf: Exclude kernel samples while counting\n events in user space (bsc#1065729).\n\n - powerpc/perf/hv-24x7: Dont create sysfs event files for\n dummy events (bsc#1182118 ltc#190624).\n\n - powerpc/pkeys: Avoid using lockless page table walk\n (bsc#1181544 ltc#191080).\n\n - powerpc/pkeys: Check vma before returning key fault\n error to the user (bsc#1181544 ltc#191080).\n\n - powerpc/powernv/memtrace: Do not leak kernel memory to\n user space (bsc#1156395).\n\n - powerpc/powernv/memtrace: Fix crashing the kernel when\n enabling concurrently (bsc#1156395).\n\n - powerpc/powernv/npu: Do not attempt NPU2 setup on\n POWER8NVL NPU (bsc#1156395).\n\n - powerpc/prom: Fix 'ibm,arch-vec-5-platform-support' scan\n (bsc#1182602 ltc#190924).\n\n - powerpc/pseries/dlpar: handle ibm, configure-connector\n delay status (bsc#1181985 ltc#188074).\n\n - powerpc/pseries: Do not enforce MSI affinity with kdump\n (bsc#1181655 ltc#190855).\n\n - powerpc/pseries/eeh: Make\n pseries_pcibios_bus_add_device() static (bsc#1078720,\n git-fixes).\n\n - powerpc/pseries: extract host bridge from pci_bus prior\n to bus removal (bsc#1182171 ltc#190900).\n\n - powerpc/pseries/hibernation: drop\n pseries_suspend_begin() from suspend ops (bsc#1181674\n ltc#189159).\n\n - powerpc/pseries/hibernation: pass stream id via function\n arguments (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/hibernation: perform post-suspend fixups\n later (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/hibernation: remove prepare_late()\n callback (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/hibernation: remove\n pseries_suspend_cpu() (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/hibernation: switch to\n rtas_ibm_suspend_me() (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/mobility: add missing break to default\n case (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/mobility: Add pr_debug() for device tree\n changes (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/mobility: do not error on absence of\n ibm, update-nodes (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/mobility: error message improvements\n (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/mobility: extract VASI session polling\n logic (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/mobility: refactor node lookup during DT\n update (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/mobility: retry partition suspend after\n error (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/mobility: Set pr_fmt() (bsc#1181674\n ltc#189159).\n\n - powerpc/pseries/mobility: signal suspend cancellation to\n platform (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/mobility: use rtas_activate_firmware()\n on resume (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/mobility: use stop_machine for\n join/suspend (bsc#1181674 ltc#189159).\n\n - powerpc/pseries/ras: Make init_ras_hotplug_IRQ() static\n (bsc#1065729. git-fixes).\n\n - powerpc/pseries: remove dlpar_cpu_readd() (bsc#1181674\n ltc#189159).\n\n - powerpc/pseries: remove memory 're-add' implementation\n (bsc#1181674 ltc#189159).\n\n - powerpc/pseries: remove obsolete memory hotplug DT\n notifier code (bsc#1181674 ltc#189159).\n\n - powerpc/pseries: remove prrn special case from DT update\n path (bsc#1181674 ltc#189159).\n\n - powerpc/rtas: add rtas_activate_firmware() (bsc#1181674\n ltc#189159).\n\n - powerpc/rtas: add rtas_ibm_suspend_me() (bsc#1181674\n ltc#189159).\n\n - powerpc/rtas: complete ibm,suspend-me status codes\n (bsc#1181674 ltc#189159).\n\n - powerpc/rtas: dispatch partition migration requests to\n pseries (bsc#1181674 ltc#189159).\n\n - powerpc/rtasd: simplify handle_rtas_event(), emit\n message on events (bsc#1181674 ltc#189159).\n\n - powerpc/rtas: prevent suspend-related sys_rtas use on LE\n (bsc#1181674 ltc#189159).\n\n - powerpc/rtas: remove rtas_ibm_suspend_me_unsafe()\n (bsc#1181674 ltc#189159).\n\n - powerpc/rtas: remove rtas_suspend_cpu() (bsc#1181674\n ltc#189159).\n\n - powerpc/rtas: remove unused rtas_suspend_last_cpu()\n (bsc#1181674 ltc#189159).\n\n - powerpc/rtas: remove unused rtas_suspend_me_data\n (bsc#1181674 ltc#189159).\n\n - powerpc/rtas: rtas_ibm_suspend_me ->\n rtas_ibm_suspend_me_unsafe (bsc#1181674 ltc#189159).\n\n - power: reset: at91-sama5d2_shdwc: fix wkupdbc mask\n (git-fixes).\n\n - pseries/drmem: do not cache node id in drmem_lmb struct\n (bsc#1132477 ltc#175530).\n\n - pseries/hotplug-memory: hot-add: skip redundant LMB\n lookup (bsc#1132477 ltc#175530).\n\n - qed: fix error return code in qed_iwarp_ll2_start()\n (git-fixes).\n\n - qed: Fix race condition between scheduling and\n destroying the slowpath workqueue (git-fixes).\n\n - qed: Populate nvm-file attributes while reading nvm\n config partition (git-fixes).\n\n - qed: select CONFIG_CRC32 (git-fixes).\n\n - qlcnic: fix missing release in\n qlcnic_83xx_interrupt_test (git-fixes).\n\n - quota: Fix memory leak when handling corrupted quota\n file (bsc#1182650).\n\n - quota: Sanity-check quota file headers on load\n (bsc#1182461).\n\n - r8169: fix resuming from suspend on RTL8105e if machine\n runs on battery (git-fixes).\n\n - r8169: fix WoL on shutdown if CONFIG_DEBUG_SHIRQ is set\n (git-fixes).\n\n - rcu/nocb: Perform deferred wake up before last idle's\n (git-fixes)\n\n - rcu/nocb: Trigger self-IPI on late deferred wake up\n before (git-fixes)\n\n - rcu: Pull deferred rcuog wake up to rcu_eqs_enter()\n callers (git-fixes)\n\n - RDMA/efa: Add EFA 0xefa1 PCI ID (bsc#1176248).\n\n - RDMA/efa: Count admin commands errors (bsc#1176248).\n\n - RDMA/efa: Count mmap failures (bsc#1176248).\n\n - RDMA/efa: Do not delay freeing of DMA pages\n (bsc#1176248).\n\n - RDMA/efa: Drop double zeroing for sg_init_table()\n (bsc#1176248).\n\n - RDMA/efa: Expose maximum TX doorbell batch\n (bsc#1176248).\n\n - RDMA/efa: Expose minimum SQ size (bsc#1176248).\n\n - RDMA/efa: Fix setting of wrong bit in get/set_feature\n commands (bsc#1176248).\n\n - RDMA/efa: Properly document the interrupt mask register\n (bsc#1176248).\n\n - RDMA/efa: Remove redundant udata check from alloc\n ucontext response (bsc#1176248).\n\n - RDMA/efa: Report create CQ error counter (bsc#1176248).\n\n - RDMA/efa: Report host information to the device\n (bsc#1176248).\n\n - RDMA/efa: Unified getters/setters for device structs\n bitmask access (bsc#1176248).\n\n - RDMA/efa: Use in-kernel offsetofend() to check field\n availability (bsc#1176248).\n\n - RDMA/efa: User/kernel compatibility handshake mechanism\n (bsc#1176248).\n\n - RDMA/efa: Use the correct current and new states in\n modify QP (git-fixes).\n\n - regulator: axp20x: Fix reference cout leak (git-fixes).\n\n - regulator: core: Avoid debugfs: Directory ... already\n present! error (git-fixes).\n\n - regulator: core: avoid regulator_resolve_supply() race\n condition (git-fixes).\n\n - regulator: Fix lockdep warning resolving supplies\n (git-fixes).\n\n - regulator: s5m8767: Drop regulators OF node reference\n (git-fixes).\n\n - regulator: s5m8767: Fix reference count leak\n (git-fixes).\n\n - reiserfs: add check for an invalid ih_entry_count\n (bsc#1182462).\n\n - Remove debug patch for boot failure (bsc#1182602\n ltc#190924). \n\n - reset: hisilicon: correct vendor prefix (git-fixes).\n\n - Revert 'ibmvnic: remove never executed if statement'\n (jsc#SLE-17043 bsc#1179243 ltc#189290).\n\n - Revert 'net: bcmgenet: remove unused function in\n bcmgenet.c' (git-fixes).\n\n - Revert 'platform/x86: ideapad-laptop: Switch touchpad\n attribute to be RO' (git-fixes).\n\n - Revert 'RDMA/mlx5: Fix devlink deadlock on net namespace\n deletion' (jsc#SLE-8464).\n\n - rpm/kernel-subpackage-build: Workaround broken bot\n (https://github.com/openSUSE/openSUSE-release-tools/issu\n es/2439)\n\n - rpm/post.sh: Avoid purge-kernel for the first installed\n kernel (bsc#1180058)\n\n - rtc: s5m: select REGMAP_I2C (git-fixes).\n\n - rxrpc: Fix memory leak in rxrpc_lookup_local\n (bsc#1154353 bnc#1151927 5.3.9).\n\n - s390/vfio-ap: clean up vfio_ap resources when KVM\n pointer invalidated (git-fixes).\n\n - s390/vfio-ap: No need to disable IRQ after queue reset\n (git-fixes).\n\n - sched: Reenable interrupts in do_sched_yield()\n (git-fixes)\n\n - scsi: lpfc: Fix EEH encountering oops with NVMe traffic\n (bsc#1181958).\n\n - sh_eth: check sh_eth_cpu_data::cexcr when dumping\n registers (git-fixes).\n\n - sh_eth: check sh_eth_cpu_data::no_tx_cntrs when dumping\n registers (git-fixes).\n\n - sh_eth: check sh_eth_cpu_data::no_xdfar when dumping\n registers (git-fixes).\n\n - smp: Add source and destination CPUs to\n __call_single_data (bsc#1180846).\n\n - smsc95xx: avoid memory leak in smsc95xx_bind\n (git-fixes).\n\n - smsc95xx: check return value of smsc95xx_reset\n (git-fixes).\n\n - soc: aspeed: snoop: Add clock control logic (git-fixes).\n\n - spi: atmel: Put allocated master before return\n (git-fixes).\n\n - spi: pxa2xx: Fix the controller numbering for Wildcat\n Point (git-fixes).\n\n - spi: spi-synquacer: fix set_cs handling (git-fixes).\n\n - spi: stm32: properly handle 0 byte transfer (git-fixes).\n\n - squashfs: add more sanity checks in id lookup (git-fixes\n bsc#1182266).\n\n - squashfs: add more sanity checks in inode lookup\n (git-fixes bsc#1182267).\n\n - squashfs: add more sanity checks in xattr id lookup\n (git-fixes bsc#1182268).\n\n - staging: rtl8723bs: wifi_regd.c: Fix incorrect number of\n regulatory rules (git-fixes).\n\n - target: disallow emulate_legacy_capacity with RBD\n object-map (bsc#1177109).\n\n - team: set dev->needed_headroom in team_setup_by_port()\n (git-fixes).\n\n - tpm: Remove tpm_dev_wq_lock (git-fixes).\n\n - tpm_tis: Clean up locality release (git-fixes).\n\n - tpm_tis: Fix check_locality for correct locality\n acquisition (git-fixes).\n\n - tracing: Check length before giving out the filter\n buffer (git-fixes).\n\n - tracing: Do not count ftrace events in top level enable\n output (git-fixes).\n\n - tracing/kprobe: Fix to support kretprobe events on\n unloaded modules (git-fixes).\n\n - tracing/kprobes: Do the notrace functions check without\n kprobes on ftrace (git-fixes).\n\n - tun: fix return value when the number of iovs exceeds\n MAX_SKB_FRAGS (git-fixes).\n\n - ubifs: Fix error return code in\n ubifs_init_authentication() (bsc#1182459).\n\n - ubifs: Fix ubifs_tnc_lookup() usage in do_kill_orphans()\n (bsc#1182454).\n\n - ubifs: prevent creating duplicate encrypted filenames\n (bsc#1182457).\n\n - ubifs: ubifs_add_orphan: Fix a memory leak bug\n (bsc#1182456).\n\n - ubifs: ubifs_jnl_write_inode: Fix a memory leak bug\n (bsc#1182455). \n\n - ubifs: wbuf: Do not leak kernel memory to flash\n (bsc#1182458).\n\n - Update config files: activate CONFIG_CSD_LOCK_WAIT_DEBUG\n for x86 (bsc#1180846).\n\n - Update config files: armv7hl: Set ledtrig-default-on as\n builtin (bsc#1182128)\n\n - Update config files: Set ledtrig-default-on as builtin\n (bsc#1182128)\n\n - USB: dwc2: Abort transaction after errors with unknown\n reason (git-fixes).\n\n - USB: dwc2: Fix endpoint direction check in\n ep_from_windex (git-fixes).\n\n - USB: dwc2: Make 'trimming xfer length' a debug message\n (git-fixes).\n\n - USB: dwc3: fix clock issue during resume in OTG mode\n (git-fixes).\n\n - USB: gadget: legacy: fix an error code in eth_bind()\n (git-fixes).\n\n - USB: gadget: u_audio: Free requests only after callback\n (git-fixes).\n\n - USB: musb: Fix runtime PM race in musb_queue_resume_work\n (git-fixes).\n\n - USB: quirks: add quirk to start video capture on ELMO\n L-12F document camera reliable (git-fixes).\n\n - USB: quirks: sort quirk entries (git-fixes).\n\n - USB: renesas_usbhs: Clear pipe running flag in\n usbhs_pkt_pop() (git-fixes).\n\n - USB: serial: cp210x: add new VID/PID for supporting\n Teraoka AD2000 (git-fixes).\n\n - USB: serial: cp210x: add pid/vid for WSDA-200-USB\n (git-fixes).\n\n - USB: serial: mos7720: fix error code in mos7720_write()\n (git-fixes).\n\n - USB: serial: mos7720: improve OOM-handling in\n read_mos_reg() (git-fixes).\n\n - USB: serial: mos7840: fix error code in mos7840_write()\n (git-fixes).\n\n - USB: serial: option: Adding support for Cinterion MV31\n (git-fixes).\n\n - USB: usblp: do not call usb_set_interface if there's a\n single alt (git-fixes).\n\n - veth: Adjust hard_start offset on redirect XDP frames\n (git-fixes).\n\n - vfs: Convert squashfs to use the new mount API\n (git-fixes bsc#1182265).\n\n - virtio_net: Fix error code in probe() (git-fixes).\n\n - virtio_net: Fix recursive call to cpus_read_lock()\n (git-fixes).\n\n - virtio_net: Keep vnet header zeroed if XDP is loaded for\n small buffer (git-fixes).\n\n - virt: vbox: Do not use wait_event_interruptible when\n called from kernel context (git-fixes).\n\n - vmxnet3: Remove buf_info from device accessible\n structures (bsc#1181671).\n\n - vxlan: fix memleak of fdb (git-fixes).\n\n - wext: fix NULL-ptr-dereference with cfg80211's lack of\n commit() (git-fixes).\n\n - writeback: Drop I_DIRTY_TIME_EXPIRE (bsc#1182460).\n\n - x86/alternatives: Sync bp_patching update for avoiding\n NULL pointer exception (bsc#1152489).\n\n - x86/apic: Add extra serialization for non-serializing\n MSRs (bsc#1152489).\n\n - x86/apic: Support 15 bits of APIC ID in IOAPIC/MSI where\n available (bsc#1181259, jsc#ECO-3191).\n\n - x86/ioapic: Handle Extended Destination ID field in RTE\n (bsc#1181259, jsc#ECO-3191).\n\n - x86/kvm: Add KVM_FEATURE_MSI_EXT_DEST_ID (bsc#1181259,\n jsc#ECO-3191).\n\n - x86/kvm: Reserve KVM_FEATURE_MSI_EXT_DEST_ID\n (bsc#1181259 jsc#ECO-3191).\n\n - x86/msi: Only use high bits of MSI address for DMAR unit\n (bsc#1181259, jsc#ECO-3191).\n\n - xen/netback: avoid race in\n xenvif_rx_ring_slots_available() (bsc#1065600).\n\n - xen/netback: fix spurious event detection for common\n event case (bsc#1182175).\n\n - xfs: ensure inobt record walks always make forward\n progress (git-fixes bsc#1182272).\n\n - xfs: fix an ABBA deadlock in xfs_rename (git-fixes\n bsc#1182558).\n\n - xfs: fix parent pointer scrubber bailing out on\n unallocated inodes (git-fixes bsc#1182276).\n\n - xfs: fix the forward progress assertion in\n xfs_iwalk_run_callbacks (git-fixes bsc#1182430).\n\n - xfs: fix the minrecs logic when dealing with inode root\n child blocks (git-fixes bsc#1182273).\n\n - xfs: ratelimit xfs_discard_page messages (bsc#1182283).\n\n - xfs: reduce quota reservation when doing a dax unwritten\n extent conversion (git-fixes bsc#1182561).\n\n - xfs: return corresponding errcode if\n xfs_initialize_perag() fail (git-fixes bsc#1182275).\n\n - xfs: scrub should mark a directory corrupt if any\n entries cannot be iget'd (git-fixes bsc#1182278).\n\n - xfs: strengthen rmap record flags checking (git-fixes\n bsc#1182271).\n\n - xhci: fix bounce buffer usage for non-sg list case\n (git-fixes).\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1078720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1081134\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1084610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1132477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1151927\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1155518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1163776\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1169514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1170442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176248\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177326\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1177529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178142\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179137\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179243\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1179929\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1180058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1180846\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1180964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1180989\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181259\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181710\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181735\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181736\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181738\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181747\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181753\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181818\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182047\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182118\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182128\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182171\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182175\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182259\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182265\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182266\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182267\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182268\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182271\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182272\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182273\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182275\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182276\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182380\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182406\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182430\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182439\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182441\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182443\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182459\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182464\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182466\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182490\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182560\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182561\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182626\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182676\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182684\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182697\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182798\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182800\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1182856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/openSUSE/openSUSE-release-tools/issues/2439\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected the Linux Kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29368\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-26930\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-base-rebuild\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-docs-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-kvmsmall-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-obs-qa\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-preempt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-source-vanilla\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-5.3.18-lp152.66.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-debuginfo-5.3.18-lp152.66.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-debugsource-5.3.18-lp152.66.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-devel-5.3.18-lp152.66.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-debug-devel-debuginfo-5.3.18-lp152.66.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-5.3.18-lp152.66.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-base-5.3.18-lp152.66.2.lp152.8.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-base-rebuild-5.3.18-lp152.66.2.lp152.8.23.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-debuginfo-5.3.18-lp152.66.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-debugsource-5.3.18-lp152.66.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-devel-5.3.18-lp152.66.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-default-devel-debuginfo-5.3.18-lp152.66.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-devel-5.3.18-lp152.66.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-docs-html-5.3.18-lp152.66.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-5.3.18-lp152.66.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-debuginfo-5.3.18-lp152.66.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-debugsource-5.3.18-lp152.66.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-devel-5.3.18-lp152.66.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-kvmsmall-devel-debuginfo-5.3.18-lp152.66.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-macros-5.3.18-lp152.66.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-obs-build-5.3.18-lp152.66.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-obs-build-debugsource-5.3.18-lp152.66.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-obs-qa-5.3.18-lp152.66.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-5.3.18-lp152.66.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-debuginfo-5.3.18-lp152.66.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-debugsource-5.3.18-lp152.66.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-devel-5.3.18-lp152.66.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-preempt-devel-debuginfo-5.3.18-lp152.66.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-source-5.3.18-lp152.66.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-source-vanilla-5.3.18-lp152.66.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"kernel-syms-5.3.18-lp152.66.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-debug / kernel-debug-debuginfo / kernel-debug-debugsource / etc\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-13T15:03:23", "description": "The SUSE Linux Enterprise 15 SP2 kernel RT was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843).\n\nCVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753).\n\nCVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747). by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372).\n\nCVE-2020-12362: Fixed an integer overflow in the firmware which may have allowed a privileged user to potentially enable an escalation of privilege via local access (bsc#1181720).\n\nCVE-2020-12363: Fixed an improper input validation which may have allowed a privileged user to potentially enable a denial of service via local access (bsc#1181735).\n\nCVE-2020-12364: Fixed a NULL pointer reference which may have allowed a privileged user to potentially enable a denial of service via local access (bsc#1181736 ).\n\nCVE-2020-12373: Fixed an expired pointer dereference which may have allowed a privileged user to potentially enable a denial of service via local access (bsc#1181738).\n\nCVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0735-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364", "CVE-2020-12373", "CVE-2020-29368", "CVE-2020-29374", "CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt", "p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt", "p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt", "p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt-devel", "p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel", "p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-0735-1.NASL", "href": "https://www.tenable.com/plugins/nessus/147591", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0735-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147591);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-12362\",\n \"CVE-2020-12363\",\n \"CVE-2020-12364\",\n \"CVE-2020-12373\",\n \"CVE-2020-29368\",\n \"CVE-2020-29374\",\n \"CVE-2021-26930\",\n \"CVE-2021-26931\",\n \"CVE-2021-26932\"\n );\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2021:0735-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP2 kernel RT was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-26930: Fixed an improper error handling in blkback's grant\nmapping (XSA-365 bsc#1181843).\n\nCVE-2021-26931: Fixed an issue where Linux kernel was treating grant\nmapping errors as bugs (XSA-362 bsc#1181753).\n\nCVE-2021-26932: Fixed improper error handling issues in Linux grant\nmapping (XSA-361 bsc#1181747). by remote attackers to read or write\nfiles via directory traversal in an XCOPY request (bsc#178372).\n\nCVE-2020-12362: Fixed an integer overflow in the firmware which may\nhave allowed a privileged user to potentially enable an escalation of\nprivilege via local access (bsc#1181720).\n\nCVE-2020-12363: Fixed an improper input validation which may have\nallowed a privileged user to potentially enable a denial of service\nvia local access (bsc#1181735).\n\nCVE-2020-12364: Fixed a NULL pointer reference which may have allowed\na privileged user to potentially enable a denial of service via local\naccess (bsc#1181736 ).\n\nCVE-2020-12373: Fixed an expired pointer dereference which may have\nallowed a privileged user to potentially enable a denial of service\nvia local access (bsc#1181738).\n\nCVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write\nimplementation which could have granted unintended write access\nbecause of a race condition in a THP mapcount check (bsc#1179660,\nbsc#1179428).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1081134\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151927\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163776\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176248\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177326\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178142\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179137\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179243\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179929\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180846\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180989\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181259\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181710\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181735\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181736\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181738\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181747\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181753\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181818\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182047\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182118\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182128\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182171\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182175\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182259\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182265\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182266\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182267\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182268\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182271\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182272\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182273\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182275\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182276\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182380\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182406\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182430\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182439\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182441\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182443\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182459\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182464\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182466\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182490\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182560\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182561\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182626\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182676\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182684\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182798\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182800\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-12362/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-12363/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-12364/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-12373/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29368/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29374/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26930/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26931/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26932/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210735-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?00896749\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Realtime 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-RT-15-SP2-2021-735=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29368\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-26930\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-rt_debug-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-5.3.18-28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"cluster-md-kmp-rt-debuginfo-5.3.18-28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-5.3.18-28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"dlm-kmp-rt-debuginfo-5.3.18-28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-5.3.18-28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"gfs2-kmp-rt-debuginfo-5.3.18-28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-5.3.18-28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-debuginfo-5.3.18-28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-debugsource-5.3.18-28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-devel-5.3.18-28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt-devel-debuginfo-5.3.18-28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debuginfo-5.3.18-28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-debugsource-5.3.18-28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-5.3.18-28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-rt_debug-devel-debuginfo-5.3.18-28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-syms-rt-5.3.18-28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-5.3.18-28.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"ocfs2-kmp-rt-debuginfo-5.3.18-28.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-13T15:06:48", "description": "The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843).\n\nCVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753).\n\nCVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747). by remote attackers to read or write files via directory traversal in an XCOPY request (bsc#178372).\n\nCVE-2020-12362: Fixed an integer overflow in the firmware which may have allowed a privileged user to potentially enable an escalation of privilege via local access (bsc#1181720).\n\nCVE-2020-12363: Fixed an improper input validation which may have allowed a privileged user to potentially enable a denial of service via local access (bsc#1181735).\n\nCVE-2020-12364: Fixed a NULL pointer reference which may have allowed a privileged user to potentially enable a denial of service via local access (bsc#1181736 ).\n\nCVE-2020-12373: Fixed an expired pointer dereference which may have allowed a privileged user to potentially enable a denial of service via local access (bsc#1181738).\n\nCVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:0741-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364", "CVE-2020-12373", "CVE-2020-29368", "CVE-2020-29374", "CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource", "p-cpe:/a:novell:suse_linux:kernel-preempt", "p-cpe:/a:novell:suse_linux:kernel-preempt-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-preempt-debugsource", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-0741-1.NASL", "href": "https://www.tenable.com/plugins/nessus/147579", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0741-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147579);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-12362\",\n \"CVE-2020-12363\",\n \"CVE-2020-12364\",\n \"CVE-2020-12373\",\n \"CVE-2020-29368\",\n \"CVE-2020-29374\",\n \"CVE-2021-26930\",\n \"CVE-2021-26931\",\n \"CVE-2021-26932\"\n );\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : kernel (SUSE-SU-2021:0741-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-26930: Fixed an improper error handling in blkback's grant\nmapping (XSA-365 bsc#1181843).\n\nCVE-2021-26931: Fixed an issue where Linux kernel was treating grant\nmapping errors as bugs (XSA-362 bsc#1181753).\n\nCVE-2021-26932: Fixed improper error handling issues in Linux grant\nmapping (XSA-361 bsc#1181747). by remote attackers to read or write\nfiles via directory traversal in an XCOPY request (bsc#178372).\n\nCVE-2020-12362: Fixed an integer overflow in the firmware which may\nhave allowed a privileged user to potentially enable an escalation of\nprivilege via local access (bsc#1181720).\n\nCVE-2020-12363: Fixed an improper input validation which may have\nallowed a privileged user to potentially enable a denial of service\nvia local access (bsc#1181735).\n\nCVE-2020-12364: Fixed a NULL pointer reference which may have allowed\na privileged user to potentially enable a denial of service via local\naccess (bsc#1181736 ).\n\nCVE-2020-12373: Fixed an expired pointer dereference which may have\nallowed a privileged user to potentially enable a denial of service\nvia local access (bsc#1181738).\n\nCVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write\nimplementation which could have granted unintended write access\nbecause of a race condition in a THP mapcount check (bsc#1179660,\nbsc#1179428).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1078720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1081134\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1084610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1151927\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152472\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1155518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1156395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163776\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169514\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1170442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176248\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177326\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1177529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178142\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179082\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179137\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179243\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179929\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180058\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180846\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180964\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180989\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181259\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181671\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181710\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181735\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181736\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181738\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181747\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181753\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181818\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181958\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181985\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182047\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182110\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182118\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182128\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182171\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182175\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182259\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182265\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182266\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182267\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182268\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182271\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182272\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182273\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182275\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182276\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182341\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182380\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182406\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182430\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182439\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182441\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182443\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182445\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182447\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182449\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182456\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182458\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182459\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182461\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182463\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182464\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182466\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182490\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182560\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182561\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182626\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182672\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182676\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182684\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182798\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182800\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182856\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-12362/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-12363/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-12364/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-12373/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29368/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29374/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26930/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26931/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26932/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210741-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8a293bd0\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE MicroOS 5.0 :\n\nzypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-741=1\n\nSUSE Linux Enterprise Workstation Extension 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-741=1\n\nSUSE Linux Enterprise Module for Live Patching 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2021-741=1\n\nSUSE Linux Enterprise Module for Legacy Software 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Legacy-15-SP2-2021-741=1\n\nSUSE Linux Enterprise Module for Development Tools 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP2-2021-741=1\n\nSUSE Linux Enterprise Module for Basesystem 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-741=1\n\nSUSE Linux Enterprise High Availability 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Product-HA-15-SP2-2021-741=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-29368\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-26930\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-5.3.18-24.52.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debuginfo-5.3.18-24.52.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debugsource-5.3.18-24.52.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-5.3.18-24.52.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-debuginfo-5.3.18-24.52.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-5.3.18-24.52.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-base-5.3.18-24.52.1.9.24.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-debuginfo-5.3.18-24.52.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-debugsource-5.3.18-24.52.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-devel-5.3.18-24.52.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-default-devel-debuginfo-5.3.18-24.52.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-obs-build-5.3.18-24.52.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-obs-build-debugsource-5.3.18-24.52.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"kernel-syms-5.3.18-24.52.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"reiserfs-kmp-default-5.3.18-24.52.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"reiserfs-kmp-default-debuginfo-5.3.18-24.52.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-5.3.18-24.52.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debuginfo-5.3.18-24.52.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-debugsource-5.3.18-24.52.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-5.3.18-24.52.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", cpu:\"x86_64\", reference:\"kernel-preempt-devel-debuginfo-5.3.18-24.52.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-5.3.18-24.52.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-base-5.3.18-24.52.1.9.24.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-debuginfo-5.3.18-24.52.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-debugsource-5.3.18-24.52.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-devel-5.3.18-24.52.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-default-devel-debuginfo-5.3.18-24.52.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-obs-build-5.3.18-24.52.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-obs-build-debugsource-5.3.18-24.52.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"2\", reference:\"kernel-syms-5.3.18-24.52.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:55:22", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to the execution of arbitrary code, privilege escalation, denial of service, or information leaks.\n\nCVE-2020-27170, CVE-2020-27171\n\nPiotr Krysiuk discovered flaws in the BPF subsystem's checks for information leaks through speculative execution. A local user could use these to obtain sensitive information from kernel memory.\n\nCVE-2021-3348\n\nADlab of venustech discovered a race condition in the nbd block driver that can lead to a use-after-free. A local user with access to an nbd block device could use this to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2021-3428\n\nWolfgang Frisch reported a potential integer overflow in the ext4 filesystem driver. A user permitted to mount arbitrary filesystem images could use this to cause a denial of service (crash).\n\nCVE-2021-26930 (XSA-365)\n\nOlivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H.\nSchönherr discovered that the Xen block backend driver (xen-blkback) did not handle grant mapping errors correctly. A malicious guest could exploit this bug to cause a denial of service (crash), or possibly an information leak or privilege escalation, within the domain running the backend, which is typically dom0.\n\nCVE-2021-26931 (XSA-362), CVE-2021-26932 (XSA-361), CVE-2021-28038 (XSA-367)\n\nJan Beulich discovered that the Xen support code and various Xen backend drivers did not handle grant mapping errors correctly. A malicious guest could exploit these bugs to cause a denial of service (crash) within the domain running the backend, which is typically dom0.\n\nCVE-2021-27363\n\nAdam Nichols reported that the iSCSI initiator subsystem did not properly restrict access to transport handle attributes in sysfs. On a system acting as an iSCSI initiator, this is an information leak to local users and makes it easier to exploit CVE-2021-27364.\n\nCVE-2021-27364\n\nAdam Nichols reported that the iSCSI initiator subsystem did not properly restrict access to its netlink management interface. On a system acting as an iSCSI initiator, a local user could use these to cause a denial of service (disconnection of storage) or possibly for privilege escalation.\n\nCVE-2021-27365\n\nAdam Nichols reported that the iSCSI initiator subsystem did not correctly limit the lengths of parameters or 'passthrough PDUs' sent through its netlink management interface. On a system acting as an iSCSI initiator, a local user could use these to leak the contents of kernel memory, to cause a denial of service (kernel memory corruption or crash), and probably for privilege escalation.\n\nCVE-2021-28660\n\nIt was discovered that the rtl8188eu WiFi driver did not correctly limit the length of SSIDs copied into scan results. An attacker within WiFi range could use this to cause a denial of service (crash or memory corruption) or possibly to execute code on a vulnerable system.\n\nFor Debian 9 stretch, these problems have been fixed in version 4.19.181-1~deb9u1. This update additionally fixes Debian bug #983595, and includes many more bug fixes from stable updates 4.19.172-4.19.181 inclusive.\n\nWe recommend that you upgrade your linux-4.19 packages.\n\nFor the detailed security status of linux-4.19 please refer to its security tracker page at:\nhttps://security-tracker.debian.org/tracker/linux-4.19\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-31T00:00:00", "type": "nessus", "title": "Debian DLA-2610-1 : linux-4.19 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-27170", "CVE-2020-27171", "CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-28038", "CVE-2021-28660", "CVE-2021-3348", "CVE-2021-3428"], "modified": "2021-04-02T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-config-4.19", "p-cpe:/a:debian:debian_linux:linux-doc-4.19", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-cloud-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-marvell", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rpi", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.19", "p-cpe:/a:debian:debian_linux:linux-perf-4.19", "p-cpe:/a:debian:debian_linux:linux-source-4.19", "p-cpe:/a:debian:debian_linux:linux-support-4.19.0-0.bpo.10", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2610.NASL", "href": "https://www.tenable.com/plugins/nessus/148254", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2610-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(148254);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/02\");\n\n script_cve_id(\"CVE-2020-27170\", \"CVE-2020-27171\", \"CVE-2021-26930\", \"CVE-2021-26931\", \"CVE-2021-26932\", \"CVE-2021-27363\", \"CVE-2021-27364\", \"CVE-2021-27365\", \"CVE-2021-28038\", \"CVE-2021-28660\", \"CVE-2021-3348\", \"CVE-2021-3428\");\n\n script_name(english:\"Debian DLA-2610-1 : linux-4.19 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to the execution of arbitrary code, privilege escalation,\ndenial of service, or information leaks.\n\nCVE-2020-27170, CVE-2020-27171\n\nPiotr Krysiuk discovered flaws in the BPF subsystem's checks for\ninformation leaks through speculative execution. A local user could\nuse these to obtain sensitive information from kernel memory.\n\nCVE-2021-3348\n\nADlab of venustech discovered a race condition in the nbd block driver\nthat can lead to a use-after-free. A local user with access to an nbd\nblock device could use this to cause a denial of service (crash or\nmemory corruption) or possibly for privilege escalation.\n\nCVE-2021-3428\n\nWolfgang Frisch reported a potential integer overflow in the ext4\nfilesystem driver. A user permitted to mount arbitrary filesystem\nimages could use this to cause a denial of service (crash).\n\nCVE-2021-26930 (XSA-365)\n\nOlivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H.\nSchönherr discovered that the Xen block backend driver\n(xen-blkback) did not handle grant mapping errors correctly. A\nmalicious guest could exploit this bug to cause a denial of service\n(crash), or possibly an information leak or privilege escalation,\nwithin the domain running the backend, which is typically dom0.\n\nCVE-2021-26931 (XSA-362), CVE-2021-26932 (XSA-361), CVE-2021-28038\n(XSA-367)\n\nJan Beulich discovered that the Xen support code and various Xen\nbackend drivers did not handle grant mapping errors correctly. A\nmalicious guest could exploit these bugs to cause a denial of service\n(crash) within the domain running the backend, which is typically\ndom0.\n\nCVE-2021-27363\n\nAdam Nichols reported that the iSCSI initiator subsystem did not\nproperly restrict access to transport handle attributes in sysfs. On a\nsystem acting as an iSCSI initiator, this is an information leak to\nlocal users and makes it easier to exploit CVE-2021-27364.\n\nCVE-2021-27364\n\nAdam Nichols reported that the iSCSI initiator subsystem did not\nproperly restrict access to its netlink management interface. On a\nsystem acting as an iSCSI initiator, a local user could use these to\ncause a denial of service (disconnection of storage) or possibly for\nprivilege escalation.\n\nCVE-2021-27365\n\nAdam Nichols reported that the iSCSI initiator subsystem did not\ncorrectly limit the lengths of parameters or 'passthrough PDUs' sent\nthrough its netlink management interface. On a system acting as an\niSCSI initiator, a local user could use these to leak the contents of\nkernel memory, to cause a denial of service (kernel memory corruption\nor crash), and probably for privilege escalation.\n\nCVE-2021-28660\n\nIt was discovered that the rtl8188eu WiFi driver did not correctly\nlimit the length of SSIDs copied into scan results. An attacker within\nWiFi range could use this to cause a denial of service (crash or\nmemory corruption) or possibly to execute code on a vulnerable system.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.19.181-1~deb9u1. This update additionally fixes Debian bug #983595,\nand includes many more bug fixes from stable updates 4.19.172-4.19.181\ninclusive.\n\nWe recommend that you upgrade your linux-4.19 packages.\n\nFor the detailed security status of linux-4.19 please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/linux-4.19\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux-4.19\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux-4.19\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-config-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-cloud-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.19.0-0.bpo.10-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rpi-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.19.0-0.bpo.10-rt-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.19\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.19.0-0.bpo.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"linux-config-4.19\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.19\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-686\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-686-pae\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-amd64\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-arm64\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-armel\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-armhf\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-all-i386\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-amd64\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-arm64\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-armmp\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-armmp-lpae\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-cloud-amd64\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-common\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-common-rt\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-marvell\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rpi\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-686-pae\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-amd64\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-arm64\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.19.0-0.bpo.10-rt-armmp\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-dbg\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-pae\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-686-pae-dbg\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-amd64\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-amd64-dbg\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-arm64\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-arm64-dbg\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-dbg\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-lpae\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-armmp-lpae-dbg\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-cloud-amd64\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-cloud-amd64-dbg\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-marvell\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-marvell-dbg\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rpi\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rpi-dbg\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-686-pae\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-686-pae-dbg\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-amd64\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-amd64-dbg\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-arm64\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-arm64-dbg\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-armmp\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.19.0-0.bpo.10-rt-armmp-dbg\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.19\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.19\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.19\", reference:\"4.19.181-1~deb9u1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.19.0-0.bpo.10\", reference:\"4.19.181-1~deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-18T14:38:28", "description": "According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (CVE-2021-22600)\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. (CVE-2021-26932)\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as 'driver domains'.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4. (CVE-2021-32078)\n\n - In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-150694665References: Upstream kernel (CVE-2021-39633)\n\n - In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210292376References: Upstream kernel (CVE-2021-39685)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. (CVE-2021-44733)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. (CVE-2021-45486)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. (CVE-2022-0330)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8, "vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-05-05T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.1 : kernel (EulerOS-SA-2022-1607)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-22600", "CVE-2021-26932", "CVE-2021-28711", "CVE-2021-28712", "CVE-2021-28713", "CVE-2021-32078", "CVE-2021-39633", "CVE-2021-39685", "CVE-2021-4155", "CVE-2021-4157", "CVE-2021-4159", "CVE-2021-4197", "CVE-2021-4203", "CVE-2021-44733", "CVE-2021-45485", "CVE-2021-45486", "CVE-2022-0322", "CVE-2022-0330", "CVE-2022-22942"], "modified": "2022-05-05T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:uvp:2.9.1"], "id": "EULEROS_SA-2022-1607.NASL", "href": "https://www.tenable.com/plugins/nessus/160617", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160617);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/05\");\n\n script_cve_id(\n \"CVE-2021-4155\",\n \"CVE-2021-4157\",\n \"CVE-2021-4159\",\n \"CVE-2021-4197\",\n \"CVE-2021-4203\",\n \"CVE-2021-22600\",\n \"CVE-2021-26932\",\n \"CVE-2021-28711\",\n \"CVE-2021-28712\",\n \"CVE-2021-28713\",\n \"CVE-2021-32078\",\n \"CVE-2021-39633\",\n \"CVE-2021-39685\",\n \"CVE-2021-44733\",\n \"CVE-2021-45485\",\n \"CVE-2021-45486\",\n \"CVE-2022-0322\",\n \"CVE-2022-0330\",\n \"CVE-2022-22942\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/02\");\n\n script_name(english:\"EulerOS Virtualization 2.9.1 : kernel (EulerOS-SA-2022-1607)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through\n crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected\n versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (CVE-2021-22600)\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations\n often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success\n or failure of each one is reported to the backend driver, and the backend driver then loops over the\n results, performing follow-up actions based on the success or failure of each operation. Unfortunately,\n when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively\n implying their success from the success of related batch elements. In other cases, errors resulting from\n one batch element lead to further batch elements not being inspected, and hence successful ones to not be\n possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are\n vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and\n drivers/xen/gntdev.c. (CVE-2021-26932)\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to\n multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the\n ability to run PV backends in regular unprivileged guests, typically referred to as 'driver domains'.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets\n compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain\n could try to attack other guests via sending events at a high frequency leading to a Denial of Service in\n the guest due to trying to service interrupts for elongated amounts of time. There are three affected\n backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch\n 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel\n through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to\n element -2 of an array, aka CID-298a58e165e4. (CVE-2021-32078)\n\n - In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This\n could lead to local information disclosure with no additional execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-150694665References: Upstream kernel (CVE-2021-39633)\n\n - In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an\n incorrect flag check. This could lead to local escalation of privilege with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-210292376References: Upstream kernel (CVE-2021-39685)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in\n the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could\n potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces\n subsystem was found in the way users have access to some less privileged process that are controlled by\n cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of\n control groups. A local user could use this flaw to crash the system or escalate their privileges on the\n system. (CVE-2021-4197)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and\n SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a\n user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory\n object. (CVE-2021-44733)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information\n leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based\n attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak\n because the hash table is very small. (CVE-2021-45486)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network\n protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more\n buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the\n way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or\n escalate their privileges on the system. (CVE-2022-0330)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1607\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?eebfd9a3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4157\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.1\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"kernel-4.19.90-vhulk2103.1.0.h693.eulerosv2r9\",\n \"kernel-tools-4.19.90-vhulk2103.1.0.h693.eulerosv2r9\",\n \"kernel-tools-libs-4.19.90-vhulk2103.1.0.h693.eulerosv2r9\",\n \"python3-perf-4.19.90-vhulk2103.1.0.h693.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-06-18T14:33:06", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (CVE-2021-22600)\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c. (CVE-2021-26932)\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the ability to run PV backends in regular unprivileged guests, typically referred to as 'driver domains'.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain could try to attack other guests via sending events at a high frequency leading to a Denial of Service in the guest due to trying to service interrupts for elongated amounts of time. There are three affected backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to element -2 of an array, aka CID-298a58e165e4. (CVE-2021-32078)\n\n - In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-150694665References: Upstream kernel (CVE-2021-39633)\n\n - In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210292376References: Upstream kernel (CVE-2021-39685)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces subsystem was found in the way users have access to some less privileged process that are controlled by cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of control groups. A local user could use this flaw to crash the system or escalate their privileges on the system. (CVE-2021-4197)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object. (CVE-2021-44733)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. (CVE-2021-45486)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system. (CVE-2022-0330)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8, "vector": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2022-04-18T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : kernel (EulerOS-SA-2022-1429)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-22600", "CVE-2021-26932", "CVE-2021-28711", "CVE-2021-28712", "CVE-2021-28713", "CVE-2021-32078", "CVE-2021-39633", "CVE-2021-39685", "CVE-2021-4155", "CVE-2021-4157", "CVE-2021-4159", "CVE-2021-4197", "CVE-2021-4203", "CVE-2021-44733", "CVE-2021-45485", "CVE-2021-45486", "CVE-2022-0322", "CVE-2022-0330", "CVE-2022-22942"], "modified": "2022-04-18T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kernel", "p-cpe:/a:huawei:euleros:kernel-tools", "p-cpe:/a:huawei:euleros:kernel-tools-libs", "p-cpe:/a:huawei:euleros:python3-perf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1429.NASL", "href": "https://www.tenable.com/plugins/nessus/159815", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159815);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/18\");\n\n script_cve_id(\n \"CVE-2021-4155\",\n \"CVE-2021-4157\",\n \"CVE-2021-4159\",\n \"CVE-2021-4197\",\n \"CVE-2021-4203\",\n \"CVE-2021-22600\",\n \"CVE-2021-26932\",\n \"CVE-2021-28711\",\n \"CVE-2021-28712\",\n \"CVE-2021-28713\",\n \"CVE-2021-32078\",\n \"CVE-2021-39633\",\n \"CVE-2021-39685\",\n \"CVE-2021-44733\",\n \"CVE-2021-45485\",\n \"CVE-2021-45486\",\n \"CVE-2022-0322\",\n \"CVE-2022-0330\",\n \"CVE-2022-22942\"\n );\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/02\");\n\n script_name(english:\"EulerOS 2.0 SP9 : kernel (EulerOS-SA-2022-1429)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through\n crafted syscalls to escalate privileges or deny service. We recommend upgrading kernel past the effected\n versions or rebuilding past ec6af094ea28f0f2dda1a6a33b14cd57e36a9755 (CVE-2021-22600)\n\n - An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations\n often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success\n or failure of each one is reported to the backend driver, and the backend driver then loops over the\n results, performing follow-up actions based on the success or failure of each operation. Unfortunately,\n when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively\n implying their success from the success of related batch elements. In other cases, errors resulting from\n one batch element lead to further batch elements not being inspected, and hence successful ones to not be\n possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are\n vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and\n drivers/xen/gntdev.c. (CVE-2021-26932)\n\n - Rogue backends can cause DoS of guests via high frequency events T[his CNA information record relates to\n multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen offers the\n ability to run PV backends in regular unprivileged guests, typically referred to as 'driver domains'.\n Running PV backends in driver domains has one primary security advantage: if a driver domain gets\n compromised, it doesn't have the privileges to take over the system. However, a malicious driver domain\n could try to attack other guests via sending events at a high frequency leading to a Denial of Service in\n the guest due to trying to service interrupts for elongated amounts of time. There are three affected\n backends: * blkfront patch 1, CVE-2021-28711 * netfront patch 2, CVE-2021-28712 * hvc_xen (console) patch\n 3, CVE-2021-28713 (CVE-2021-28711, CVE-2021-28712, CVE-2021-28713)\n\n - An Out-of-Bounds Read was discovered in arch/arm/mach-footbridge/personal-pci.c in the Linux kernel\n through 5.12.11 because of the lack of a check for a value that shouldn't be negative, e.g., access to\n element -2 of an array, aka CID-298a58e165e4. (CVE-2021-32078)\n\n - In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access. This\n could lead to local information disclosure with no additional execution privileges needed. User\n interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID:\n A-150694665References: Upstream kernel (CVE-2021-39633)\n\n - In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an\n incorrect flag check. This could lead to local escalation of privilege with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-210292376References: Upstream kernel (CVE-2021-39685)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in\n the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could\n potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - An unprivileged write to the file handler flaw in the Linux kernel's control groups and namespaces\n subsystem was found in the way users have access to some less privileged process that are controlled by\n cgroups and have higher privileged parent process. It is actually both for cgroup2 and cgroup1 versions of\n control groups. A local user could use this flaw to crash the system or escalate their privileges on the\n system. (CVE-2021-4197)\n\n - A use-after-free read flaw was found in sock_getsockopt() in net/core/sock.c due to SO_PEERCRED and\n SO_PEERGROUPS race with listen() (and connect()) in the Linux kernel. In this flaw, an attacker with a\n user privileges may crash the system or leak internal kernel information. (CVE-2021-4203)\n\n - A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11.\n This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory\n object. (CVE-2021-44733)\n\n - In the IPv6 implementation in the Linux kernel before 5.13.3, net/ipv6/output_core.c has an information\n leak because of certain use of a hash table which, although big, doesn't properly consider that IPv6-based\n attackers can typically choose among many IPv6 source addresses. (CVE-2021-45485)\n\n - In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak\n because the hash table is very small. (CVE-2021-45486)\n\n - A flaw was found in the sctp_make_strreset_req function in net/sctp/sm_make_chunk.c in the SCTP network\n protocol in the Linux kernel with a local user privilege access. In this flaw, an attempt to use more\n buffer than is allocated triggers a BUG_ON issue, leading to a denial of service (DOS). (CVE-2022-0322)\n\n - A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the\n way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or\n escalate their privileges on the system. (CVE-2022-0330)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1429\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1420e1b9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4157\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"kernel-4.19.90-vhulk2103.1.0.h693.eulerosv2r9\",\n \"kernel-tools-4.19.90-vhulk2103.1.0.h693.eulerosv2r9\",\n \"kernel-tools-libs-4.19.90-vhulk2103.1.0.h693.eulerosv2r9\",\n \"python3-perf-4.19.90-vhulk2103.1.0.h693.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2022-05-13T15:09:41", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\nCVE-2019-19318, CVE-2019-19813, CVE-2019-19816\n\n'Team bobfuzzer' reported bugs in Btrfs that could lead to a use-after-free or heap buffer overflow, and could be triggered by crafted filesystem images. A user permitted to mount and access arbitrary filesystems could use these to cause a denial of service (crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2020-27815\n\nA flaw was reported in the JFS filesystem code allowing a local attacker with the ability to set extended attributes to cause a denial of service.\n\nCVE-2020-27825\n\nAdam 'pi3' Zabrocki reported a use-after-free flaw in the ftrace ring buffer resizing logic due to a race condition, which could result in denial of service or information leak.\n\nCVE-2020-28374\n\nDavid Disseldorp discovered that the LIO SCSI target implementation performed insufficient checking in certain XCOPY requests. An attacker with access to a LUN and knowledge of Unit Serial Number assignments can take advantage of this flaw to read and write to any LIO backstore, regardless of the SCSI transport settings.\n\nCVE-2020-29568 (XSA-349)\n\nMichael Kurth and Pawel Wieczorkiewicz reported that frontends can trigger OOM in backends by updating a watched path.\n\nCVE-2020-29569 (XSA-350)\n\nOlivier Benjamin and Pawel Wieczorkiewicz reported a use-after-free flaw which can be triggered by a block frontend in Linux blkback. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend.\n\nCVE-2020-29660\n\nJann Horn reported a locking inconsistency issue in the tty subsystem which may allow a local attacker to mount a read-after-free attack against TIOCGSID.\n\nCVE-2020-29661\n\nJann Horn reported a locking issue in the tty subsystem which can result in a use-after-free. A local attacker can take advantage of this flaw for memory corruption or privilege escalation.\n\nCVE-2020-36158\n\nA buffer overflow flaw was discovered in the mwifiex WiFi driver which could result in denial of service or the execution of arbitrary code via a long SSID value.\n\nCVE-2021-3178\n\n吴异 reported an information leak in the NFSv3 server.\nWhen only a subdirectory of a filesystem volume is exported, an NFS client listing the exported directory would obtain a file handle to the parent directory, allowing it to access files that were not meant to be exported.\n\nEven after this update, it is still possible for NFSv3 clients to guess valid file handles and access files outside an exported subdirectory, unless the 'subtree_check' export option is enabled. It is recommended that you do not use that option but only export whole filesystem volumes.\n\nCVE-2021-3347\n\nIt was discovered that PI futexes have a kernel stack use-after-free during fault handling. An unprivileged user could use this flaw to crash the kernel (resulting in denial of service) or for privilege escalation.\n\nCVE-2021-26930 (XSA-365)\n\nOlivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H.\nSchönherr discovered that the Xen block backend driver (xen-blkback) did not handle grant mapping errors correctly. A malicious guest could exploit this bug to cause a denial of service (crash), or possibly an information leak or privilege escalation, within the domain running the backend, which is typically dom0.\n\nCVE-2021-26931 (XSA-362), CVE-2021-26932 (XSA-361), CVE-2021-28038 (XSA-367)\n\nJan Beulich discovered that the Xen support code and various Xen backend drivers did not handle grant mapping errors correctly. A malicious guest could exploit these bugs to cause a denial of service (crash) within the domain running the backend, which is typically dom0.\n\nCVE-2021-27363\n\nAdam Nichols reported that the iSCSI initiator subsystem did not properly restrict access to transport handle attributes in sysfs. On a system acting as an iSCSI initiator, this is an information leak to local users and makes it easier to exploit CVE-2021-27364.\n\nCVE-2021-27364\n\nAdam Nichols reported that the iSCSI initiator subsystem did not properly restrict access to its netlink management interface. On a system acting as an iSCSI initiator, a local user could use these to cause a denial of service (disconnection of storage) or possibly for privilege escalation.\n\nCVE-2021-27365\n\nAdam Nichols reported that the iSCSI initiator subsystem did not correctly limit the lengths of parameters or 'passthrough PDUs' sent through its netlink management interface. On a system acting as an iSCSI initiator, a local user could use these to leak the contents of kernel memory, to cause a denial of service (kernel memory corruption or crash), and probably for privilege escalation.\n\nFor Debian 9 stretch, these problems have been fixed in version 4.9.258-1.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}, "published": "2021-03-10T00:00:00", "type": "nessus", "title": "Debian DLA-2586-1 : linux security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-19318", "CVE-2019-19813", "CVE-2019-19816", "CVE-2020-27815", "CVE-2020-27825", "CVE-2020-28374", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-29660", "CVE-2020-29661", "CVE-2020-36158", "CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-28038", "CVE-2021-3178", "CVE-2021-3347"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:hyperv-daemons", "p-cpe:/a:debian:debian_linux:libcpupower-dev", "p-cpe:/a:debian:debian_linux:libcpupower1", "p-cpe:/a:debian:debian_linux:libusbip-dev", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-arm", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-s390", "p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-x86", "p-cpe:/a:debian:debian_linux:linux-cpupower", "p-cpe:/a:debian:debian_linux:linux-doc-4.9", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armhf", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-i386", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips64el", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mipsel", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-ppc64el", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-s390x", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-loongson-3", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-marvell", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-octeon", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-s390x", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x", "p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x-dbg", "p-cpe:/a:debian:debian_linux:linux-kbuild-4.9", "p-cpe:/a:debian:debian_linux:linux-libc-dev", "p-cpe:/a:debian:debian_linux:linux-manual-4.9", "p-cpe:/a:debian:debian_linux:linux-perf-4.9", "p-cpe:/a:debian:debian_linux:linux-source-4.9", "p-cpe:/a:debian:debian_linux:linux-support-4.9.0-9", "p-cpe:/a:debian:debian_linux:usbip", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2586.NASL", "href": "https://www.tenable.com/plugins/nessus/147532", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2586-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(147532);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\"CVE-2019-19318\", \"CVE-2019-19813\", \"CVE-2019-19816\", \"CVE-2020-27815\", \"CVE-2020-27825\", \"CVE-2020-28374\", \"CVE-2020-29568\", \"CVE-2020-29569\", \"CVE-2020-29660\", \"CVE-2020-29661\", \"CVE-2020-36158\", \"CVE-2021-26930\", \"CVE-2021-26931\", \"CVE-2021-26932\", \"CVE-2021-27363\", \"CVE-2021-27364\", \"CVE-2021-27365\", \"CVE-2021-28038\", \"CVE-2021-3178\", \"CVE-2021-3347\");\n\n script_name(english:\"Debian DLA-2586-1 : linux security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2019-19318, CVE-2019-19813, CVE-2019-19816\n\n'Team bobfuzzer' reported bugs in Btrfs that could lead to a\nuse-after-free or heap buffer overflow, and could be triggered by\ncrafted filesystem images. A user permitted to mount and access\narbitrary filesystems could use these to cause a denial of service\n(crash or memory corruption) or possibly for privilege escalation.\n\nCVE-2020-27815\n\nA flaw was reported in the JFS filesystem code allowing a local\nattacker with the ability to set extended attributes to cause a denial\nof service.\n\nCVE-2020-27825\n\nAdam 'pi3' Zabrocki reported a use-after-free flaw in the ftrace ring\nbuffer resizing logic due to a race condition, which could result in\ndenial of service or information leak.\n\nCVE-2020-28374\n\nDavid Disseldorp discovered that the LIO SCSI target implementation\nperformed insufficient checking in certain XCOPY requests. An attacker\nwith access to a LUN and knowledge of Unit Serial Number assignments\ncan take advantage of this flaw to read and write to any LIO\nbackstore, regardless of the SCSI transport settings.\n\nCVE-2020-29568 (XSA-349)\n\nMichael Kurth and Pawel Wieczorkiewicz reported that frontends can\ntrigger OOM in backends by updating a watched path.\n\nCVE-2020-29569 (XSA-350)\n\nOlivier Benjamin and Pawel Wieczorkiewicz reported a use-after-free\nflaw which can be triggered by a block frontend in Linux blkback. A\nmisbehaving guest can trigger a dom0 crash by continuously connecting\n/ disconnecting a block frontend.\n\nCVE-2020-29660\n\nJann Horn reported a locking inconsistency issue in the tty subsystem\nwhich may allow a local attacker to mount a read-after-free attack\nagainst TIOCGSID.\n\nCVE-2020-29661\n\nJann Horn reported a locking issue in the tty subsystem which can\nresult in a use-after-free. A local attacker can take advantage of\nthis flaw for memory corruption or privilege escalation.\n\nCVE-2020-36158\n\nA buffer overflow flaw was discovered in the mwifiex WiFi driver which\ncould result in denial of service or the execution of arbitrary code\nvia a long SSID value.\n\nCVE-2021-3178\n\n吴异 reported an information leak in the NFSv3 server.\nWhen only a subdirectory of a filesystem volume is exported, an NFS\nclient listing the exported directory would obtain a file handle to\nthe parent directory, allowing it to access files that were not meant\nto be exported.\n\nEven after this update, it is still possible for NFSv3\nclients to guess valid file handles and access files outside\nan exported subdirectory, unless the 'subtree_check' export\noption is enabled. It is recommended that you do not use\nthat option but only export whole filesystem volumes.\n\nCVE-2021-3347\n\nIt was discovered that PI futexes have a kernel stack use-after-free\nduring fault handling. An unprivileged user could use this flaw to\ncrash the kernel (resulting in denial of service) or for privilege\nescalation.\n\nCVE-2021-26930 (XSA-365)\n\nOlivier Benjamin, Norbert Manthey, Martin Mazein, and Jan H.\nSchönherr discovered that the Xen block backend driver\n(xen-blkback) did not handle grant mapping errors correctly. A\nmalicious guest could exploit this bug to cause a denial of service\n(crash), or possibly an information leak or privilege escalation,\nwithin the domain running the backend, which is typically dom0.\n\nCVE-2021-26931 (XSA-362), CVE-2021-26932 (XSA-361), CVE-2021-28038\n(XSA-367)\n\nJan Beulich discovered that the Xen support code and various Xen\nbackend drivers did not handle grant mapping errors correctly. A\nmalicious guest could exploit these bugs to cause a denial of service\n(crash) within the domain running the backend, which is typically\ndom0.\n\nCVE-2021-27363\n\nAdam Nichols reported that the iSCSI initiator subsystem did not\nproperly restrict access to transport handle attributes in sysfs. On a\nsystem acting as an iSCSI initiator, this is an information leak to\nlocal users and makes it easier to exploit CVE-2021-27364.\n\nCVE-2021-27364\n\nAdam Nichols reported that the iSCSI initiator subsystem did not\nproperly restrict access to its netlink management interface. On a\nsystem acting as an iSCSI initiator, a local user could use these to\ncause a denial of service (disconnection of storage) or possibly for\nprivilege escalation.\n\nCVE-2021-27365\n\nAdam Nichols reported that the iSCSI initiator subsystem did not\ncorrectly limit the lengths of parameters or 'passthrough PDUs' sent\nthrough its netlink management interface. On a system acting as an\niSCSI initiator, a local user could use these to leak the contents of\nkernel memory, to cause a denial of service (kernel memory corruption\nor crash), and probably for privilege escalation.\n\nFor Debian 9 stretch, these problems have been fixed in version\n4.9.258-1.\n\nWe recommend that you upgrade your linux packages.\n\nFor the detailed security status of linux please refer to its security\ntracker page at: https://security-tracker.debian.org/tracker/linux\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2021/03/msg00010.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/linux\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/linux\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-19816\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:hyperv-daemons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libusbip-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-6-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-cpupower\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-armhf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-i386\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mips64el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-mipsel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-ppc64el\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-all-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4.9.0-9-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-4kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-5kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-loongson-3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-octeon-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-powerpc64le-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4.9.0-9-s390x-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-manual-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-4.9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-4.9.0-9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usbip\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"hyperv-daemons\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower-dev\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libcpupower1\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"libusbip-dev\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-arm\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-s390\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-compiler-gcc-6-x86\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-cpupower\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-doc-4.9\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-4kc-malta\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-5kc-malta\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-686-pae\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-amd64\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-arm64\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armel\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-armhf\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-i386\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mips64el\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-mipsel\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-ppc64el\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-all-s390x\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-amd64\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-arm64\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-armmp-lpae\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-common-rt\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-loongson-3\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-marvell\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-octeon\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-powerpc64le\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-686-pae\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-rt-amd64\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-headers-4.9.0-9-s390x\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-4kc-malta-dbg\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-5kc-malta-dbg\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-dbg\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-686-pae-dbg\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-amd64-dbg\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-arm64-dbg\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-dbg\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-armmp-lpae-dbg\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-loongson-3-dbg\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-marvell-dbg\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-octeon-dbg\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-powerpc64le-dbg\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-686-pae-dbg\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-rt-amd64-dbg\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-image-4.9.0-9-s390x-dbg\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-kbuild-4.9\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-libc-dev\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-manual-4.9\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-perf-4.9\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-source-4.9\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"linux-support-4.9.0-9\", reference:\"4.9.258-1\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"usbip\", reference:\"4.9.258-1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T14:58:47", "description": "The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170).\n\nCVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485).\n\nCVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167).\n\nCVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168).\n\nCVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198).\n\nCVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ).\n\nCVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193).\n\nCVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).\n\nCVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ).\n\nCVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022).\n\nCVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715).\n\nCVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717).\n\nCVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716).\n\nCVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696).\n\nCVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454).\n\nCVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775).\n\nCVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686).\n\nCVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843).\n\nCVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753).\n\nCVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747).\n\nCVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access because of a race condition in a THP mapcount check (bsc#1179660, bsc#1179428).\n\nCVE-2020-0433: Fixed a use after free due to improper locking which could have led to local escalation of privilege (bsc#1176720).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-04-14T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1175-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0433", "CVE-2020-27170", "CVE-2020-27171", "CVE-2020-27815", "CVE-2020-29368", "CVE-2020-29374", "CVE-2020-35519", "CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-28038", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972", "CVE-2021-29264", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-3428", "CVE-2021-3444"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-base", "p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-azure-debugsource", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-1175-1.NASL", "href": "https://www.tenable.com/plugins/nessus/148509", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:1175-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148509);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\n \"CVE-2020-0433\",\n \"CVE-2020-27170\",\n \"CVE-2020-27171\",\n \"CVE-2020-27815\",\n \"CVE-2020-29368\",\n \"CVE-2020-29374\",\n \"CVE-2020-35519\",\n \"CVE-2021-3428\",\n \"CVE-2021-3444\",\n \"CVE-2021-26930\",\n \"CVE-2021-26931\",\n \"CVE-2021-26932\",\n \"CVE-2021-27363\",\n \"CVE-2021-27364\",\n \"CVE-2021-27365\",\n \"CVE-2021-28038\",\n \"CVE-2021-28660\",\n \"CVE-2021-28688\",\n \"CVE-2021-28964\",\n \"CVE-2021-28971\",\n \"CVE-2021-28972\",\n \"CVE-2021-29264\",\n \"CVE-2021-29265\",\n \"CVE-2021-29647\"\n );\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1175-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive\nvarious security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3444: Fixed an issue with the bpf verifier which did not\nproperly handle mod32 destination register truncation when the source\nregister was known to be 0 leading to out of bounds read\n(bsc#1184170).\n\nCVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent\n(bsc#1173485).\n\nCVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have\nallowed attackers to obtain sensitive information from kernel memory\nbecause of a partially uninitialized data structure (bsc#1184192 ).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have\nallowed attackers to cause a denial of service due to race conditions\nduring an update of the local and shared status (bsc#1184167).\n\nCVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet\ndriver which could have allowed attackers to cause a system crash due\nto a calculation of negative fragment size (bsc#1184168).\n\nCVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a\nnew device name to the driver from userspace, allowing userspace to\nwrite data to the kernel stack frame directly (bsc#1184198).\n\nCVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could\nhave caused a system crash because the PEBS status in a PEBS record\nwas mishandled (bsc#1184196 ).\n\nCVE-2021-28964: Fixed a race condition in get_old_root which could\nhave allowed attackers to cause a denial of service (bsc#1184193).\n\nCVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).\n\nCVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan\n(bsc#1183593 ).\n\nCVE-2021-28038: Fixed an issue with the netback driver which was\nlacking necessary treatment of errors such as failed memory\nallocations (bsc#1183022).\n\nCVE-2021-27365: Fixed an issue where an unprivileged user can send a\nNetlink message that is associated with iSCSI, and has a length up to\nthe maximum length of a Netlink message (bsc#1182715).\n\nCVE-2021-27364: Fixed an issue where an attacker could craft Netlink\nmessages (bsc#1182717).\n\nCVE-2021-27363: Fixed a kernel pointer leak which could have been used\nto determine the address of the iscsi_transport structure\n(bsc#1182716).\n\nCVE-2020-35519: Fixed an out-of-bounds memory access was found in\nx25_bind (bsc#1183696).\n\nCVE-2020-27815: Fixed an issue in JFS filesystem where could have\nallowed an attacker to execute code (bsc#1179454).\n\nCVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds\nspeculation on pointer arithmetic, leading to side-channel attacks\nthat defeat Spectre mitigations and obtain sensitive information from\nkernel memory (bsc#1183775).\n\nCVE-2020-27170: Fixed potential side-channel attacks that defeat\nSpectre mitigations and obtain sensitive information from kernel\nmemory (bsc#1183686).\n\nCVE-2021-26930: Fixed an improper error handling in blkback's grant\nmapping (XSA-365 bsc#1181843).\n\nCVE-2021-26931: Fixed an issue where Linux kernel was treating grant\nmapping errors as bugs (XSA-362 bsc#1181753).\n\nCVE-2021-26932: Fixed improper error handling issues in Linux grant\nmapping (XSA-361 bsc#1181747).\n\nCVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write\nimplementation which could have granted unintended write access\nbecause of a race condition in a THP mapcount check (bsc#1179660,\nbsc#1179428).\n\nCVE-2020-0433: Fixed a use after free due to improper locking which\ncould have led to local escalation of privilege (bsc#1176720).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103990\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103991\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103992\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104270\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109837\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113994\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118661\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129770\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132477\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152446\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169709\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175165\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176720\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176855\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178163\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179243\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179428\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179660\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180846\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181515\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181544\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181674\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181747\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181753\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181843\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182011\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182175\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182485\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182574\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182716\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183018\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183023\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183379\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183380\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183381\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183382\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183416\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183686\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183696\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183861\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183871\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184114\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184167\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184192\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184196\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184198\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-0433/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27170/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27171/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-27815/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29368/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-29374/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-35519/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26930/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26931/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26932/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27363/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27364/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-27365/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28038/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28660/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28688/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28964/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28971/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-28972/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29264/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29265/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-29647/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3428/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3444/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20211175-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f99314b7\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1175=1\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-28972\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-3444\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-4.12.14-16.50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-base-4.12.14-16.50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-base-debuginfo-4.12.14-16.50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-debuginfo-4.12.14-16.50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-debugsource-4.12.14-16.50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-azure-devel-4.12.14-16.50.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-syms-azure-4.12.14-16.50.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-18T14:41:00", "description": "The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3444: Fixed an issue with the bpf verifier which did not properly handle mod32 destination register truncation when the source register was known to be 0 leading to out of bounds read (bsc#1184170).\n\nCVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent (bsc#1173485).\n\nCVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have allowed attackers to obtain sensitive information from kernel memory because of a partially uninitialized data structure (bsc#1184192 ).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have allowed attackers to cause a denial of service due to race conditions during an update of the local and shared status (bsc#1184167).\n\nCVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet driver which could have allowed attackers to cause a system crash due to a calculation of negative fragment size (bsc#1184168).\n\nCVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly (bsc#1184198).\n\nCVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could have caused a system crash because the PEBS status in a PEBS record was mishandled (bsc#1184196 ).\n\nCVE-2021-28964: Fixed a race condition in get_old_root which could have allowed attackers to cause a denial of service (bsc#1184193).\n\nCVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).\n\nCVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan (bsc#1183593 ).\n\nCVE-2021-28038: Fixed an issue with the netback driver which was lacking necessary treatment of errors such as failed memory allocations (bsc#1183022).\n\nCVE-2021-27365: Fixed an issue where an unprivileged user can send a Netlink message that is associated with iSCSI, and has a length up to the maximum length of a Netlink message (bsc#1182715).\n\nCVE-2021-27364: Fixed an issue where an attacker could craft Netlink messages (bsc#1182717).\n\nCVE-2021-27363: Fixed a kernel pointer leak which could have been used to determine the address of the iscsi_transport structure (bsc#1182716).\n\nCVE-2021-26932: Fixed improper error handling issues in Linux grant mapping (XSA-361 bsc#1181747).\n\nCVE-2021-26931: Fixed an issue where Linux kernel was treating grant mapping errors as bugs (XSA-362 bsc#1181753).\n\nCVE-2021-26930: Fixed an improper error handling in blkback's grant mapping (XSA-365 bsc#1181843).\n\nCVE-2020-35519: Fixed an out-of-bounds memory access was found in x25_bind (bsc#1183696).\n\nCVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write implementation which could have granted unintended write access (bsc#1179660, bsc#1179428).\n\nCVE-2020-27815: Fixed an issue in JFS filesystem where could have allowed an attacker to execute code (bsc#1179454).\n\nCVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183775).\n\nCVE-2020-27170: Fixed potential side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory (bsc#1183686).\n\nCVE-2020-0433: Fixed a use after free due to improper locking which could have led to local escalation of privilege (bsc#1176720).\n\nCVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393).\n\nCVE-2021-30002: Fixed a memory leak for large arguments in video_usercopy (bsc#1184120).\n\nCVE-2021-29154: Fixed incorrect computation of branch displacements, allowing arbitrary code execution (bsc#1184391).\n\nCVE-2021-20219: Fixed a denial of service in n_tty_receive_char_special (bsc#1184397).\n\nCVE-2020-36311: Fixed a denial of service (soft lockup) by triggering destruction of a large SEV VM (bsc#1184511).\n\nCVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed multiple bugs in NFC subsytem (bsc#1178181).\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-04-16T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1210-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0433", "CVE-2020-25670", "CVE-2020-25671", "CVE-2020-25672", "CVE-2020-25673", "CVE-2020-27170", "CVE-2020-27171", "CVE-2020-27815", "CVE-2020-29368", "CVE-2020-29374", "CVE-2020-35519", "CVE-2020-36311", "CVE-2021-20219", "CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-28038", "CVE-2021-28660", "CVE-2021-28688", "CVE-2021-28964", "CVE-2021-28971", "CVE-2021-28972", "CVE-2021-29154", "CVE-2021-29264", "CVE-2021-29265", "CVE-2021-29647", "CVE-2021-30002", "CVE-2021-3428", "CVE-2021-3444", "CVE-2021-3483"], "modified": "2021-04-20T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-debugsource", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo", "p-cpe:/a:novell:suse_linux:kernel-default-man", "p-cpe:/a:novell:suse_linux:kernel-syms", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-1210-1.NASL", "href": "https://www.tenable.com/plugins/nessus/148700", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:1210-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(148700);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/20\");\n\n script_cve_id(\"CVE-2020-0433\", \"CVE-2020-25670\", \"CVE-2020-25671\", \"CVE-2020-25672\", \"CVE-2020-25673\", \"CVE-2020-27170\", \"CVE-2020-27171\", \"CVE-2020-27815\", \"CVE-2020-29368\", \"CVE-2020-29374\", \"CVE-2020-35519\", \"CVE-2020-36311\", \"CVE-2021-20219\", \"CVE-2021-26930\", \"CVE-2021-26931\", \"CVE-2021-26932\", \"CVE-2021-27363\", \"CVE-2021-27364\", \"CVE-2021-27365\", \"CVE-2021-28038\", \"CVE-2021-28660\", \"CVE-2021-28688\", \"CVE-2021-28964\", \"CVE-2021-28971\", \"CVE-2021-28972\", \"CVE-2021-29154\", \"CVE-2021-29264\", \"CVE-2021-29265\", \"CVE-2021-29647\", \"CVE-2021-30002\", \"CVE-2021-3428\", \"CVE-2021-3444\", \"CVE-2021-3483\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2021:1210-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various\nsecurity and bugfixes.\n\nThe following security bugs were fixed :\n\nCVE-2021-3444: Fixed an issue with the bpf verifier which did not\nproperly handle mod32 destination register truncation when the source\nregister was known to be 0 leading to out of bounds read\n(bsc#1184170).\n\nCVE-2021-3428: Fixed an integer overflow in ext4_es_cache_extent\n(bsc#1173485).\n\nCVE-2021-29647: Fixed an issue in qrtr_recvmsg which could have\nallowed attackers to obtain sensitive information from kernel memory\nbecause of a partially uninitialized data structure (bsc#1184192 ).\n\nCVE-2021-29265: Fixed an issue in usbip_sockfd_store which could have\nallowed attackers to cause a denial of service due to race conditions\nduring an update of the local and shared status (bsc#1184167).\n\nCVE-2021-29264: Fixed an issue in the Freescale Gianfar Ethernet\ndriver which could have allowed attackers to cause a system crash due\nto a calculation of negative fragment size (bsc#1184168).\n\nCVE-2021-28972: Fixed a user-tolerable buffer overflow when writing a\nnew device name to the driver from userspace, allowing userspace to\nwrite data to the kernel stack frame directly (bsc#1184198).\n\nCVE-2021-28971: Fixed an issue in intel_pmu_drain_pebs_nhm which could\nhave caused a system crash because the PEBS status in a PEBS record\nwas mishandled (bsc#1184196 ).\n\nCVE-2021-28964: Fixed a race condition in get_old_root which could\nhave allowed attackers to cause a denial of service (bsc#1184193).\n\nCVE-2021-28688: Fixed an issue introduced by XSA-365 (bsc#1183646).\n\nCVE-2021-28660: Fixed an out of bounds write in rtw_wx_set_scan\n(bsc#1183593 ).\n\nCVE-2021-28038: Fixed an issue with the netback driver which was\nlacking necessary treatment of errors such as failed memory\nallocations (bsc#1183022).\n\nCVE-2021-27365: Fixed an issue where an unprivileged user can send a\nNetlink message that is associated with iSCSI, and has a length up to\nthe maximum length of a Netlink message (bsc#1182715).\n\nCVE-2021-27364: Fixed an issue where an attacker could craft Netlink\nmessages (bsc#1182717).\n\nCVE-2021-27363: Fixed a kernel pointer leak which could have been used\nto determine the address of the iscsi_transport structure\n(bsc#1182716).\n\nCVE-2021-26932: Fixed improper error handling issues in Linux grant\nmapping (XSA-361 bsc#1181747).\n\nCVE-2021-26931: Fixed an issue where Linux kernel was treating grant\nmapping errors as bugs (XSA-362 bsc#1181753).\n\nCVE-2021-26930: Fixed an improper error handling in blkback's grant\nmapping (XSA-365 bsc#1181843).\n\nCVE-2020-35519: Fixed an out-of-bounds memory access was found in\nx25_bind (bsc#1183696).\n\nCVE-2020-29368,CVE-2020-29374: Fixed an issue in copy-on-write\nimplementation which could have granted unintended write access\n(bsc#1179660, bsc#1179428).\n\nCVE-2020-27815: Fixed an issue in JFS filesystem where could have\nallowed an attacker to execute code (bsc#1179454).\n\nCVE-2020-27171: Fixed an off-by-one error affecting out-of-bounds\nspeculation on pointer arithmetic, leading to side-channel attacks\nthat defeat Spectre mitigations and obtain sensitive information from\nkernel memory (bsc#1183775).\n\nCVE-2020-27170: Fixed potential side-channel attacks that defeat\nSpectre mitigations and obtain sensitive information from kernel\nmemory (bsc#1183686).\n\nCVE-2020-0433: Fixed a use after free due to improper locking which\ncould have led to local escalation of privilege (bsc#1176720).\n\nCVE-2021-3483: Fixed a use-after-free in nosy.c (bsc#1184393).\n\nCVE-2021-30002: Fixed a memory leak for large arguments in\nvideo_usercopy (bsc#1184120).\n\nCVE-2021-29154: Fixed incorrect computation of branch displacements,\nallowing arbitrary code execution (bsc#1184391).\n\nCVE-2021-20219: Fixed a denial of service in\nn_tty_receive_char_special (bsc#1184397).\n\nCVE-2020-36311: Fixed a denial of service (soft lockup) by triggering\ndestruction of a large SEV VM (bsc#1184511).\n\nCVE-2020-25670, CVE-2020-25671, CVE-2020-25672, CVE-2020-25673: Fixed\nmultiple bugs in NFC subsytem (bsc#1178181).\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065600\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1065729\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103990\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103991\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1103992\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104270\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1104353\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1109837\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1111981\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1112374\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113295\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1113994\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118657\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1118661\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1119113\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1126390\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1129770\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1132477\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1142635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1152446\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1154048\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1169709\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172455\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1175165\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176720\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176855\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178163\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178181\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179243\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179428\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179454\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179660\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1179755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180846\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181507\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181515\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181544\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181674\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181747\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181753\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182011\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182175\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182485\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182574\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182715\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182716\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1182717\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183018\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183022\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183023\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183378\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183379\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183380\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183381\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183382\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183405\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183416\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183509\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183593\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183646\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183662\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183686\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183696\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183755\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183775\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183861\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1183871\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184114\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184120\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184167\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184168\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184170\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184192\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184193\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184196\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184198\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184391\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184393\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184397\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184494\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184511\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1184583\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-0433/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25670/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25671/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25672/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-25673/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27170/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27171/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-27815/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-29368/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-29374/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-35519/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-36311/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-20219/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-26930/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-26931/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-26932/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-27363/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-27364/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-27365/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28038/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28660/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28688/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28964/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28971/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-28972/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-29154/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-29264/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-29265/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-29647/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-30002/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-3428/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-3444/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2021-3483/\"\n );\n # https://www.suse.com/support/update/announcement/2021/suse-su-20211210-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?07418a12\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP5 :\n\nzypper in -t patch SUSE-SLE-WE-12-SP5-2021-1210=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SDK-12-SP5-2021-1210=1\n\nSUSE Linux Enterprise Server 12-SP5 :\n\nzypper in -t patch SUSE-SLE-SERVER-12-SP5-2021-1210=1\n\nSUSE Linux Enterprise Live Patching 12-SP5 :\n\nzypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2021-1210=1\n\nSUSE Linux Enterprise High Availability 12-SP5 :\n\nzypper in -t patch SUSE-SLE-HA-12-SP5-2021-1210=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-man\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"x86_64\", reference:\"kernel-default-devel-debuginfo-4.12.14-122.66.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", cpu:\"s390x\", reference:\"kernel-default-man-4.12.14-122.66.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-4.12.14-122.66.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-base-4.12.14-122.66.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-base-debuginfo-4.12.14-122.66.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-debuginfo-4.12.14-122.66.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-debugsource-4.12.14-122.66.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-default-devel-4.12.14-122.66.2\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"5\", reference:\"kernel-syms-4.12.14-122.66.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T15:52:25", "description": "An issue was discovered in the Linux kernel 3.2 through 5.10.16, as used by Xen. Grant mapping operations often occur in batch hypercalls, where a number of operations are done in a single hypercall, the success or failure of each one is reported to the backend driver, and the backend driver then loops over the results, performing follow-up actions based on the success or failure of each operation. Unfortunately, when running in PV mode, the Linux backend drivers mishandle this: Some errors are ignored, effectively implying their success from the success of related batch elements. In other cases, errors resulting from one batch element lead to further batch elements not being inspected, and hence successful ones to not be possible to properly unmap upon error recovery. Only systems with Linux backends running in PV mode are vulnerable. Linux backends run in HVM / PVH modes are not vulnerable. This affects arch/*/xen/p2m.c and drivers/xen/gntdev.c.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-02-17T02:15:00", "type": "cve", "title": "CVE-2021-26932", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26932"], "modified": "2021-03-31T00:15:00", "cpe": ["cpe:/o:linux:linux_kernel:5.10.16", "cpe:/o:fedoraproject:fedora:32", "cpe:/o:fedoraproject:fedora:33", "cpe:/o:debian:debian_linux:9.0"], "id": "CVE-2021-26932", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26932", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "cpe:2.3:o:linux:linux_kernel:5.10.16:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"]}], "oraclelinux": [{"lastseen": "2021-07-28T14:24:45", "description": "[5.4.17-2036.103.3.1.el7]\n- xen-blkback: fix error handling in xen_blkbk_map() (Jan Beulich) [Orabug: 32492109] {CVE-2021-26930}\n- xen-scsiback: don't 'handle' error by BUG() (Jan Beulich) [Orabug: 32492101] {CVE-2021-26931}\n- xen-netback: don't 'handle' error by BUG() (Jan Beulich) [Orabug: 32492101] {CVE-2021-26931}\n- xen-blkback: don't 'handle' error by BUG() (Jan Beulich) [Orabug: 32492101] {CVE-2021-26931}\n- Xen/gntdev: correct error checking in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492093] {CVE-2021-26932}\n- Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492093] {CVE-2021-26932}\n- Xen/x86: also check kernel mapping in set_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492093] {CVE-2021-26932}\n- Xen/x86: don't bail early from clear_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492093] {CVE-2021-26932}", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-02-16T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932"], "modified": "2021-02-16T00:00:00", "id": "ELSA-2021-9057", "href": "http://linux.oracle.com/errata/ELSA-2021-9057.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:24:47", "description": "[5.4.17-2036.103.3.1uek]\n- xen-blkback: fix error handling in xen_blkbk_map() (Jan Beulich) [Orabug: 32492109] {CVE-2021-26930}\n- xen-scsiback: don't 'handle' error by BUG() (Jan Beulich) [Orabug: 32492101] {CVE-2021-26931}\n- xen-netback: don't 'handle' error by BUG() (Jan Beulich) [Orabug: 32492101] {CVE-2021-26931}\n- xen-blkback: don't 'handle' error by BUG() (Jan Beulich) [Orabug: 32492101] {CVE-2021-26931}\n- Xen/gntdev: correct error checking in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492093] {CVE-2021-26932}\n- Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492093] {CVE-2021-26932}\n- Xen/x86: also check kernel mapping in set_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492093] {CVE-2021-26932}\n- Xen/x86: don't bail early from clear_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492093] {CVE-2021-26932}", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-02-16T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932"], "modified": "2021-02-16T00:00:00", "id": "ELSA-2021-9053", "href": "http://linux.oracle.com/errata/ELSA-2021-9053.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:24:27", "description": "[4.14.35-2047.500.10.el7uek] \n- xen-blkback: fix error handling in xen_blkbk_map() (Jan Beulich) [Orabug: 32492110] {CVE-2021-26930} \n- xen-scsiback: don't handle error by BUG() (Jan Beulich) [Orabug: 32492102] {CVE-2021-26931} \n- xen-netback: don't handle error by BUG() (Jan Beulich) [Orabug: 32492102] {CVE-2021-26931} \n- xen-blkback: don't handle error by BUG() (Jan Beulich) [Orabug: 32492102] {CVE-2021-26931} \n- Xen/gntdev: correct error checking in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492094] {CVE-2021-26932} \n- Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492094] {CVE-2021-26932} \n- Xen/x86: also check kernel mapping in set_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492094] {CVE-2021-26932} \n- Xen/x86: don't bail early from clear_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492094] {CVE-2021-26932}\n- tap: fix use-after-free (Michael S. Tsirkin) [Orabug: 32466083]\n- vhost scsi: alloc vhost_scsi with kvzalloc() to avoid delay (Dongli Zhang) [Orabug: 32471695] \n- Fix double free KASAN warnings and use after free of kmalloc-32 object. (Imran Khan) [Orabug: 32480357]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-02-19T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932"], "modified": "2021-02-19T00:00:00", "id": "ELSA-2021-9067", "href": "http://linux.oracle.com/errata/ELSA-2021-9067.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:24:31", "description": "[4.1.12-124.48.3.1]\n- xen-blkback: fix error handling in xen_blkbk_map() (Jan Beulich) [Orabug: 32492113] {CVE-2021-26930}\n- xen-scsiback: don't 'handle' error by BUG() (Jan Beulich) [Orabug: 32492105] {CVE-2021-26931}\n- xen-netback: don't 'handle' error by BUG() (Jan Beulich) [Orabug: 32492105] {CVE-2021-26931}\n- xen-blkback: don't 'handle' error by BUG() (Jan Beulich) [Orabug: 32492105] {CVE-2021-26931}\n- Xen/gntdev: correct error checking in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492098] {CVE-2021-26932}\n- Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492098] {CVE-2021-26932}\n- Xen/x86: also check kernel mapping in set_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492098] {CVE-2021-26932}\n- Xen/x86: don't bail early from clear_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492098] {CVE-2021-26932}\n[4.1.12-124.48.3]\n- bnxt_en: Fix ethtool -x crash when device is down. (Michael Chan) [Orabug: 32466092]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-02-16T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932"], "modified": "2021-02-16T00:00:00", "id": "ELSA-2021-9051", "href": "http://linux.oracle.com/errata/ELSA-2021-9051.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:24:41", "description": "[4.14.35-2047.500.9.3.el7]\n- net/rds: Reject error code change (Ka-Cheong Poon) [Orabug: 32577425]\n- PCI: hotplug: Add module parameter to allow user control of LEDs (James Puthukattukaran) [Orabug: 32577399]\n- net/rds: increase 1MB MR pool size for RDS (Manjunath Patil) [Orabug: 32577394]\n[4.14.35-2047.500.9.2.el7]\n- Fix double free KASAN warnings and use after free of kmalloc-32 object. (Imran\n Khan) [Orabug: 32515995]\n[4.14.35-2047.500.9.1.el7]\n- xen-blkback: fix error handling in xen_blkbk_map() (Jan Beulich) [Orabug: 32492110] {CVE-2021-26930}\n- xen-scsiback: don't 'handle' error by BUG() (Jan Beulich) [Orabug: 32492102] {CVE-2021-26931}\n- xen-netback: don't 'handle' error by BUG() (Jan Beulich) [Orabug: 32492102] {CVE-2021-26931}\n- xen-blkback: don't 'handle' error by BUG() (Jan Beulich) [Orabug: 32492102] {CVE-2021-26931}\n- Xen/gntdev: correct error checking in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492094] {CVE-2021-26932}\n- Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492094] {CVE-2021-26932}\n- Xen/x86: also check kernel mapping in set_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492094] {CVE-2021-26932}\n- Xen/x86: don't bail early from clear_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492094] {CVE-2021-26932}", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-03-24T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932"], "modified": "2021-03-24T00:00:00", "id": "ELSA-2021-9136", "href": "http://linux.oracle.com/errata/ELSA-2021-9136.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:24:38", "description": " ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-02-17T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932"], "modified": "2021-02-17T00:00:00", "id": "ELSA-2021-9058", "href": "http://linux.oracle.com/errata/ELSA-2021-9058.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:24:43", "description": "[4.14.35-2047.500.10.el7]\n- xen-blkback: fix error handling in xen_blkbk_map() (Jan Beulich) [Orabug: 32492110] {CVE-2021-26930}\n- xen-scsiback: don't 'handle' error by BUG() (Jan Beulich) [Orabug: 32492102] {CVE-2021-26931}\n- xen-netback: don't 'handle' error by BUG() (Jan Beulich) [Orabug: 32492102] {CVE-2021-26931}\n- xen-blkback: don't 'handle' error by BUG() (Jan Beulich) [Orabug: 32492102] {CVE-2021-26931}\n- Xen/gntdev: correct error checking in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492094] {CVE-2021-26932}\n- Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492094] {CVE-2021-26932}\n- Xen/x86: also check kernel mapping in set_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492094] {CVE-2021-26932}\n- Xen/x86: don't bail early from clear_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492094] {CVE-2021-26932}\n- tap: fix use-after-free (Michael S. Tsirkin) [Orabug: 32466083]\n- vhost scsi: alloc vhost_scsi with kvzalloc() to avoid delay (Dongli Zhang) [Orabug: 32471695]\n- Fix double free KASAN warnings and use after free of kmalloc-32 object. (Imran Khan) [Orabug: 32480357]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-02-19T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932"], "modified": "2021-02-19T00:00:00", "id": "ELSA-2021-9068", "href": "http://linux.oracle.com/errata/ELSA-2021-9068.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:25:12", "description": "[4.14.35-2047.500.9.3.el7uek] \n- net/rds: Reject error code change (Ka-Cheong Poon) [Orabug: 32577425] \n- PCI: hotplug: Add module parameter to allow user control of LEDs (James Puthukattukaran) [Orabug: 32577399] \n- net/rds: increase 1MB MR pool size for RDS (Manjunath Patil) [Orabug: 32577394]\n[4.14.35-2047.500.9.2.el7uek] \n- Fix double free KASAN warnings and use after free of kmalloc-32 object. (Imran Khan) [Orabug: 32515995]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-03-24T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932"], "modified": "2021-03-24T00:00:00", "id": "ELSA-2021-9135", "href": "http://linux.oracle.com/errata/ELSA-2021-9135.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-30T06:24:38", "description": " ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-03-03T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0431", "CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932"], "modified": "2021-03-03T00:00:00", "id": "ELSA-2021-9079", "href": "http://linux.oracle.com/errata/ELSA-2021-9079.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:24:53", "description": "[5.4.17-2036.104.4.el7]\n- KVM: arm64: guest context in x18 instead of x29 (Mihai Carabas) [Orabug:\n 32545182]\n[5.4.17-2036.104.3.el7]\n- config: enable CONFIG_MLX5_MPFS (Brian Maly) [Orabug: 32249042]\n- net: Fix bridge enslavement failure (Ido Schimmel) [Orabug: 32503298]\n- inet: do not call sublist_rcv on empty list (Florian Westphal) [Orabug: 32512814]\n- KVM: arm64: pmu: Dont mark a counter as chained if the odd one is disabled (Eric Auger) [Orabug: 32499188]\n- random: wire /dev/random with a DRBG instance (Saeed Mirzamohammadi) [Orabug: 32522087]\n- crypto: drbg - always try to free Jitter RNG instance (Stephan Muller) [Orabug: 32522087]\n- crypto: drbg - always seeded with SP800-90B compliant noise source (Stephan Muller) [Orabug: 32522087]\n- crypto: jitter - SP800-90B compliance (Stephan Muller) [Orabug: 32522087]\n- crypto: jitter - add header to fix buildwarnings (Ben Dooks) [Orabug: 32522087]\n- crypto: jitter - fix comments (Alexander E. Patrakov) [Orabug: 32522087]\n- xen-blkback: fix error handling in xen_blkbk_map() (Jan Beulich) [Orabug: 32492109] {CVE-2021-26930}\n- xen-scsiback: dont 'handle' error by BUG() (Jan Beulich) [Orabug: 32492101] {CVE-2021-26931}\n- xen-netback: dont 'handle' error by BUG() (Jan Beulich) [Orabug: 32492101] {CVE-2021-26931}\n- xen-blkback: dont 'handle' error by BUG() (Jan Beulich) [Orabug: 32492101] {CVE-2021-26931}\n- Xen/gntdev: correct error checking in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492093] {CVE-2021-26932}\n- Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492093] {CVE-2021-26932}\n- Xen/x86: also check kernel mapping in set_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492093] {CVE-2021-26932}\n- Xen/x86: dont bail early from clear_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492093] {CVE-2021-26932}\n[5.4.17-2036.104.2.el7]\n- tcp: fix to update snd_wl1 in bulk receiver fast path (Neal Cardwell) [Orabug: 32498822]\n- selinux: allow reading labels before policy is loaded (Jonathan Lebon) [Orabug: 32492277]\n- selinux: allow labeling before policy is loaded (Jonathan Lebon) [Orabug: 32492277]\n- KVM: SVM: Initialize prev_ga_tag before use (Suravee Suthikulpanit) [Orabug: 32478549]\n- tools/power turbostat: Support additional CPU model numbers (Len Brown) [Orabug: 32422451]\n- x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family (Tony Luck) [Orabug: 32422451]\n- x86/cpu: Add Sapphire Rapids CPU model number (Tony Luck) [Orabug: 32422451]\n- tools/power turbostat: Support Tiger Lake (Chen Yu) [Orabug: 32422451]\n- uek-rpm: config-aarch64: enable MEMORY HOTREMOVE (Mihai Carabas) [Orabug: 32353851]\n- arm64/mm/hotplug: Ensure early memory sections are all online (Anshuman Khandual) [Orabug: 32353851]\n- arm64/mm/hotplug: Enable MEM_OFFLINE event handling (Anshuman Khandual) [Orabug: 32353851]\n- arm64/mm/hotplug: Register boot memory hot remove notifier earlier (Anshuman Khandual) [Orabug: 32353851]\n- arm64/mm: Enable memory hot remove (Anshuman Khandual) [Orabug: 32353851]\n- arm64/mm: Hold memory hotplug lock while walking for kernel page table dump (Anshuman Khandual) [Orabug: 32353851]\n- KVM: arm64: Save/restore sp_el0 as part of __guest_enter (Marc Zyngier) [Orabug: 32171445]\n- net/mlx4_en: Handle TX error CQE (Moshe Shemesh) [Orabug: 32492969]\n- net/mlx4_en: Avoid scheduling restart task if it is already running (Moshe Shemesh) [Orabug: 32492969]\n[5.4.17-2036.104.1.el7]\n- vhost scsi: alloc vhost_scsi with kvzalloc() to avoid delay (Dongli Zhang) [Orabug: 32471677]\n- HID: hid-input: fix stylus battery reporting (Dmitry Torokhov) [Orabug: 32464784] {CVE-2020-0431}\n- nbd: freeze the queue while were adding connections (Josef Bacik) [Orabug: 32447285] {CVE-2021-3348}\n- futex: Handle faults correctly for PI futexes (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}\n- futex: Simplify fixup_pi_state_owner() (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}\n- futex: Use pi_state_update_owner() in put_pi_state() (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}\n- rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}\n- futex: Dont enable IRQs unconditionally in put_pi_state() (Dan Carpenter) [Orabug: 32447187] {CVE-2021-3347}\n- futex: Provide and use pi_state_update_owner() (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}\n- futex: Replace pointless printk in fixup_owner() (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}\n- futex: Ensure the correct return value from futex_lock_pi() (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}\n- uek-rpm: Enable Oracle Pilot BMC module (Eric Snowberg) [Orabug: 32422662]\n- hwmon: Add a new Oracle Pilot BMC driver (Eric Snowberg) [Orabug: 32422662]\n- arm64: Reserve only 256M on RPi for crashkernel=auto (Vijay Kumar) [Orabug: 32301026]\n[5.4.17-2036.104.0.el7]\n- Revert 'rds: Deregister all FRWR mr with free_mr' (aru kolappan) [Orabug: 32426610]\n- thermal: intel_pch_thermal: Add PCI ids for Lewisburg PCH. (Andres Freund) [Orabug: 32424705]\n- thermal: intel: intel_pch_thermal: Add Cannon Lake Low Power PCH support (Sumeet Pawnikar) [Orabug: 32424705]\n- thermal: intel: intel_pch_thermal: Add Comet Lake (CML) platform support (Gayatri Kammela) [Orabug: 32424705]\n- nfs: Fix security label length not being reset (Jeffrey Mitchell) [Orabug: 32350989]\n- ovl: check permission to open real file (Miklos Szeredi) [Orabug: 32046372] {CVE-2020-16120}\n- ovl: verify permissions in ovl_path_open() (Miklos Szeredi) [Orabug: 32046372] {CVE-2020-16120}\n- ovl: switch to mounter creds in readdir (Miklos Szeredi) [Orabug: 32046372] {CVE-2020-16120}\n- ovl: pass correct flags for opening real directory (Miklos Szeredi) [Orabug: 32046372]\n- A/A Bonding: Add synchronized bundle failback (Gerd Rausch) [Orabug: 32381883]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-03-09T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0431", "CVE-2020-16120", "CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932", "CVE-2021-3347", "CVE-2021-3348"], "modified": "2021-03-09T00:00:00", "id": "ELSA-2021-9086", "href": "http://linux.oracle.com/errata/ELSA-2021-9086.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:46", "description": "[5.4.17-2036.104.4.el8uek]\n- KVM: arm64: guest context in x18 instead of x29 (Mihai Carabas) [Orabug: 32545182]\n[5.4.17-2036.104.3.el8uek]\n- config: enable CONFIG_MLX5_MPFS (Brian Maly) [Orabug: 32249042] \n- net: Fix bridge enslavement failure (Ido Schimmel) [Orabug: 32503298] \n- inet: do not call sublist_rcv on empty list (Florian Westphal) [Orabug: 32512814] \n- KVM: arm64: pmu: Dont mark a counter as chained if the odd one is disabled (Eric Auger) [Orabug: 32499188] \n- random: wire /dev/random with a DRBG instance (Saeed Mirzamohammadi) [Orabug: 32522087] \n- crypto: drbg - always try to free Jitter RNG instance (Stephan Muller) [Orabug: 32522087] \n- crypto: drbg - always seeded with SP800-90B compliant noise source (Stephan Muller) [Orabug: 32522087] \n- crypto: jitter - SP800-90B compliance (Stephan Muller) [Orabug: 32522087] \n- crypto: jitter - add header to fix buildwarnings (Ben Dooks) [Orabug: 32522087] \n- crypto: jitter - fix comments (Alexander E. Patrakov) [Orabug: 32522087] \n- xen-blkback: fix error handling in xen_blkbk_map() (Jan Beulich) [Orabug: 32492109] {CVE-2021-26930}\n- xen-scsiback: dont 'handle' error by BUG() (Jan Beulich) [Orabug: 32492101] {CVE-2021-26931}\n- xen-netback: dont 'handle' error by BUG() (Jan Beulich) [Orabug: 32492101] {CVE-2021-26931}\n- xen-blkback: dont 'handle' error by BUG() (Jan Beulich) [Orabug: 32492101] {CVE-2021-26931}\n- Xen/gntdev: correct error checking in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492093] {CVE-2021-26932}\n- Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492093] {CVE-2021-26932}\n- Xen/x86: also check kernel mapping in set_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492093] {CVE-2021-26932}\n- Xen/x86: dont bail early from clear_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492093] {CVE-2021-26932}\n[5.4.17-2036.104.2.el8uek]\n- tcp: fix to update snd_wl1 in bulk receiver fast path (Neal Cardwell) [Orabug: 32498822] \n- selinux: allow reading labels before policy is loaded (Jonathan Lebon) [Orabug: 32492277] \n- selinux: allow labeling before policy is loaded (Jonathan Lebon) [Orabug: 32492277] \n- KVM: SVM: Initialize prev_ga_tag before use (Suravee Suthikulpanit) [Orabug: 32478549] \n- tools/power turbostat: Support additional CPU model numbers (Len Brown) [Orabug: 32422451] \n- x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family (Tony Luck) [Orabug: 32422451] \n- x86/cpu: Add Sapphire Rapids CPU model number (Tony Luck) [Orabug: 32422451] \n- tools/power turbostat: Support Tiger Lake (Chen Yu) [Orabug: 32422451] \n- uek-rpm: config-aarch64: enable MEMORY HOTREMOVE (Mihai Carabas) [Orabug: 32353851] \n- arm64/mm/hotplug: Ensure early memory sections are all online (Anshuman Khandual) [Orabug: 32353851] \n- arm64/mm/hotplug: Enable MEM_OFFLINE event handling (Anshuman Khandual) [Orabug: 32353851] \n- arm64/mm/hotplug: Register boot memory hot remove notifier earlier (Anshuman Khandual) [Orabug: 32353851] \n- arm64/mm: Enable memory hot remove (Anshuman Khandual) [Orabug: 32353851] \n- arm64/mm: Hold memory hotplug lock while walking for kernel page table dump (Anshuman Khandual) [Orabug: 32353851] \n- KVM: arm64: Save/restore sp_el0 as part of __guest_enter (Marc Zyngier) [Orabug: 32171445] \n- net/mlx4_en: Handle TX error CQE (Moshe Shemesh) [Orabug: 32492969] \n- net/mlx4_en: Avoid scheduling restart task if it is already running (Moshe Shemesh) [Orabug: 32492969]\n[5.4.17-2036.104.1.el8uek]\n- vhost scsi: alloc vhost_scsi with kvzalloc() to avoid delay (Dongli Zhang) [Orabug: 32471677] \n- HID: hid-input: fix stylus battery reporting (Dmitry Torokhov) [Orabug: 32464784] {CVE-2020-0431}\n- nbd: freeze the queue while were adding connections (Josef Bacik) [Orabug: 32447285] {CVE-2021-3348}\n- futex: Handle faults correctly for PI futexes (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}\n- futex: Simplify fixup_pi_state_owner() (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}\n- futex: Use pi_state_update_owner() in put_pi_state() (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}\n- rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}\n- futex: Dont enable IRQs unconditionally in put_pi_state() (Dan Carpenter) [Orabug: 32447187] {CVE-2021-3347}\n- futex: Provide and use pi_state_update_owner() (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}\n- futex: Replace pointless printk in fixup_owner() (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}\n- futex: Ensure the correct return value from futex_lock_pi() (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}\n- uek-rpm: Enable Oracle Pilot BMC module (Eric Snowberg) [Orabug: 32422662] \n- hwmon: Add a new Oracle Pilot BMC driver (Eric Snowberg) [Orabug: 32422662] \n- arm64: Reserve only 256M on RPi for crashkernel=auto (Vijay Kumar) [Orabug: 32301026]\n[5.4.17-2036.104.0.el8uek]\n- Revert 'rds: Deregister all FRWR mr with free_mr' (aru kolappan) [Orabug: 32426610] \n- thermal: intel_pch_thermal: Add PCI ids for Lewisburg PCH. (Andres Freund) [Orabug: 32424705] \n- thermal: intel: intel_pch_thermal: Add Cannon Lake Low Power PCH support (Sumeet Pawnikar) [Orabug: 32424705] \n- thermal: intel: intel_pch_thermal: Add Comet Lake (CML) platform support (Gayatri Kammela) [Orabug: 32424705] \n- nfs: Fix security label length not being reset (Jeffrey Mitchell) [Orabug: 32350989] \n- ovl: check permission to open real file (Miklos Szeredi) [Orabug: 32046372] {CVE-2020-16120}\n- ovl: verify permissions in ovl_path_open() (Miklos Szeredi) [Orabug: 32046372] {CVE-2020-16120}\n- ovl: switch to mounter creds in readdir (Miklos Szeredi) [Orabug: 32046372] {CVE-2020-16120}\n- ovl: pass correct flags for opening real directory (Miklos Szeredi) [Orabug: 32046372] \n- A/A Bonding: Add synchronized bundle failback (Gerd Rausch) [Orabug: 32381883]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-03-11T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0431", "CVE-2020-16120", "CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932", "CVE-2021-3347", "CVE-2021-3348"], "modified": "2021-03-11T00:00:00", "id": "ELSA-2021-9085", "href": "http://linux.oracle.com/errata/ELSA-2021-9085.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-30T06:24:58", "description": "[4.14.35-2047.500.9.1]\n- xen-blkback: fix error handling in xen_blkbk_map() (Jan Beulich) [Orabug: 32492110] {CVE-2021-26930}\n- xen-scsiback: dont 'handle' error by BUG() (Jan Beulich) [Orabug: 32492102] {CVE-2021-26931}\n- xen-netback: dont 'handle' error by BUG() (Jan Beulich) [Orabug: 32492102] {CVE-2021-26931}\n- xen-blkback: dont 'handle' error by BUG() (Jan Beulich) [Orabug: 32492102] {CVE-2021-26931}\n- Xen/gntdev: correct error checking in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492094] {CVE-2021-26932}\n- Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492094] {CVE-2021-26932}\n- Xen/x86: also check kernel mapping in set_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492094] {CVE-2021-26932}\n- Xen/x86: dont bail early from clear_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492094] {CVE-2021-26932}\n[4.14.35-2047.500.9]\n- Revert 'rds: Deregister all FRWR mr with free_mr' (aru kolappan) [Orabug: 32426612] \n- A/A Bonding: Add synchronized bundle failback (Gerd Rausch) [Orabug: 31175013] \n- net/rds: Incorrect RDS protocol version fall back (Ka-Cheong Poon) [Orabug: 32376163] \n- net/rds: Missing RDS/RDMA private data in response to connection request (Ka-Cheong Poon) [Orabug: 32388407]\n[4.14.35-2047.500.8]\n- uek-rpm: update kABI lists for new symbol (Dan Duval) [Orabug: 32341032] \n- net/rds: Fix gfp_t parameter (Hans Westgaard Ry) [Orabug: 32372161] \n- A/A Bonding: Fix a one-byte-off kmalloc (Hakon Bugge) [Orabug: 32380826] \n- x86/process: Mark cpu inactive before offlining (Mridula Shastry) [Orabug: 32245078] \n- A/A Bonding: Introduce selective interface name inclusion (Hakon Bugge) [Orabug: 32350976] \n- net/mlx5: Use a single MSIX vector for all control EQs in VFs (Ariel Levkovich) [Orabug: 32368440] \n- net/mlx5: Fix available EQs FW used to reserve (Denis Drozdov) [Orabug: 32368440] \n- net/mlx5: Use max_num_eqs for calculation of required MSIX vectors (Denis Drozdov) [Orabug: 32368440] \n- net/mlx5: Expose DEVX specification (Yishai Hadas) [Orabug: 32368440] \n- target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 32248037] {CVE-2020-28374}\n[4.14.35-2047.500.7]\n- partitions/efi: Enable no warning option for the GPT warnings related to alternative header (Saeed Mirzamohammadi) [Orabug: 32047319] \n- xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park) [Orabug: 32253411] {CVE-2020-29568}\n- xen/xenbus: Count pending messages for each watch (SeongJae Park) [Orabug: 32253411] {CVE-2020-29568}\n- xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae Park) [Orabug: 32253411] {CVE-2020-29568}\n- xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() (SeongJae Park) [Orabug: 32253411] {CVE-2020-29568}\n- xen/xenbus: Allow watches discard events before queueing (SeongJae Park) [Orabug: 32253411] {CVE-2020-29568}\n- xen-blkback: set ring->xenblkd to NULL after kthread_stop() (Pawel Wieczorkiewicz) [Orabug: 32260255] {CVE-2020-29569}\n- lockd: dont use interval-based rebinding over TCP (Calum Mackay) [Orabug: 32337717] \n- mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349205] {CVE-2020-36158}\n- add license checking to kABI checker (Dan Duval) [Orabug: 32355208]\n[4.14.35-2047.500.6]\n- net/rds: Only yield with a valid 'i_connecting_ts' timestamp (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Only increment rdma_resolve_route timeout on error (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Dont block workqueues 'cma_wq' and 'cm.wq' (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Dont drop neighbor loopback connection (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Take the GID offset into account for IB devices (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Leave the neighbor cache alone (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Give each connection its own workqueue (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Disassociate ic and cm_id before rdma_destroy_id (Gerd Rausch) [Orabug: 31030774] \n- Revert 'rds: ib: Implement proper cm_id compare' (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Add a rdma_cm watchdog timer (Gerd Rausch) [Orabug: 31030774] \n- Revert 'RDS: IB: fix panic with handlers running post teardown' (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Release all resources allocated by 'rds_ib_setup_qp' (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Change the 'rds_aux_wq' workqueue to loose order (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Dont sleep inside worker threads (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Fix a few race conditions (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Execute 'rdma_destroy_id' in the background (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Delay reconnects from passive side by 3 seconds (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Drop connections when peers perform failover (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Yield to incoming connection requests (Gerd Rausch) [Orabug: 31030774] \n- net/rds: Remove stale comments about random backoff (Gerd Rausch) [Orabug: 31030774]\n[4.14.35-2047.500.5]\n- KVM: x86: clflushopt should be treated as a no-op by emulation (David Edmondson) [Orabug: 32251912] \n- tty: Fix ->session locking (Jann Horn) [Orabug: 32266679] {CVE-2020-29660}\n- tty: Fix ->pgrp locking in tiocspgrp() (Jann Horn) [Orabug: 32266679] {CVE-2020-29660}\n[4.14.35-2047.500.4]\n- bnxt_en: Release PCI regions when DMA mask setup fails during probe. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: fix error return code in bnxt_init_board() (Zhang Changzhong) [Orabug: 32223677] \n- bnxt_en: fix error return code in bnxt_init_one() (Zhang Changzhong) [Orabug: 32223677] \n- bnxt_en: Fix counter overflow logic. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: read EEPROM A2h address using page 0 (Edwin Peer) [Orabug: 32223677] \n- bnxt_en: Re-write PCI BARs after PCI fatal error. (Vasundhara Volam) [Orabug: 32223677] \n- bnxt_en: Set driver default message level. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Enable online self tests for multi-host/NPAR mode. (Vasundhara Volam) [Orabug: 32223677] \n- bnxt_en: Eliminate unnecessary RX resets. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Reduce unnecessary message log during RX errors. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Add a software counter for RX ring reset. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Implement RX ring reset in response to buffer errors. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Refactor bnxt_init_one_rx_ring(). (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Refactor bnxt_free_rx_skbs(). (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Update firmware interface spec to 1.10.1.68. (Vasundhara Volam) [Orabug: 32223677] \n- bnxt_en: Improve preset max value for ethtool -l. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Handle ethernet link being disabled by firmware. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: add basic infrastructure to support PAM4 link speeds (Edwin Peer) [Orabug: 32223677] \n- bnxt_en: refactor bnxt_get_fw_speed() (Edwin Peer) [Orabug: 32223677] \n- bnxt_en: refactor code to limit speed advertising (Edwin Peer) [Orabug: 32223677] \n- bnxt_en: Update firmware interface spec to 1.10.1.65. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Fix wrong flag value passed to HWRM_PORT_QSTATS_EXT fw call. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Fix HWRM_FUNC_QSTATS_EXT firmware call. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Return -EOPNOTSUPP for ETHTOOL_GREGS on VFs. (Vasundhara Volam) [Orabug: 32223677] \n- bnxt_en: return proper error codes in bnxt_show_temp (Edwin Peer) [Orabug: 32223677] \n- bnxt_en: Setup default RSS map in all scenarios. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: init RSS table for Minimal-Static VF reservation (Edwin Peer) [Orabug: 32223677] \n- bnxt_en: fix HWRM error when querying VF temperature (Edwin Peer) [Orabug: 32223677] \n- bnxt_en: Fix ethtool -S statitics with XDP or TCs enabled. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Dont query FW when netif_running() is false. (Pavan Chebbi) [Orabug: 32223677] \n- bnxt_en: Add support for 'ethtool -d' (Vasundhara Volam) [Orabug: 32223677] \n- bnxt_en: Switch over to use the 64-bit software accumulated counters. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Accumulate all counters. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Retrieve hardware masks for port counters. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Retrieve hardware counter masks from firmware if available. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Allocate additional memory for all statistics blocks. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Refactor statistics code and structures. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Use macros to define port statistics size and offset. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Update firmware interface to 1.10.1.54. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Remove PCIe non-counters from ethtool statistics (Vasundhara Volam) [Orabug: 32223677] \n- net: bnxt: don't complain if TC flower can't be supported (Jakub Kicinski) [Orabug: 32223677] \n- bnxt_en: Fix completion ring sizing with TPA enabled. (Michael Chan) [Orabug: 32223677] \n- bnxt_en: Init ethtool link settings after reading updated PHY configuration. (Vasundhara Volam) [Orabug: 32223677] \n- perf/core: Fix race in the perf_mmap_close() function (Jiri Olsa) [Orabug: 32233354] {CVE-2020-14351}\n- vhost scsi: fix lun reset completion handling (Mike Christie) [Orabug: 32201608] \n- vhost scsi: Add support for LUN resets. (Mike Christie) [Orabug: 32201608] \n- vhost/scsi: Use copy_to_iter() to send control queue response (Bijan Mottahedeh) [Orabug: 32201608] \n- vhost scsi: add lun parser helper (Mike Christie) [Orabug: 32201608] \n- vhost scsi: fix cmd completion race (Mike Christie) [Orabug: 32201608] \n- vhost scsi: alloc cmds per vq instead of session (Mike Christie) [Orabug: 32201608] \n- vhost: add helper to check if a vq has been setup (Mike Christie) [Orabug: 32201608] \n- scsi: sd: Allow user to configure command retries (Mike Christie) [Orabug: 32201608] \n- scsi: core: Add limitless cmd retry support (Mike Christie) [Orabug: 32201608] \n- dm crypt: Allow unaligned bio buffer lengths for skcipher devices (Sudhakar Panneerselvam) [Orabug: 32210458] \n- intel_idle: Customize IceLake server support (Chen Yu) [Orabug: 32219015] \n- qla2xxx: Add missing module version banner (John Donnelly) [Orabug: 32244934] \n- scsi: mpt3sas: Update driver version to 36.100.00.00 (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Handle trigger page after firmware update (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Add persistent MPI trigger page (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Add persistent SCSI sense trigger page (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Add persistent Event trigger page (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Add persistent Master trigger page (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Add persistent trigger pages support (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Sync time periodically between driver and firmware (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Bump driver version to 35.101.00.00 (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Add module parameter multipath_on_hba (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Handle vSES vphy object during HBA reset (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Add bypass_dirty_port_flag parameter (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Handling HBA vSES device (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Set valid PhysicalPort in SMPPassThrough (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Update hba_port objects after host reset (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Get sas_device objects using devices rphy (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Rename transport_del_phy_from_an_existing_port() (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Get device objects using sas_address & portID (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Update hba_ports sas_address & phy_mask (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Rearrange _scsih_mark_responding_sas_device() (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Allocate memory for hba_port objects (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Define hba_port structure (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Fix ioctl timeout (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: A small correction in _base_process_reply_queue (Tomas Henzl) [Orabug: 32223781] \n- scsi: mpt3sas: Fix sync irqs (Tomas Henzl) [Orabug: 32223781] \n- scsi: mpt3sas: Detect tampered Aero and Sea adapters (Sreekanth Reddy) [Orabug: 32223781] \n- scsi: mpt3sas: Dont call disable_irq from IRQ poll handler (Tomas Henzl) [Orabug: 32223781] \n- scsi: mpt3sas: Remove pci-dma-compat wrapper API (Suraj Upadhyay) [Orabug: 32223781] \n- scsi: mpt3sas: Remove superfluous memset() (Li Heng) [Orabug: 32223781] \n- scsi: mpt3sas: Update driver version to 35.100.00.00 (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Postprocessing of target and LUN reset (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Add functions to check if any cmd is outstanding on Target and LUN (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Rename and export interrupt mask/unmask functions (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Cancel the running work during host reset (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Dump system registers for debugging (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Memset config_cmds.reply buffer with zeros (Suganath Prabu S) [Orabug: 32223781] \n- scsi: mpt3sas: Fix kdoc comments format (Damien Le Moal) [Orabug: 32223781] \n- scsi: mpt3sas: Fix set but unused variable (Damien Le Moal) [Orabug: 32223781] \n- scsi: mpt3sas: Fix error returns in BRM_status_show (Johannes Thumshirn) [Orabug: 32223781] \n- scsi: mpt3sas: Fix unlock imbalance (Damien Le Moal) [Orabug: 32223781] \n- scsi: mpt3sas: Fix spelling mistake (Flavio Suligoi) [Orabug: 32223781]\n[4.14.35-2047.500.3]\n- hv_netvsc: make recording RSS hash depend on feature flag (Stephen Hemminger) [Orabug: 32173883] \n- hv_netvsc: record hardware hash in skb (Stephen Hemminger) [Orabug: 32173883] \n- ocfs2: initialize ip_next_orphan (Wengang Wang) [Orabug: 32177802] \n- scsi: qla2xxx: Update version to 10.02.00.103-k (Nilesh Javali) [Orabug: 32213922] \n- qla2xxx: back port upstream patch (Quinn Tran) [Orabug: 32213922] \n- scsi: scsi_transport_fc: Add FPIN fc event codes (James Smart) [Orabug: 32213922] \n- scsi: scsi_transport_fc: refactor event posting routines (James Smart) [Orabug: 32213922] \n- Revert 'scsi: qla2xxx: Disable T10-DIF feature with FC-NVMe during probe' (Quinn Tran) [Orabug: 32213922] \n- Revert 'scsi: qla2xxx: Fix crash on qla2x00_mailbox_command' (Saurav Kashyap) [Orabug: 32213922] \n- scsi: qla2xxx: Check if FW supports MQ before enabling (Saurav Kashyap) [Orabug: 32213922] \n- scsi: qla2xxx: Allow ql2xextended_error_logging special value 1 to be set anytime (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Reduce noisy debug message (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Reduce duplicate code in reporting speed (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Indicate correct supported speeds for Mezz card (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Flush I/O on zone disable (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Flush all sessions on zone disable (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: remove incorrect sparse #ifdef (Linus Torvalds) [Orabug: 32213922] \n- scsi: qla2xxx: Return EBUSY on fcport deletion (Daniel Wagner) [Orabug: 32213922] \n- scsi: qla2xxx: Fix return of uninitialized value in rval (Colin Ian King) [Orabug: 32213922] \n- scsi: qla2xxx: Initialize variable in qla8044_poll_reg() (Tom Rix) [Orabug: 32213922] \n- scsi: qla2xxx: Do not consume srb greedily (Daniel Wagner) [Orabug: 32213922] \n- scsi: qla2xxx: Use constant when it is known (Pavel Machek (CIP)) [Orabug: 32213922] \n- scsi: qla2xxx: Fix null pointer access during disconnect from subsystem (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (Ye Bin) [Orabug: 32213922] \n- scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (Ye Bin) [Orabug: 32213922] \n- scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (Ye Bin) [Orabug: 32213922] \n- scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Fix crash on session cleanup with unload (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Fix reset of MPI firmware (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Fix MPI reset needed message (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Fix buffer-buffer credit extraction error (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Fix WARN_ON in qla_nvme_register_hba (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Correct the check for sscanf() return value (Saurav Kashyap) [Orabug: 32213922] \n- scsi: qla2xxx: Update version to 10.02.00.102-k (Nilesh Javali) [Orabug: 32213922] \n- scsi: qla2xxx: Add SLER and PI control support (Saurav Kashyap) [Orabug: 32213922] \n- scsi: qla2xxx: Add IOCB resource tracking (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Add rport fields in debugfs (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Make tgt_port_database available in initiator mode (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Fix I/O errors during LIP reset tests (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Performance tweak (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Fix memory size truncation (Quinn Tran) [Orabug: 32213922] \n- scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Setup debugfs entries for remote ports (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Fix I/O failures during remote port toggle testing (Arun Easi) [Orabug: 32213922] \n- scsi: qla2xxx: Remove unneeded variable 'rval' (Jason Yan) [Orabug: 32213922] \n- scsi: qla2xxx: Handle incorrect entry_type entries (Daniel Wagner) [Orabug: 32213922] \n- scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (Daniel Wagner) [Orabug: 32213922] \n- scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (Daniel Wagner) [Orabug: 32213922] \n- scsi: qla2xxx: Warn if done() or free() are called on an already freed srb (Daniel Wagner) [Orabug: 32213922] \n- scsi: qla2xxx: Fix the return value (Xianting Tian) [Orabug: 32213922] \n- scsi: qla2xxx: Fix wrong return value in qla_nvme_register_hba() (Tianjia Zhang) [Orabug: 32213922] \n- scsi: qla2xxx: Fix wrong return value in qlt_chk_unresolv_exchg() (Tianjia Zhang) [Orabug: 32213922] \n- scsi: qla2xxx: Remove redundant variable initialization (Tianjia Zhang) [Orabug: 32213922] \n- scsi: qla2xxx: Fix the size used in a 'dma_free_coherent()' call (Christophe JAILLET) [Orabug: 32213922] \n- scsi: qla2xxx: Remove pci-dma-compat wrapper API (Suraj Upadhyay) [Orabug: 32213922] \n- scsi: qla2xxx: Remove superfluous memset() (Li Heng) [Orabug: 32213922] \n- scsi: qla2xxx: Fix regression on sparc64 (Rene Rebe) [Orabug: 32213922] \n- scsi: qla2xxx: Use MBX_TOV_SECONDS for mailbox command timeout values (Enzo Matsumiya) [Orabug: 32213922] \n- scsi: qla2xxx: Address a set of sparse warnings (Shyam Sundar) [Orabug: 32213922] \n- scsi: qla2xxx: SAN congestion management implementation (Shyam Sundar) [Orabug: 32213922] \n- scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (Shyam Sundar) [Orabug: 32213922] \n- scsi: qla2xxx: Introduce a function for computing the debug message prefix (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Remove a superfluous cast (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Initialize 'n' before using it (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (Bart Van Assche) [Orabug: 32213922] \n- scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (Bart Van Assche) [Orabug: 32213922] \n- scsi: fc: Update Descriptor definition and add RDF and Link Integrity FPINs (James Smart) [Orabug: 32213922] \n- scsi: fc: add FPIN ELS definition (James Smart) [Orabug: 32213922] \n- staging: rts5208: rename SG_END macro (Arnd Bergmann) [Orabug: 32218536] \n- misc: rtsx: rename SG_END macro (Arnd Bergmann) [Orabug: 32218536] \n- ACPI: NFIT: Add runtime firmware activate support (Dan Williams) [Orabug: 32224144] \n- PM, libnvdimm: Add runtime firmware activation support (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Convert to DEVICE_ATTR_ADMIN_RO() (Dan Williams) [Orabug: 32224144] \n- driver-core: Introduce DEVICE_ATTR_ADMIN_{RO,RW} (Dan Williams) [Orabug: 32224144] \n- tools/testing/nvdimm: Emulate firmware activation commands (Dan Williams) [Orabug: 32224144] \n- tools/testing/nvdimm: Prepare nfit_ctl_test() for ND_CMD_CALL emulation (Dan Williams) [Orabug: 32224144] \n- tools/testing/nvdimm: Add command debug messages (Dan Williams) [Orabug: 32224144] \n- tools/testing/nvdimm: Cleanup dimm index passing (Dan Williams) [Orabug: 32224144] \n- ACPI: NFIT: Define runtime firmware activation commands (Dan Williams) [Orabug: 32224144] \n- ACPI: NFIT: Move bus_dsm_mask out of generic nvdimm_bus_descriptor (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Validate command family indices (Dan Williams) [Orabug: 32224144] \n- PM: hibernate: Incorporate concurrency handling (Domenico Andreoli) [Orabug: 32224144] \n- libnvdimm: Move nvdimm_bus_attribute_group to device_type (Dan Williams) [Orabug: 32224144] \n- libnvdimm/of_pmem: Provide a unique name for bus provider (Aneesh Kumar K.V) [Orabug: 32224144] \n- libnvdimm: Move nvdimm_attribute_group to device_type (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Move nd_mapping_attribute_group to device_type (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Move nd_region_attribute_group to device_type (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Move nd_numa_attribute_group to device_type (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Move nd_device_attribute_group to device_type (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Move region attribute group definition (Dan Williams) [Orabug: 32224144] \n- libnvdimm/region: Rewrite _probe_success() to _advance_seeds() (Dan Williams) [Orabug: 32224144] \n- libnvdimm: Move attribute groups to device type (Dan Williams) [Orabug: 32224144] \n- acpi/nfit: improve bounds checking for 'func' (Dan Carpenter) [Orabug: 32224144] \n- ACPI/nfit: delete the function to_acpi_nfit_desc (Xiaochun Lee) [Orabug: 32224144]\n[4.14.35-2047.500.2]\n- lockdown: make lockdown mode available in securityfs (Alan Maguire) [Orabug: 32176137] \n- uek-rpm: Dont build emb2 kernel for mips (Dave Kleikamp) [Orabug: 32176895] \n- xen/events: block rogue events for some time (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/events: defer eoi in case of excessive number of events (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/events: use a common cpu hotplug hook for event channels (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/events: switch user event channels to lateeoi model (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/pciback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/pvcallsback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/scsiback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/netback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/blkback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/events: add a new 'late EOI' evtchn framework (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/events: fix race in evtchn_fifo_unmask() (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- xen/events: add a proper barrier to 2-level uevent unmasking (Juergen Gross) [Orabug: 32177537] {CVE-2020-27673}\n- page_frag: Recover from memory pressure (Dongli Zhang) [Orabug: 32177989] \n- RDMA/umem: Move to allocate SG table from pages (Maor Gottlieb) [Orabug: 32195765] \n- lib/scatterlist: Add support in dynamic allocation of SG table from pages (Maor Gottlieb) [Orabug: 32195765] \n- lib/scatterlist: Add SG_CHAIN and SG_END macros for LSB encodings (Anshuman Khandual) [Orabug: 32195765] \n- lib/scatterlist: Avoid potential scatterlist entry overflow (Tvrtko Ursulin) [Orabug: 32195765] \n- lib/scatterlist: Fix offset type in sg_alloc_table_from_pages (Tvrtko Ursulin) [Orabug: 32195765] \n- rds: fix out-of-tree build broken by tracepoints (Alan Maguire) [Orabug: 32185345] \n- xen/events: avoid removing an event channel while handling it (Juergen Gross) [Orabug: 32177547]\n[4.14.35-2047.500.1]\n- perf/core: Fix a memory leak in perf_event_parse_addr_filter() (kiyin( )) [Orabug: 32131174] {CVE-2020-25704}\n- perf/core: Fix bad use of igrab() (Song Liu) [Orabug: 32131174] {CVE-2020-25704}\n- IB/mlx4: Add support for REJ due to timeout (Hakon Bugge) [Orabug: 32136897] \n- IB/mlx4: Separate tunnel and wire bufs parameters (Hakon Bugge) [Orabug: 32136897] \n- IB/mlx4: Add support for MRA (Hakon Bugge) [Orabug: 32136897] \n- IB/mlx4: Add and improve logging (Hakon Bugge) [Orabug: 32136897] \n- xen/gntdev: fix up blockable calls to mn_invl_range_start (Michal Hocko) [Orabug: 32139243] \n- uek-rpm: Enable Intel Speed Select Technology interface support (Somasundaram Krishnasamy) [Orabug: 32047440] \n- platform/x86: ISST: Add new PCI device ids (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Increase timeout (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Fix wrong unregister type (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Allow additional core-power mailbox commands (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Allow additional TRL MSRs (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Use dev_get_drvdata (Chuhong Yuan) [Orabug: 32047440] \n- platform/x86: ISST: Restore state on resume (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Add Intel Speed Select PUNIT MSR interface (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Add Intel Speed Select mailbox interface via MSRs (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Add Intel Speed Select mailbox interface via PCI (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Add Intel Speed Select mmio interface (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Add IOCTL to Translate Linux logical CPU to PUNIT CPU number (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Store per CPU information (Srinivas Pandruvada) [Orabug: 32047440] \n- platform/x86: ISST: Add common API to register and handle ioctls (Srinivas Pandruvada) [Orabug: 32047440]\n[4.14.35-2046]\n- lockdown: By default run in integrity mode. (Konrad Rzeszutek Wilk) [Orabug: 32131560] \n- kernel: add panic_on_taint (Rafael Aquini) [Orabug: 32138009] \n- Revert 'pci: hardcode enumeration' (Dave Aldridge) [Orabug: 32152281] \n- hv_utils: drain the timesync packets on onchannelcallback (Vineeth Pillai) [Orabug: 32152143] \n- hv_utils: return error if host timesysnc update is stale (Vineeth Pillai) [Orabug: 32152143] \n- Revert 'iomap: Fix pipe page leakage during splicing' (George Kennedy) [Orabug: 30848187] \n- x86/cpu/intel: enable X86_FEATURE_NT_GOOD on Intel Icelakx (Ankur Arora) [Orabug: 32080078] \n- x86/cpu/amd: enable X86_FEATURE_NT_GOOD on AMD Zen (Ankur Arora) [Orabug: 32080078] \n- x86/cpu/intel: enable X86_FEATURE_NT_GOOD on Intel Broadwellx (Ankur Arora) [Orabug: 32080078] \n- mm, clear_huge_page: use clear_page_uncached() for gigantic pages (Ankur Arora) [Orabug: 32080078] \n- x86/clear_page: add clear_page_uncached() (Ankur Arora) [Orabug: 32080078] \n- x86/asm: add clear_page_nt() (Ankur Arora) [Orabug: 32080078] \n- perf bench: add memset_movnti() (Ankur Arora) [Orabug: 32080078] \n- x86/asm: add memset_movnti() (Ankur Arora) [Orabug: 32080078] \n- x86/cpuid: add X86_FEATURE_NT_GOOD (Ankur Arora) [Orabug: 32080078] \n- Linux 4.14.206 (Greg Kroah-Hartman) \n- powercap: restrict energy meter to root access (Len Brown) \n- Linux 4.14.205 (Greg Kroah-Hartman) [Orabug: 32041544] \n- arm64: dts: marvell: espressobin: add ethernet alias (Tomasz Maciej Nowak) \n- PM: runtime: Resume the device earlier in __device_release_driver() (Rafael J. Wysocki) \n- Revert 'ARC: entry: fix potential EFA clobber when TIF_SYSCALL_TRACE' (Vineet Gupta) \n- ARC: stack unwinding: avoid indefinite looping (Vineet Gupta) \n- usb: mtu3: fix panic in mtu3_gadget_stop() (Macpaul Lin) \n- USB: Add NO_LPM quirk for Kingston flash drive (Alan Stern) \n- USB: serial: option: add Telit FN980 composition 0x1055 (Daniele Palmas) \n- USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 (Daniele Palmas) \n- USB: serial: option: add Quectel EC200T module support (Ziyi Cao) \n- USB: serial: cyberjack: fix write-URB completion race (Johan Hovold) \n- serial: txx9: add missing platform_driver_unregister() on error in serial_txx9_init (Qinglang Miao) \n- serial: 8250_mtk: Fix uart_get_baud_rate warning (Claire Chang) \n- fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent (Eddy Wu) \n- vt: Disable KD_FONT_OP_COPY (Daniel Vetter) \n- ACPI: NFIT: Fix comparison to '-ENXIO' (Zhang Qilong) \n- drm/vc4: drv: Add error handding for bind (Hoegeun Kwon) \n- vsock: use ns_capable_noaudit() on socket create (Jeff Vander Stoep) \n- scsi: core: Dont start concurrent async scan on same host (Ming Lei) \n- blk-cgroup: Pre-allocate tree node on blkg_conf_prep (Gabriel Krisman Bertazi) \n- blk-cgroup: Fix memleak on error path (Gabriel Krisman Bertazi) \n- of: Fix reserved-memory overlap detection (Vincent Whitchurch) \n- x86/kexec: Use up-to-dated screen_info copy to fill boot params (Kairui Song) \n- ARM: dts: sun4i-a10: fix cpu_alert temperature (Clement Peron) \n- futex: Handle transient 'ownerless' rtmutex state correctly (Mike Galbraith) \n- tracing: Fix out of bounds write in get_trace_buf (Qiujun Huang) \n- ftrace: Handle tracing when switching between context (Steven Rostedt (VMware)) \n- ftrace: Fix recursion check for NMI test (Steven Rostedt (VMware)) \n- gfs2: Wake up when sd_glock_disposal becomes zero (Alexander Aring) \n- mm: always have io_remap_pfn_range() set pgprot_decrypted() (Jason Gunthorpe) \n- kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled (Zqiang) \n- lib/crc32test: remove extra local_irq_disable/enable (Vasily Gorbik) \n- ALSA: usb-audio: Add implicit feedback quirk for Qu-16 (Geoffrey D. Bennett) \n- Fonts: Replace discarded const qualifier (Lee Jones) \n- blktrace: fix debugfs use after free (Luis Chamberlain) {CVE-2019-19770}\n- Blktrace: bail out early if block debugfs is not configured (Liu Bo) \n- sfp: Fix error handing in sfp_probe() (YueHaibing) \n- sctp: Fix COMM_LOST/CANT_STR_ASSOC err reporting on big-endian platforms (Petr Malat) \n- net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (Daniele Palmas) \n- gianfar: Account for Tx PTP timestamp in the skb headroom (Claudiu Manoil) \n- gianfar: Replace skb_realloc_headroom with skb_cow_head for PTP (Claudiu Manoil) \n- tipc: fix use-after-free in tipc_bcast_get_mode (Hoang Huu Le) \n- drm/i915: Break up error capture compression loops with cond_resched() (Chris Wilson) \n- Linux 4.14.204 (Greg Kroah-Hartman) \n- staging: comedi: cb_pcidas: Allow 2-channel commands for AO subdevice (Ian Abbott) \n- KVM: arm64: Fix AArch32 handling of DBGD{CCINT,SCRext} and DBGVCR (Marc Zyngier) \n- device property: Dont clear secondary pointer for shared primary firmware node (Andy Shevchenko) \n- device property: Keep secondary firmware node secondary by type (Andy Shevchenko) \n- ARM: s3c24xx: fix missing system reset (Krzysztof Kozlowski) \n- ARM: samsung: fix PM debug build with DEBUG_LL but !MMU (Krzysztof Kozlowski) \n- arm: dts: mt7623: add missing pause for switchport (Frank Wunderlich) \n- hil/parisc: Disable HIL driver when it gets stuck (Helge Deller) \n- cachefiles: Handle readpage error correctly (Matthew Wilcox (Oracle)) \n- arm64: berlin: Select DW_APB_TIMER_OF (Jisheng Zhang) \n- tty: make FONTX ioctl use the tty pointer they were actually passed (Linus Torvalds) \n- rtc: rx8010: dont modify the global rtc ops (Bartosz Golaszewski) \n- drm/ttm: fix eviction valuable range check. (Dave Airlie) \n- ext4: fix invalid inode checksum (Luo Meng) \n- ext4: fix error handling code in add_new_gdb (Dinghao Liu) \n- ext4: fix leaking sysfs kobject after failed mount (Eric Biggers) \n- vringh: fix __vringh_iov() when riov and wiov are different (Stefano Garzarella) \n- ring-buffer: Return 0 on success from ring_buffer_resize() (Qiujun Huang) \n- 9P: Cast to loff_t before multiplying (Matthew Wilcox (Oracle)) \n- libceph: clear con->out_msg on Policy::stateful_server faults (Ilya Dryomov) \n- ceph: promote to unsigned long long before shifting (Matthew Wilcox (Oracle)) \n- drm/amdgpu: dont map BO in reserved region (Madhav Chauhan) \n- ia64: fix build error with !COREDUMP (Krzysztof Kozlowski) \n- ubi: check kthread_should_stop() after the setting of task state (Zhihao Cheng) \n- perf python scripting: Fix printable strings in python3 scripts (Jiri Olsa) \n- ubifs: dent: Fix some potential memory leaks while iterating entries (Zhihao Cheng) \n- NFSD: Add missing NFSv2 .pc_func methods (Chuck Lever) \n- NFSv4.2: support EXCHGID4_FLAG_SUPP_FENCE_OPS 4.2 EXCHANGE_ID flag (Olga Kornievskaia) \n- powerpc/powernv/elog: Fix race while processing OPAL error log event. (Mahesh Salgaonkar) \n- powerpc: Warn about use of smt_snooze_delay (Joel Stanley) \n- powerpc/rtas: Restrict RTAS requests from userspace (Andrew Donnellan) \n- s390/stp: add locking to sysfs functions (Sven Schnelle) \n- iio:gyro:itg3200: Fix timestamp alignment and prevent data leak. (Jonathan Cameron) \n- iio:adc:ti-adc12138 Fix alignment issue with timestamp (Jonathan Cameron) \n- iio:adc:ti-adc0832 Fix alignment issue with timestamp (Jonathan Cameron) \n- iio:light:si1145: Fix timestamp alignment and prevent data leak. (Jonathan Cameron) \n- dmaengine: dma-jz4780: Fix race in jz4780_dma_tx_status (Paul Cercueil) \n- vt: keyboard, extend func_buf_lock to readers (Jiri Slaby) {CVE-2020-25656}\n- vt: keyboard, simplify vt_kdgkbsent (Jiri Slaby) \n- drm/i915: Force VTd workarounds when running as a guest OS (Chris Wilson) \n- usb: host: fsl-mph-dr-of: check return of dma_set_mask() (Ran Wang) \n- usb: cdc-acm: fix cooldown mechanism (Jerome Brunet) \n- usb: dwc3: core: dont trigger runtime pm when remove driver (Li Jun) \n- usb: dwc3: core: add phy cleanup for probe error handling (Li Jun) \n- usb: dwc3: ep0: Fix ZLP for OUT ep0 requests (Thinh Nguyen) \n- btrfs: fix use-after-free on readahead extent after failure to create it (Filipe Manana) \n- btrfs: cleanup cow block on error (Josef Bacik) \n- btrfs: use kvzalloc() to allocate clone_roots in btrfs_ioctl_send() (Denis Efremov) \n- btrfs: send, recompute reference path after orphanization of a directory (Filipe Manana) \n- btrfs: reschedule if necessary when logging directory items (Filipe Manana) \n- scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove() (Helge Deller) \n- w1: mxc_w1: Fix timeout resolution problem leading to bus error (Martin Fuzzey) \n- acpi-cpufreq: Honor _PSD table setting on new AMD CPUs (Wei Huang) \n- ACPI: debug: dont allow debugging when ACPI is disabled (Jamie Iles) \n- ACPI: video: use ACPI backlight for HP 635 Notebook (Alex Hung) \n- ACPI / extlog: Check for RDMSR failure (Ben Hutchings) \n- NFS: fix nfs_path in case of a rename retry (Ashish Sangwan) \n- fs: Dont invalidate page buffers in block_write_full_page() (Jan Kara) \n- leds: bcm6328, bcm6358: use devres LED registering function (Marek Behun) \n- perf/x86/amd/ibs: Fix raw sample data accumulation (Kim Phillips) \n- perf/x86/amd/ibs: Dont include randomized bits in get_ibs_op_count() (Kim Phillips) \n- md/raid5: fix oops during stripe resizing (Song Liu) \n- nvme-rdma: fix crash when connect rejected (Chao Leng) \n- sgl_alloc_order: fix memory leak (Douglas Gilbert) \n- nbd: make the config put is called before the notifying the waiter (Xiubo Li) \n- ARM: dts: s5pv210: remove dedicated 'audio-subsystem' node (Krzysztof Kozlowski) \n- ARM: dts: s5pv210: move PMU node out of clock controller (Krzysztof Kozlowski) \n- ARM: dts: s5pv210: remove DMA controller bus node name to fix dtschema warnings (Krzysztof Kozlowski) \n- memory: emif: Remove bogus debugfs error handling (Dan Carpenter) \n- arm64: dts: renesas: ulcb: add full-pwr-cycle-in-suspend into eMMC nodes (Yoshihiro Shimoda) \n- gfs2: add validation checks for size of superblock (Anant Thazhemadam) \n- ext4: Detect already used quota file early (Jan Kara) \n- drivers: watchdog: rdc321x_wdt: Fix race condition bugs (Madhuparna Bhowmik) \n- net: 9p: initialize sun_server.sun_path to have addrs value only when addr is valid (Anant Thazhemadam) \n- clk: ti: clockdomain: fix static checker warning (Tero Kristo) \n- bnxt_en: Log unknown link speed appropriately. (Michael Chan) \n- md/bitmap: md_bitmap_get_counter returns wrong blocks (Zhao Heming) \n- power: supply: test_power: add missing newlines when printing parameters by sysfs (Xiongfeng Wang) \n- bus/fsl_mc: Do not rely on caller to provide non NULL mc_io (Diana Craciun) \n- drivers/net/wan/hdlc_fr: Correctly handle special skb->protocol values (Xie He) \n- ACPI: Add out of bounds and numa_off protections to pxm_to_node() (Jonathan Cameron) \n- arm64/mm: return cpu_all_mask when node is NUMA_NO_NODE (Zhengyuan Liu) \n- uio: free uio id after uio file node is freed (Lang Dai) \n- USB: adutux: fix debugging (Oliver Neukum) \n- cpufreq: sti-cpufreq: add stih418 support (Alain Volmat) \n- kgdb: Make 'kgdbcon' work properly with 'kgdb_earlycon' (Douglas Anderson) \n- printk: reduce LOG_BUF_SHIFT range for H8300 (John Ogness) \n- drm/bridge/synopsys: dsi: add support for non-continuous HS clock (Antonio Borneo) \n- mmc: via-sdmmc: Fix data race bug (Madhuparna Bhowmik) \n- media: tw5864: check status of tw5864_frameinterval_get (Tom Rix) \n- usb: typec: tcpm: During PR_SWAP, source caps should be sent only after tSwapSourceStart (Badhri Jagan Sridharan) \n- media: platform: Improve queue set up flow for bug fixing (Xia Jiang) \n- media: videodev2.h: RGB BT2020 and HSV are always full range (Hans Verkuil) \n- drm/brige/megachips: Add checking if ge_b850v3_lvds_init() is working correctly (Nadezda Lutovinova) \n- ath10k: fix VHT NSS calculation when STBC is enabled (Sathishkumar Muruganandam) \n- ath10k: start recovery process when payload length exceeds max htc length for sdio (Wen Gong) \n- video: fbdev: pvr2fb: initialize variables (Tom Rix) \n- xfs: fix realtime bitmap/summary file truncation when growing rt volume (Darrick J. Wong) \n- ARM: 8997/2: hw_breakpoint: Handle inexact watchpoint addresses (Douglas Anderson) \n- um: change sigio_spinlock to a mutex (Johannes Berg) \n- f2fs: fix to check segment boundary during SIT page readahead (Chao Yu) \n- f2fs: add trace exit in exception path (Zhang Qilong) \n- sparc64: remove mm_cpumask clearing to fix kthread_use_mm race (Nicholas Piggin) \n- powerpc: select ARCH_WANT_IRQS_OFF_ACTIVATE_MM (Nicholas Piggin) \n- powerpc/powernv/smp: Fix spurious DBG() warning (Oliver O Halloran) \n- futex: Fix incorrect should_fail_futex() handling (Mateusz Nosek) \n- mlxsw: core: Fix use-after-free in mlxsw_emad_trans_finish() (Amit Cohen) \n- x86/unwind/orc: Fix inactive tasks with stack pointer in %sp on GCC 10 compiled kernels (Jiri Slaby) \n- fscrypt: return -EXDEV for incompatible rename or link into encrypted dir (Eric Biggers) \n- ata: sata_rcar: Fix DMA boundary mask (Geert Uytterhoeven) \n- mtd: lpddr: Fix bad logic in print_drs_error (Gustavo A. R. Silva) \n- p54: avoid accessing the data mapped to streaming DMA (Jia-Ju Bai) \n- fuse: fix page dereference after free (Miklos Szeredi) \n- x86/xen: disable Firmware First mode for correctable memory errors (Juergen Gross) \n- arch/x86/amd/ibs: Fix re-arming IBS Fetch (Kim Phillips) \n- tipc: fix memory leak caused by tipc_buf_append() (Tung Nguyen) \n- ravb: Fix bit fields checking in ravb_hwtstamp_get() (Andrew Gabbasov) \n- gtp: fix an use-before-init in gtp_newlink() (Masahiro Fujiwara) \n- efivarfs: Replace invalid slashes with exclamation marks in dentries. (Michael Schaller) \n- arm64: link with -z norelro regardless of CONFIG_RELOCATABLE (Nick Desaulniers) \n- scripts/setlocalversion: make git describe output more reliable (Rasmus Villemoes) \n- Btrfs: fix selftests failure due to uninitialized i_mode in test inodes (Filipe Manana) [Orabug: 31864725] {CVE-2019-19816}\n- btrfs: fix return value mixup in btrfs_get_extent (Pavel Machek) [Orabug: 31864725] {CVE-2019-19816}\n- btrfs: inode: Verify inode mode to avoid NULL pointer dereference (Qu Wenruo) [Orabug: 31864725] {CVE-2019-19816}\n- hv_netvsc: Set probe mode to sync (Haiyang Zhang) [Orabug: 32120118]", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-02-16T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-19770", "CVE-2019-19816", "CVE-2020-14351", "CVE-2020-25656", "CVE-2020-25704", "CVE-2020-27673", "CVE-2020-28374", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-29660", "CVE-2020-36158", "CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932"], "modified": "2021-02-16T00:00:00", "id": "ELSA-2021-9052", "href": "http://linux.oracle.com/errata/ELSA-2021-9052.html", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-07-28T14:24:36", "description": "[5.4.17-2102.200.13]\n- bpf, selftests: Fix up some test_verifier cases for unprivileged (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}\n- bpf: Add sanity check for upper ptr_limit (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}\n- bpf: Simplify alu_limit masking for pointer arithmetic (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}\n- bpf: Fix off-by-one for area size in creating mask to left (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}\n- bpf: Prohibit alu ops for pointer types not defining ptr_limit (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}\n- selftests/bpf: Test access to bpf map pointer (Andrey Ignatov) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}\n- bpf: Fix truncation handling for mod32 dst reg wrt zero (Daniel Borkmann) [Orabug: 32673813] {CVE-2021-3444}\n- bpf: Fix 32 bit src register truncation on div/mod (Daniel Borkmann) [Orabug: 32673813] {CVE-2021-3444}\n[5.4.17-2102.200.12]\n- Revert x86/platform/uv: Update UV MMRs for UV5 (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Add UV5 direct references (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Add and decode Arch Type in UVsystab (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Update MMIOH references based on new UV5 MMRs (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Adjust GAM MMR references affected by UV5 updates (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Update UV5 MMR references in UV GRU (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Update node present counting (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Update UV5 TSC checking (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Update for UV5 NMI MMR changes (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Update Copyrights to conform to HPE standards (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Fix missing OEM_TABLE_ID (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Remove spaces from OEM IDs (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Recognize UV5 hubless system identifier (Jack Vogel) [Orabug: 32651197] \n- Revert x86/tlb/uv: Add a forward declaration for struct flush_tlb_info (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Drop last traces of uv_flush_tlb_others (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Fix copied UV5 output archtype (Jack Vogel) [Orabug: 32651197] \n- Revert x86/platform/uv: Fix UV4 hub revision adjustment (Jack Vogel) [Orabug: 32651197]\n[5.4.17-2102.200.11]\n- mm/vmscan: fix infinite loop in drop_slab_node (Chunxin Zang) [Orabug: 32620155] \n- scsi: iscsi: Verify lengths on passthrough PDUs (Chris Leech) [Orabug: 32603378] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE (Chris Leech) [Orabug: 32603378] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- scsi: iscsi: Report connection state in sysfs (Gabriel Krisman Bertazi) [Orabug: 32603378] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output (Joe Perches) [Orabug: 32603378] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- scsi: iscsi: Restrict sessions and handles to admin capabilities (Lee Duncan) [Orabug: 32603378] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}\n- drm/nouveau: bail out of nouveau_channel_new if channel init fails (Frantisek Hrbata) [Orabug: 32591559] {CVE-2020-25639}\n- mm: support memblock alloc on the exact node for sparse_buffer_init() (Yunfeng Ye) [Orabug: 32613823] \n- mm/sparse.c: do not waste pre allocated memmap space (Michal Hocko) [Orabug: 32613823] \n- mm/sparse: consistently do not zero memmap (Vincent Whitchurch) [Orabug: 32613823]\n[5.4.17-2102.200.10]\n- scsi: target: core: Make completion affinity configurable (Mike Christie) [Orabug: 32403502] \n- target: flush submission work during TMR processing (Mike Christie) [Orabug: 32403502] \n- target iblock: add backend plug/unplug callouts (Mike Christie) [Orabug: 32403502] \n- target: fix backend plugging (Mike Christie) [Orabug: 32403502] \n- target: cleanup cmd flag bits (Mike Christie) [Orabug: 32403502] \n- tcm loop: use lio wq cmd submission helper (Mike Christie) [Orabug: 32403502] \n- tcm loop: use blk cmd allocator for se_cmds (Mike Christie) [Orabug: 32403502] \n- vhost scsi: use lio wq cmd submission helper (Mike Christie) [Orabug: 32403502] \n- target: add workqueue based cmd submission (Mike Christie) [Orabug: 32403502] \n- target: add gfp_t arg to target_cmd_init_cdb (Mike Christie) [Orabug: 32403502] \n- target: remove target_submit_cmd_map_sgls (Mike Christie) [Orabug: 32403502] \n- tcm_fc: Convert to new submission API (Mike Christie) [Orabug: 32403502] \n- xen-scsiback: Convert to new submission API (Mike Christie) [Orabug: 32403502] \n- vhost-scsi: Convert to new submission API (Mike Christie) [Orabug: 32403502] \n- usb gadget: Convert to new submission API (Mike Christie) [Orabug: 32403502] \n- sbp_target: Convert to new submission API (Mike Christie) [Orabug: 32403502] \n- tcm_loop: Convert to new submission API (Mike Christie) [Orabug: 32403502] \n- qla2xxx: Convert to new submission API (Mike Christie) [Orabug: 32403502] \n- ibmvscsi_tgt: Convert to new submission API (Mike Christie) [Orabug: 32403502] \n- srpt: Convert to new submission API (Mike Christie) [Orabug: 32403502] \n- target: break up target_submit_cmd_map_sgls (Mike Christie) [Orabug: 32403502] \n- target: rename transport_init_se_cmd (Mike Christie) [Orabug: 32403502] \n- target: drop kref_get_unless_zero in target_get_sess_cmd (Mike Christie) [Orabug: 32403502] \n- target: move t_task_cdb initialization (Mike Christie) [Orabug: 32403502] \n- scsi: tcm_loop: Allow queues, can_queue and cmd_per_lun to be settable (Mike Christie) [Orabug: 32403502] \n- scsi: target: Make state_list per CPU (Mike Christie) [Orabug: 32403502] \n- scsi: target: Drop sess_cmd_lock from I/O path (Mike Christie) [Orabug: 32403502] \n- scsi: qla2xxx: Move sess cmd list/lock to driver (Mike Christie) [Orabug: 32403502] \n- scsi: target: Remove TARGET_SCF_LOOKUP_LUN_FROM_TAG (Mike Christie) [Orabug: 32403502] \n- scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG (Mike Christie) [Orabug: 32403502] \n- scsi: target: Fix cmd_count ref leak (Mike Christie) [Orabug: 32403502] \n- scsi: target: Fix LUN ref count handling (Mike Christie) [Orabug: 32403502] \n- scsi: target: Fix lun lookup for TARGET_SCF_LOOKUP_LUN_FROM_TAG case (Sudhakar Panneerselvam) [Orabug: 32403502] \n- scsi: target: Rename target_setup_cmd_from_cdb() to target_cmd_parse_cdb() (Sudhakar Panneerselvam) [Orabug: 32403502] \n- scsi: target: Fix NULL pointer dereference (Sudhakar Panneerselvam) [Orabug: 32403502] \n- scsi: target: Initialize LUN in transport_init_se_cmd() (Sudhakar Panneerselvam) [Orabug: 32403502] \n- scsi: target: Factor out a new helper, target_cmd_init_cdb() (Sudhakar Panneerselvam) [Orabug: 32403502] \n- mm: memcontrol: decouple reference counting from page accounting (Johannes Weiner) \n- uek-rpm: add opbmc to nano-kernel (Eric Snowberg) [Orabug: 32555675] \n- rds: rds_drop_egress events should be enabled as part of RDS_RTD_SND (Alan Maguire) [Orabug: 32587016] \n- rds: use dedicated rds_send_lock_contention tracepoint instead of drop (Alan Maguire) [Orabug: 32587016] \n- rds: ensure saddr/daddr for tracepoints is not NULL (Alan Maguire) [Orabug: 32580940] \n- hsr: use netdev_err() instead of WARN_ONCE() (Taehee Yoo) [Orabug: 32576070] \n- PCI: hotplug: Add module parameter to allow user control of LEDs (Thomas Tai) [Orabug: 32556980] \n- net/rds: increase 1MB MR pool size for RDS (Manjunath Patil) \n- block/diskstats: accumulate all per-cpu counters in one pass (Konstantin Khlebnikov) [Orabug: 32531556] \n- arm64/crash_core: fix TCR_EL1.T1SZ in vmcoreinfo (John Donnelly) [Orabug: 32559514] \n- x86/platform/uv: Fix UV4 hub revision adjustment (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Fix copied UV5 output archtype (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Drop last traces of uv_flush_tlb_others (Jiri Slaby) [Orabug: 32527680] \n- x86/tlb/uv: Add a forward declaration for struct flush_tlb_info (Borislav Petkov) [Orabug: 32527680] \n- x86/platform/uv: Recognize UV5 hubless system identifier (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Remove spaces from OEM IDs (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Fix missing OEM_TABLE_ID (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Update Copyrights to conform to HPE standards (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Update for UV5 NMI MMR changes (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Update UV5 TSC checking (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Update node present counting (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Update UV5 MMR references in UV GRU (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Adjust GAM MMR references affected by UV5 updates (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Update MMIOH references based on new UV5 MMRs (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Add and decode Arch Type in UVsystab (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Add UV5 direct references (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Update UV MMRs for UV5 (Mike Travis) [Orabug: 32527680] \n- drivers/misc/sgi-xp: Adjust references in UV kernel modules (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Remove SCIR MMR references for UV systems (Mike Travis) [Orabug: 32527680] \n- x86/platform/uv: Remove UV BAU TLB Shootdown Handler (Mike Travis) [Orabug: 32527680] \n- x86/apic/uv: Avoid unused variable warning (Arnd Bergmann) [Orabug: 32527680] \n- x86/platform/uv: Remove vestigial mention of UV1 platform from bios header (steve.wahl@hpe.com) [Orabug: 32527680] \n- x86/platform/uv: Remove support for UV1 platform from uv (steve.wahl@hpe.com) [Orabug: 32527680] \n- x86/platform/uv: Remove support for uv1 platform from uv_hub (steve.wahl@hpe.com) [Orabug: 32527680] \n- x86/platform/uv: Remove support for UV1 platform from uv_bau (steve.wahl@hpe.com) [Orabug: 32527680] \n- x86/platform/uv: Remove support for UV1 platform from uv_mmrs (steve.wahl@hpe.com) [Orabug: 32527680] \n- x86/platform/uv: Remove support for UV1 platform from x2apic_uv_x (steve.wahl@hpe.com) [Orabug: 32527680] \n- x86/platform/uv: Remove support for UV1 platform from uv_tlb (steve.wahl@hpe.com) [Orabug: 32527680] \n- x86/platform/uv: Remove support for UV1 platform from uv_time (steve.wahl@hpe.com) [Orabug: 32527680] \n- x86/platform/uv: Remove the unused _uv_cpu_blade_processor_id() macro (Christoph Hellwig) [Orabug: 32527680] \n- x86/platform/uv: Unexport uv_apicid_hibits (Christoph Hellwig) [Orabug: 32527680] \n- x86/platform/uv: Remove _uv_hub_info_check() (Christoph Hellwig) [Orabug: 32527680] \n- x86/platform/uv: Simplify uv_send_IPI_one() (Christoph Hellwig) [Orabug: 32527680] \n- x86/platform/uv: Remove the UV*_HUB_IS_SUPPORTED macros (Christoph Hellwig) [Orabug: 32527680] \n- x86/platform/uv: Remove the uv_partition_coherence_id() macro (Christoph Hellwig) [Orabug: 32527680] \n- x86/apic/uv: Remove code for unused distributed GRU mode (Steve Wahl) [Orabug: 32527680] \n- cper,edac,efi: Memory Error Record: bank group/address and chip id (Alex Kluver) [Orabug: 32526741] \n- edac,ghes,cper: Add Row Extension to Memory Error Record (Alex Kluver) [Orabug: 32526741] \n- perf/x86/intel/uncore: With > 8 nodes, get pci bus die id from NUMA info (Steve Wahl) [Orabug: 32526200] \n- perf/x86/intel/uncore: Store the logical die id instead of the physical die id. (Steve Wahl) [Orabug: 32526200] \n- perf/x86/intel/uncore: Generic support for the PCI sub driver (Kan Liang) [Orabug: 32526200] \n- perf/x86/intel/uncore: Factor out uncore_pci_pmu_unregister() (Kan Liang) [Orabug: 32526200] \n- perf/x86/intel/uncore: Factor out uncore_pci_pmu_register() (Kan Liang) [Orabug: 32526200] \n- perf/x86/intel/uncore: Factor out uncore_pci_find_dev_pmu() (Kan Liang) [Orabug: 32526200] \n- perf/x86/intel/uncore: Factor out uncore_pci_get_dev_die_info() (Kan Liang) [Orabug: 32526200]\n[5.4.17-2102.200.9]\n- KVM: arm64: guest context in x18 instead of x29 (Mihai Carabas) [Orabug: 32563746]\n[5.4.17-2102.200.8]\n- config: enable CONFIG_MLX5_MPFS (Brian Maly) [Orabug: 32522477] \n- random: wire /dev/random with a DRBG instance (Saeed Mirzamohammadi) [Orabug: 32522086] \n- crypto: drbg - always try to free Jitter RNG instance (Stephan Muller) [Orabug: 32522086] \n- crypto: drbg - always seeded with SP800-90B compliant noise source (Stephan Muller) [Orabug: 32522086] \n- crypto: jitter - SP800-90B compliance (Stephan Muller) [Orabug: 32522086] \n- crypto: jitter - add header to fix buildwarnings (Ben Dooks) [Orabug: 32522086] \n- crypto: jitter - fix comments (Alexander E. Patrakov) [Orabug: 32522086] \n- Revert RDMA/umem: Move to allocate SG table from pages (John Donnelly) [Orabug: 32481224] \n- Revert lib/scatterlist: Add support in dynamic allocation of SG table from pages (John Donnelly) [Orabug: 32481224] \n- Revert Maintainer: Fix build warning introduced in commit 99b99d76e6732 (John Donnelly) [Orabug: 32481224]\n[5.4.17-2102.200.7]\n- KVM: arm64: pmu: Dont mark a counter as chained if the odd one is disabled (Eric Auger) [Orabug: 32504832] \n- xen-blkback: fix error handling in xen_blkbk_map() (Jan Beulich) [Orabug: 32492108] {CVE-2021-26930}\n- xen-scsiback: dont handle error by BUG() (Jan Beulich) [Orabug: 32492100] {CVE-2021-26931}\n- xen-netback: dont handle error by BUG() (Jan Beulich) [Orabug: 32492100] {CVE-2021-26931}\n- xen-blkback: dont handle error by BUG() (Jan Beulich) [Orabug: 32492100] {CVE-2021-26931}\n- Xen/gntdev: correct error checking in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492092] {CVE-2021-26932}\n- Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492092] {CVE-2021-26932}\n- Xen/x86: also check kernel mapping in set_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492092] {CVE-2021-26932}\n- Xen/x86: dont bail early from clear_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492092] {CVE-2021-26932}\n[5.4.17-2102.200.6]\n- selinux: allow reading labels before policy is loaded (Jonathan Lebon) [Orabug: 32492276] \n- rds: tracepoints incorrectly reporting valid rds ping as drop (Alan Maguire) [Orabug: 32490004] \n- KVM: arm64: Save/restore sp_el0 as part of __guest_enter (Marc Zyngier) [Orabug: 32488537] \n- uek-rpm: config-aarch64: enable MEMORY HOTREMOVE (Mihai Carabas) [Orabug: 32353873] \n- arm64/mm/hotplug: Ensure early memory sections are all online (Anshuman Khandual) [Orabug: 32353873] \n- arm64/mm/hotplug: Enable MEM_OFFLINE event handling (Anshuman Khandual) [Orabug: 32353873] \n- arm64/mm/hotplug: Register boot memory hot remove notifier earlier (Anshuman Khandual) [Orabug: 32353873] \n- arm64/mm: Enable memory hot remove (Anshuman Khandual) [Orabug: 32353873] \n- arm64/mm: Hold memory hotplug lock while walking for kernel page table dump (Anshuman Khandual) [Orabug: 32353873] \n- rds: tracepoint-related KASAN: use-after-free Read in rds_send_xmit (Alan Maguire) [Orabug: 32490030] \n- inet: do not call sublist_rcv on empty list (Florian Westphal) [Orabug: 32422895] \n- net/mlx4_en: Handle TX error CQE (Moshe Shemesh) [Orabug: 32485133] \n- net/mlx4_en: Avoid scheduling restart task if it is already running (Moshe Shemesh) [Orabug: 32485133] \n- vdpa/mlx5: allow Jumbo MTU config other than standard sized MTU (Si-Wei Liu) [Orabug: 32480078] \n- vdpa/mlx5: should exclude header length and fcs from mtu (Si-Wei Liu) [Orabug: 32480078] \n- vdpa/mlx5: Fix memory key MTT population (Eli Cohen) [Orabug: 32480078] \n- vdpa: Use simpler version of ida allocation (Parav Pandit) [Orabug: 32480078] \n- vdpa: Add missing comment for virtqueue count (Parav Pandit) [Orabug: 32480078] \n- vdpa/mlx5: Use write memory barrier after updating CQ index (Eli Cohen) [Orabug: 32480078] \n- vdpa: remove unnecessary default n in Kconfig entries (Stefano Garzarella) [Orabug: 32480078] \n- vhost_vdpa: switch to vmemdup_user() (Tian Tao) [Orabug: 32480078] \n- vhost_vdpa: return -EFAULT if copy_to_user() fails (Dan Carpenter) [Orabug: 32480078] \n- vdpa: mlx5: fix vdpa/vhost dependencies (Randy Dunlap) [Orabug: 32480078] \n- vdpa/mlx5: Setup driver only if VIRTIO_CONFIG_S_DRIVER_OK (Eli Cohen) [Orabug: 32480078] \n- vdpa/mlx5: Fix failure to bring link up (Eli Cohen) [Orabug: 32480078] \n- vdpa/mlx5: Make use of a specific 16 bit endianness API (Eli Cohen) [Orabug: 32480078] \n- vdpasim: fix mac_pton undefined error (Laurent Vivier) [Orabug: 32480078] \n- vdpasim: allow to assign a MAC address (Laurent Vivier) [Orabug: 32480078] \n- vdpasim: fix MAC address configuration (Laurent Vivier) [Orabug: 32480078] \n- vdpa: handle irq bypass register failure case (Zhu Lingshan) [Orabug: 32480078] \n- vdpa_sim: Fix DMA mask (Laurent Vivier) [Orabug: 32480078] \n- vdpa/mlx5: Fix error return in map_direct_mr() (Jing Xiangfeng) [Orabug: 32480078] \n- vhost_vdpa: Return -EFAULT if copy_from_user() fails (Dan Carpenter) [Orabug: 32480078] \n- vdpa_sim: implement get_iova_range() (Jason Wang) [Orabug: 32480078] \n- vhost: vdpa: report iova range (Jason Wang) [Orabug: 32480078] \n- vdpa: introduce config op to get valid iova range (Jason Wang) [Orabug: 32480078] \n- vhost_vdpa: remove unnecessary spin_lock in vhost_vring_call (Zhu Lingshan) [Orabug: 32480078] \n- vhost_vdpa: Fix duplicate included kernel.h (Tian Tao) [Orabug: 32480078] \n- rds: CONFIG_RDS_DEBUG + tracepoints breaks rds build (Alan Maguire) [Orabug: 32442487] \n- tools/power turbostat: Support additional CPU model numbers (Len Brown) [Orabug: 32422450] \n- tools/power turbostat: Support Tiger Lake (Chen Yu) [Orabug: 32422450]\n[5.4.17-2102.200.5]\n- vhost scsi: alloc vhost_scsi with kvzalloc() to avoid delay (Dongli Zhang) [Orabug: 32471659] \n- arm64: Reserve only 256M on RPi for crashkernel=auto (Vijay Kumar) [Orabug: 32454711] \n- nbd: freeze the queue while were adding connections (Josef Bacik) [Orabug: 32447284] {CVE-2021-3348}\n- futex: Handle faults correctly for PI futexes (Thomas Gleixner) [Orabug: 32447185] {CVE-2021-3347}\n- futex: Simplify fixup_pi_state_owner() (Thomas Gleixner) [Orabug: 32447185] {CVE-2021-3347}\n- futex: Use pi_state_update_owner() in put_pi_state() (Thomas Gleixner) [Orabug: 32447185] {CVE-2021-3347}\n- rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (Thomas Gleixner) [Orabug: 32447185] {CVE-2021-3347}\n- futex: Provide and use pi_state_update_owner() (Thomas Gleixner) [Orabug: 32447185] {CVE-2021-3347}\n- futex: Replace pointless printk in fixup_owner() (Thomas Gleixner) [Orabug: 32447185] {CVE-2021-3347}\n- futex: Ensure the correct return value from futex_lock_pi() (Thomas Gleixner) [Orabug: 32447185] {CVE-2021-3347}\n- uek-rpm: Enable Oracle Pilot BMC module (Eric Snowberg) [Orabug: 32422661] \n- hwmon: Add a new Oracle Pilot BMC driver (Eric Snowberg) [Orabug: 32422661] \n- rds: avoid crash on IB conn path shutdown prepare (Alan Maguire) [Orabug: 32466763] \n- mm/memcontrol: Increase threshold for draining per-cpu stocked bytes (Imran Khan) [Orabug: 32314559]\n[5.4.17-2102.200.4]\n- Revert rds: Deregister all FRWR mr with free_mr (aru kolappan) [Orabug: 32426609] \n- thermal: intel_pch_thermal: Add PCI ids for Lewisburg PCH. (Andres Freund) [Orabug: 32424704] \n- thermal: intel: intel_pch_thermal: Add Cannon Lake Low Power PCH support (Sumeet Pawnikar) [Orabug: 32424704] \n- thermal: intel: intel_pch_thermal: Add Comet Lake (CML) platform support (Gayatri Kammela) [Orabug: 32424704] \n- KVM: x86: Expose AVX512_FP16 for supported CPUID (Cathy Zhang) [Orabug: 32424461] \n- x86/kvm: Expose TSX Suspend Load Tracking feature (Cathy Zhang) [Orabug: 32424461] \n- x86: Expose SERIALIZE for supported cpuid (Paolo Bonzini) [Orabug: 32424461] \n- KVM: x86: Expose fast short REP MOV for supported cpuid (Zhenyu Wang) [Orabug: 32424461] \n- KVM: x86: Expose AVX512 VP2INTERSECT in cpuid for TGL (Zhenyu Wang) [Orabug: 32424461] \n- tools: update header files in the tools directory (Thomas Tai) [Orabug: 32424461] \n- x86: Enumerate AVX512 FP16 CPUID feature flag (Kyung Min Park) [Orabug: 32424461] \n- EDAC/i10nm: Add Intel Sapphire Rapids server support (Qiuxu Zhuo) [Orabug: 32424461] \n- EDAC/i10nm: Use readl() to access MMIO registers (Qiuxu Zhuo) [Orabug: 32424461] \n- EDAC: Add DDR5 new memory type (Qiuxu Zhuo) [Orabug: 32424461] \n- EDAC: Add three new memory types (Qiuxu Zhuo) [Orabug: 32424461] \n- x86/cpufeatures: Enumerate ENQCMD and ENQCMDS instructions (Fenghua Yu) [Orabug: 32424461] \n- x86/cpufeatures: Enumerate TSX suspend load address tracking instructions (Kyung Min Park) [Orabug: 32424461] \n- x86/cpufeatures: Add enumeration for SERIALIZE instruction (Ricardo Neri) [Orabug: 32424461] \n- x86/split_lock: Enable the split lock feature on Sapphire Rapids and Alder Lake CPUs (Fenghua Yu) [Orabug: 32424461] \n- x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family (Tony Luck) [Orabug: 32424461] \n- x86/cpufeatures: Add Architectural LBRs feature bit (Kan Liang) [Orabug: 32424461] \n- powercap: intel_rapl: add support for Sapphire Rapids (Zhang Rui) [Orabug: 32424461] \n- x86/cpu: Add Sapphire Rapids CPU model number (Tony Luck) [Orabug: 32424461] \n- EDAC, {skx,i10nm}: Use CPU stepping macro to pass configurations (Qiuxu Zhuo) [Orabug: 32424461] \n- x86/cpu: Add a X86_MATCH_INTEL_FAM6_MODEL_STEPPINGS() macro (Borislav Petkov) [Orabug: 32424461] \n- powercap/intel_rapl: Convert to new X86 CPU match macros (Thomas Gleixner) [Orabug: 32424461] \n- powercap/intel_rapl: add support for TigerLake Mobile (Zhang Rui) [Orabug: 32424461] \n- powercap/intel_rapl: add support for JasperLake (Zhang Rui) [Orabug: 32424461] \n- x86/cpufeatures: Add support for fast short REP; MOVSB (Tony Luck) [Orabug: 32424461] \n- powercap/intel_rapl: add support for Cometlake desktop (Zhang Rui) [Orabug: 32424461] \n- powercap/intel_rapl: add support for CometLake Mobile (Zhang Rui) [Orabug: 32424461] \n- crypto: lib/chacha20poly1305 - define empty module exit function (Jason A. Donenfeld) [Orabug: 32417868] \n- A/A Bonding: Add synchronized bundle failback (Gerd Rausch) [Orabug: 32381881]\n[5.4.17-2102.200.3]\n- x86/msr: Add a pointer to an URL which contains further details (Borislav Petkov) [Orabug: 32402424] \n- x86/msr: Downgrade unrecognized MSR message (Borislav Petkov) [Orabug: 32402424] \n- x86/msr: Do not allow writes to MSR_IA32_ENERGY_PERF_BIAS (Borislav Petkov) [Orabug: 32402424] \n- x86/msr: Filter MSR writes (Borislav Petkov) [Orabug: 32402424] \n- tools/power/x86_energy_perf_policy: Read energy_perf_bias from sysfs (Borislav Petkov) [Orabug: 32402424] \n- tools/power/turbostat: Read energy_perf_bias from sysfs (Borislav Petkov) [Orabug: 32402424] \n- tools/power/cpupower: Read energy_perf_bias from sysfs (Borislav Petkov) [Orabug: 32402424] \n- scsi: qla2xxx: Fix return of uninitialized value in rval (Colin Ian King) [Orabug: 32401797]\n[5.4.17-2102.200.2]\n- A/A Bonding: Fix a one-byte-off kmalloc (Hakon Bugge) [Orabug: 32380823] \n- uek-rpm: Report removed symbols also during kabi check (Somasundaram Krishnasamy) [Orabug: 32380065] \n- netfilter: add and use nf_hook_slow_list() (Florian Westphal) [Orabug: 32372529] {CVE-2021-20177}\n- net/rds: Fix gfp_t parameter (Hans Westgaard Ry) [Orabug: 32372157] \n- uek-rpm: update kABI lists for new symbol (Dan Duval) [Orabug: 32341061] \n- scsi: qla2xxx: Do not consume srb greedily (Daniel Wagner) [Orabug: 32346794] \n- scsi: qla2xxx: Use constant when it is known (Pavel Machek (CIP)) [Orabug: 32346794] \n- scsi: qla2xxx: Fix inconsistent format argument type in qla_dbg.c (Ye Bin) [Orabug: 32346794] \n- scsi: qla2xxx: Fix inconsistent format argument type in qla_os.c (Ye Bin) [Orabug: 32346794] \n- scsi: qla2xxx: Fix inconsistent format argument type in tcm_qla2xxx.c (Ye Bin) [Orabug: 32346794] \n- scsi: qla2xxx: Update version to 10.02.00.103-k (Nilesh Javali) [Orabug: 32346794] \n- scsi: qla2xxx: Fix point-to-point (N2N) device discovery issue (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Fix reset of MPI firmware (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Fix MPI reset needed message (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Fix buffer-buffer credit extraction error (Quinn Tran) [Orabug: 32346794] \n- scsi: qla2xxx: Correct the check for sscanf() return value (Saurav Kashyap) [Orabug: 32346794] \n- scsi: qla2xxx: Update version to 10.02.00.102-k (Nilesh Javali) [Orabug: 32346794] \n- scsi: qla2xxx: Add SLER and PI control support (Saurav Kashyap) [Orabug: 32346794] \n- scsi: qla2xxx: Add IOCB resource tracking (Quinn Tran) [Orabug: 32346794] \n- scsi: qla2xxx: Add rport fields in debugfs (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Make tgt_port_database available in initiator mode (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Fix I/O errors during LIP reset tests (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Performance tweak (Quinn Tran) [Orabug: 32346794] \n- scsi: qla2xxx: Fix memory size truncation (Quinn Tran) [Orabug: 32346794] \n- scsi: qla2xxx: Reduce duplicate code in reporting speed (Quinn Tran) [Orabug: 32346794] \n- scsi: qla2xxx: Honor status qualifier in FCP_RSP per spec (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Allow dev_loss_tmo setting for FC-NVMe devices (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Setup debugfs entries for remote ports (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Fix I/O failures during remote port toggle testing (Arun Easi) [Orabug: 32346794] \n- scsi: qla2xxx: Remove unneeded variable rval (Jason Yan) [Orabug: 32346794] \n- scsi: qla2xxx: Handle incorrect entry_type entries (Daniel Wagner) [Orabug: 32346794] \n- scsi: qla2xxx: Log calling function name in qla2x00_get_sp_from_handle() (Daniel Wagner) [Orabug: 32346794] \n- scsi: qla2xxx: Simplify return value logic in qla2x00_get_sp_from_handle() (Daniel Wagner) [Orabug: 32346794] \n- scsi: qla2xxx: Fix the return value (Xianting Tian) [Orabug: 32346794] \n- scsi: qla2xxx: Fix the size used in a dma_free_coherent() call (Christophe JAILLET) [Orabug: 32346794] \n- scsi: qla2xxx: Remove pci-dma-compat wrapper API (Suraj Upadhyay) [Orabug: 32346794] \n- scsi: qla2xxx: Remove superfluous memset() (Li Heng) [Orabug: 32346794] \n- scsi: qla2xxx: Fix regression on sparc64 (Rene Rebe) [Orabug: 32346794] \n- scsi: qla2xxx: Address a set of sparse warnings (Shyam Sundar) [Orabug: 32346794] \n- scsi: qla2xxx: SAN congestion management implementation (Shyam Sundar) [Orabug: 32346794] \n- scsi: qla2xxx: Change in PUREX to handle FPIN ELS requests (Shyam Sundar) [Orabug: 32346794] \n- scsi: qla2xxx: Introduce a function for computing the debug message prefix (Bart Van Assche) [Orabug: 32346794] \n- scsi: qla2xxx: Make qla2x00_restart_isp() easier to read (Bart Van Assche) [Orabug: 32346794] \n- scsi: qla2xxx: Fix a Coverity complaint in qla2100_fw_dump() (Bart Van Assche) [Orabug: 32346794] \n- scsi: qla2xxx: Make __qla2x00_alloc_iocbs() initialize 32 bits of request_t.handle (Bart Van Assche) [Orabug: 32346794] \n- scsi: qla2xxx: Remove a superfluous cast (Bart Van Assche) [Orabug: 32346794] \n- scsi: qla2xxx: Initialize n before using it (Bart Van Assche) [Orabug: 32346794] \n- scsi: qla2xxx: Make qla82xx_flash_wait_write_finish() easier to read (Bart Van Assche) [Orabug: 32346794] \n- scsi: qla2xxx: Remove the __packed annotation from struct fcp_hdr and fcp_hdr_le (Bart Van Assche) [Orabug: 32346794] \n- scsi: qla2xxx: Check the size of struct fcp_hdr at compile time (Bart Van Assche) [Orabug: 32346794] \n- target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 32374281] {CVE-2020-28374}\n- A/A Bonding: Introduce selective interface name inclusion (Hakon Bugge) [Orabug: 32350973] \n- uek-rpm: add nfs_ssc to nano_modules (Calum Mackay) [Orabug: 32351789]\n[5.4.17-2102.200.1]\n- x86/process: Mark cpu inactive before offlining (Mridula Shastry) [Orabug: 32361529] \n- selftests/net: remove rds.h from rds_echo.c (John Donnelly) [Orabug: 32351408] \n- mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349202] {CVE-2020-36158}\n- add license checking to kABI checker (Dan Duval) [Orabug: 32355205]\n[5.4.17-2102.200.0]\n- lockd: dont use interval-based rebinding over TCP (Calum Mackay) [Orabug: 32337714] \n- tools: update header files in the tools directory (Thomas Tai) [Orabug: 32316504] \n- perf: Fix a kABI breakage in perf_event.h (Thomas Tai) [Orabug: 32316504] \n- perf/x86: Fix n_metric for cancelled txn (Peter Zijlstra) [Orabug: 32316504] \n- perf/x86: Fix n_pair for cancelled txn (Peter Zijlstra) [Orabug: 32316504] \n- perf/x86/intel: Check perf metrics feature for each CPU (Kan Liang) [Orabug: 32316504] \n- perf/x86/intel: Support per-thread RDPMC TopDown metrics (Kan Liang) [Orabug: 32316504] \n- perf/x86/intel: Support TopDown metrics on Ice Lake (Kan Liang) [Orabug: 32316504] \n- perf/x86: Use event_base_rdpmc for the RDPMC userspace support (Kan Liang) [Orabug: 32316504] \n- perf/x86: Add a macro for RDPMC offset of fixed counters (Kan Liang) [Orabug: 32316504] \n- perf/x86/intel: Generic support for hardware TopDown metrics (Kan Liang) [Orabug: 32316504] \n- perf/core: Add a new PERF_EV_CAP_SIBLING event capability (Kan Liang) [Orabug: 32316504] \n- perf/core: Unify {pinned,flexible}_sched_in() (Peter Zijlstra) [Orabug: 32316504] \n- perf/x86/intel: Use switch in intel_pmu_disable/enable_event (Kan Liang) [Orabug: 32316504] \n- perf/x86: Keep LBR records unchanged in host context for guest usage (Like Xu) [Orabug: 32316504] \n- perf/x86/intel: Fix the name of perf METRICS (Kan Liang) [Orabug: 32316504] \n- perf/x86/intel: Move BTS index to 47 (Kan Liang) [Orabug: 32316504] \n- perf/x86/intel: Introduce the fourth fixed counter (Kan Liang) [Orabug: 32316504] \n- perf/x86/intel: Name the global status bit in NMI handler (Kan Liang) [Orabug: 32316504] \n- perf/x86: Add constraint to create guest LBR event without hw counter (Like Xu) [Orabug: 32316504] \n- perf/x86/lbr: Add interface to get LBR information (Like Xu) [Orabug: 32316504] \n- perf/x86/core: Refactor hw->idx checks and cleanup (Like Xu) [Orabug: 32316504] \n- perf/x86/intel: Avoid unnecessary PEBS_ENABLE MSR access in PMI (Kan Liang) [Orabug: 32316504] \n- perf/x86: Provide stubs of KVM helpers for non-Intel CPUs (Sean Christopherson) [Orabug: 32316504] \n- partitions/efi: Enable no warning option for the GPT warnings related to alternative header (Saeed Mirzamohammadi) [Orabug: 32302135] \n- xen-blkback: set ring->xenblkd to NULL after kthread_stop() (Pawel Wieczorkiewicz) [Orabug: 32260251] {CVE-2020-29569}\n- Revert cpu/hotplug: avoid race between cpuset_hotplug_workfn and later hotplug (Daniel Jordan) [Orabug: 32295228] \n- cpuset: fix race between hotplug work and later CPU offline (Daniel Jordan) [Orabug: 32295228] \n- uek-rpm: aarch64: update PMU configs for Altra (Dave Kleikamp) [Orabug: 32290042] \n- driver/perf: Add PMU driver for the ARM DMC-620 memory controller (Tuan Phan) [Orabug: 32290042] \n- perf: arm-cmn: Fix conversion specifiers for node type (Will Deacon) [Orabug: 32290042] \n- perf: arm-cmn: Fix unsigned comparison to less than zero (Will Deacon) [Orabug: 32290042] \n- perf: Add Arm CMN-600 PMU driver (Robin Murphy) [Orabug: 32290042] \n- perf: Add Arm CMN-600 DT binding (Robin Murphy) [Orabug: 32290042] \n- perf: arm_dsu: Support DSU ACPI devices (Tuan Phan) [Orabug: 32290042] \n- ACPI: APEI: Kick the memory_failure() queue for synchronous errors (James Morse) [Orabug: 32290042] \n- iommu/arm-smmu-v3: Dont reserve implementation defined register space (Jean-Philippe Brucker) [Orabug: 32290042] \n- Revert BACKPORT: perf: Add Arm CMN-600 DT binding (Dave Kleikamp) [Orabug: 32290042] \n- Revert BACKPORT: WIP: perf: Add Arm CMN-600 PMU driver (Dave Kleikamp) [Orabug: 32290042] \n- Revert BACKPORT: WIP: perf/arm-cmn: Add ACPI support (Dave Kleikamp) [Orabug: 32290042] \n- Revert perf: Add ARM DMC-620 PMU driver. (Dave Kleikamp) [Orabug: 32290042] \n- Revert BACKPORT: ACPI / APEI: Kick the memory_failure() queue for synchronous errors (Dave Kleikamp) [Orabug: 32290042] \n- Revert Perf: arm-cmn: Allow irq to be shared. (Dave Kleikamp) [Orabug: 32290042] \n- Revert perf: arm_cmn: improve and make it work on 2P. (Dave Kleikamp) [Orabug: 32290042] \n- Revert perf: arm_dsu: Allow IRQ to be shared among devices. (Dave Kleikamp) [Orabug: 32290042] \n- Revert perf: arm_dsu: Support ACPI mode. (Dave Kleikamp) [Orabug: 32290042] \n- Revert perf: arm_dmc620: Update ACPI ID. (Dave Kleikamp) [Orabug: 32290042] \n- Revert perf: avoid breaking KABI by reusing enum (Dave Kleikamp) [Orabug: 32290042] \n- Revert perf/smmuv3: Allow sharing MMIO registers with the SMMU driver (Dave Kleikamp) [Orabug: 32290042] \n- xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park) [Orabug: 32253408] {CVE-2020-29568}\n- xen/xenbus: Count pending messages for each watch (SeongJae Park) [Orabug: 32253408] {CVE-2020-29568}\n- xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae Park) [Orabug: 32253408] {CVE-2020-29568}\n- xen/xenbus: Add will_handle callback support in xenbus_watch_path() (SeongJae Park) [Orabug: 32253408] {CVE-2020-29568}\n- xen/xenbus: Allow watches discard events before queueing (SeongJae Park) [Orabug: 32253408] {CVE-2020-29568}\n[5.4.17-2051]\n- futex: Fix inode life-time issue (Peter Zijlstra) [Orabug: 32233513] {CVE-2020-14381}\n- uek-rpm: Add nvme-tcp and nvme-rdma to ol7 and ol8 nano kernels (Alan Adamson) [Orabug: 32230382] \n- intel_idle: Customize IceLake server support (Chen Yu) [Orabug: 32218857] \n- dm crypt: Allow unaligned bio buffer lengths for skcipher devices (Sudhakar Panneerselvam) [Orabug: 32210420] \n- uek-rpm: enable VDPA subsystem and drivers (Si-Wei Liu) [Orabug: 32121107] \n- vdpa/mlx5: Fix dependency on MLX5_CORE (Eli Cohen) [Orabug: 32121107] \n- vdpa/mlx5: should keep avail_index despite device status (Si-Wei Liu) [Orabug: 32121107] \n- vdpa/mlx5: Avoid warnings about shifts on 32-bit platforms (Nathan Chancellor) [Orabug: 32121107] \n- vdpa/mlx5: fix up endian-ness for mtu (Michael S. Tsirkin) [Orabug: 32121107] \n- vdpa/mlx5: Fix pointer math in mlx5_vdpa_get_config() (Dan Carpenter) [Orabug: 32121107] \n- vdpa/mlx5: fix memory allocation failure checks (Colin Ian King) [Orabug: 32121107] \n- vdpa/mlx5: Fix uninitialised variable in core/mr.c (Alex Dewar) [Orabug: 32121107] \n- vdpa/mlx5: Add VDPA driver for supported mlx5 devices (Eli Cohen) [Orabug: 32121107] \n- vdpa/mlx5: Add shared memory registration code (Eli Cohen) [Orabug: 32121107] \n- vdpa/mlx5: Add support library for mlx5 VDPA implementation (Eli Cohen) [Orabug: 32121107] \n- vdpa/mlx5: Add hardware descriptive header file (Eli Cohen) [Orabug: 32121107] \n- net/mlx5: Add interface changes required for VDPA (Eli Cohen) [Orabug: 32121107] \n- net/mlx5: Expose vDPA emulation device capabilities (Yishai Hadas) [Orabug: 32121107] \n- net/mlx5: Add Virtio Emulation related device capabilities (Yishai Hadas) [Orabug: 32121107] \n- net/mlx5: Add VDPA interface type to supported enumerations (Eli Cohen) [Orabug: 32121107] \n- net/mlx5: Support setting access rights of dma addresses (Eli Cohen) [Orabug: 32121107] \n- net/mlx5: Provide simplified command interfaces (Leon Romanovsky) [Orabug: 32121107] \n- vhost-vdpa: fix page pinning leakage in error path (rework) (Si-Wei Liu) [Orabug: 32121107] \n- vhost-vdpa: fix vhost_vdpa_map() on error condition (Si-Wei Liu) [Orabug: 32121107] \n- vhost: Dont call log_access_ok() when using IOTLB (Greg Kurz) [Orabug: 32121107] \n- vhost vdpa: fix vhost_vdpa_open error handling (Mike Christie) [Orabug: 32121107] \n- vhost-vdpa: fix backend feature ioctls (Jason Wang) [Orabug: 32121107] \n- vhost: Fix documentation (Eli Cohen) [Orabug: 32121107] \n- vhost-iotlb: fix vhost_iotlb_itree_next() documentation (Stefano Garzarella) [Orabug: 32121107] \n- vdpa: Fix pointer math bug in vdpasim_get_config() (Dan Carpenter) [Orabug: 32121107] \n- vdpa_sim: init iommu lock (Michael S. Tsirkin) [Orabug: 32121107] \n- vdpa: Modify get_vq_state() to return error code (Eli Cohen) [Orabug: 32121107] \n- net/vdpa: Use struct for set/get vq state (Eli Cohen) [Orabug: 32121107] \n- vdpa: remove hard coded virtq num (Max Gurtovoy) [Orabug: 32121107] \n- vdpasim: support batch updating (Jason Wang) [Orabug: 32121107] \n- vhost-vdpa: support IOTLB batching hints (Jason Wang) [Orabug: 32121107] \n- vhost-vdpa: support get/set backend features (Jason Wang) [Orabug: 32121107] \n- vhost: generialize backend features setting/getting (Jason Wang) [Orabug: 32121107] \n- vhost-vdpa: refine ioctl pre-processing (Jason Wang) [Orabug: 32121107] \n- vDPA: dont change vq irq after DRIVER_OK (Zhu Lingshan) [Orabug: 32121107] \n- irqbypass: do not start cons/prod when failed connect (Zhu Lingshan) [Orabug: 32121107] \n- vhost_vdpa: implement IRQ offloading in vhost_vdpa (Zhu Lingshan) [Orabug: 32121107] \n- vDPA: add get_vq_irq() in vdpa_config_ops (Zhu Lingshan) [Orabug: 32121107] \n- kvm: detect assigned device via irqbypass manager (Zhu Lingshan) [Orabug: 32121107] \n- vhost: introduce vhost_vring_call (Zhu Lingshan) [Orabug: 32121107] \n- vdpasim: protect concurrent access to iommu iotlb (Max Gurtovoy) [Orabug: 32121107] \n- vhost: vdpa: remove per device feature whitelist (Jason Wang) [Orabug: 32121107] \n- virtio_net: use LE accessors for speed/duplex (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio-iommu: convert to LE accessors (Michael S. Tsirkin) [Orabug: 32121107] \n- drm/virtio: convert to LE accessors (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_pmem: convert to LE accessors (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_crypto: convert to LE accessors (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_fs: convert to LE accessors (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_input: convert to LE accessors (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_balloon: use LE config space accesses (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_config: rewrite LE accessors without _Generic (Si-Wei Liu) [Orabug: 32121107] \n- virtio_config: fix up warnings on parisc (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_config: add virtio_cread_le_feature (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_caif: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_config: LE config space accessors (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_config: cread/write cleanup (Michael S. Tsirkin) [Orabug: 32121107] \n- vdpa_sim: fix endian-ness of config space (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_vdpa: legacy features handling (Michael S. Tsirkin) [Orabug: 32121107] \n- vhost/vdpa: switch to new helpers (Michael S. Tsirkin) [Orabug: 32121107] \n- vdpa: make sure set_features is invoked for legacy (Michael S. Tsirkin) [Orabug: 32121107] \n- mlxbf-tmfifo: sparse tags for config access (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_scsi: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_pmem: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_net: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_input: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_gpu: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_fs: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_crypto: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_console: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_blk: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_balloon: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_9p: correct tags for config space fields (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio: allow __virtioXX, __leXX in config space (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio_ring: sparse warning fixup (Michael S. Tsirkin) [Orabug: 32121107] \n- virtio: VIRTIO_F_IOMMU_PLATFORM -> VIRTIO_F_ACCESS_PLATFORM (Michael S. Tsirkin) [Orabug: 32121107] \n- vhost_vdpa: Fix potential underflow in vhost_vdpa_mmap() (Dan Carpenter) [Orabug: 32121107] \n- vdpa: fix typos in the comments for __vdpa_alloc_device() (Jason Wang) [Orabug: 32121107] \n- vhost_vdpa: Support config interrupt in vdpa (Zhu Lingshan) [Orabug: 32121107] \n- vdpasim: Fix some coccinelle warnings (Samuel Zou) [Orabug: 32121107] \n- vhost_vdpa: disable doorbell mapping for !MMU (Michael S. Tsirkin) [Orabug: 32121107] \n- vhost_vdpa: support doorbell mapping via mmap (Jason Wang) [Orabug: 32121107] \n- vdpa: introduce get_vq_notification method (Jason Wang) [Orabug: 32121107] \n- vdpasim: remove unused variable ret (YueHaibing) [Orabug: 32121107] \n- vdpa: fix comment of vdpa_register_device() (Jason Wang) [Orabug: 32121107] \n- vdpa: make vhost, virtio depend on menu (Michael S. Tsirkin) [Orabug: 32121107] \n- vdpa: allow a 32 bit vq alignment (Michael S. Tsirkin) [Orabug: 32121107] \n- vdpasim: Return status in vdpasim_get_status (YueHaibing) [Orabug: 32121107] \n- vhost: remove set but not used variable status (Jason Yan) [Orabug: 32121107] \n- vhost: vdpa: remove unnecessary null check (Gustavo A. R. Silva) [Orabug: 32121107] \n- vdpa-sim: depend on HAS_DMA (Michael S. Tsirkin) [Orabug: 32121107] \n- vdpa: move to drivers/vdpa (Michael S. Tsirkin) [Orabug: 32121107] \n- vdpasim: vDPA device simulator (Jason Wang) [Orabug: 32121107] \n- vhost: introduce vDPA-based backend (Tiwei Bie) [Orabug: 32121107] \n- virtio: introduce a vDPA based transport (Jason Wang) [Orabug: 32121107] \n- vDPA: introduce vDPA bus (Jason Wang) [Orabug: 32121107] \n- scsi: mpt3sas: Update driver version to 36.100.00.00 (Suganath Prabu S) [Orabug: 32242278] \n- scsi: mpt3sas: Handle trigger page after firmware update (Suganath Prabu S) [Orabug: 32242278] \n- scsi: mpt3sas: Add persistent MPI trigger page (Suganath Prabu S) [Orabug: 32242278] \n- scsi: mpt3sas: Add persistent SCSI sense trigger page (Suganath Prabu S) [Orabug: 32242278] \n- scsi: mpt3sas: Add persistent Event trigger page (Suganath Prabu S) [Orabug: 32242278] \n- scsi: mpt3sas: Add persistent Master trigger page (Suganath Prabu S) [Orabug: 32242278] \n- scsi: mpt3sas: Add persistent trigger pages support (Suganath Prabu S) [Orabug: 32242278] \n- scsi: mpt3sas: Sync time periodically between driver and firmware (Suganath Prabu S) [Orabug: 32242278] \n- scsi: mpt3sas: Bump driver version to 35.101.00.00 (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Add module parameter multipath_on_hba (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Handle vSES vphy object during HBA reset (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Add bypass_dirty_port_flag parameter (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Handling HBA vSES device (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Set valid PhysicalPort in SMPPassThrough (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Update hba_port objects after host reset (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Get sas_device objects using devices rphy (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Rename transport_del_phy_from_an_existing_port() (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Get device objects using sas_address & portID (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Update hba_ports sas_address & phy_mask (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Rearrange _scsih_mark_responding_sas_device() (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Allocate memory for hba_port objects (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Define hba_port structure (Sreekanth Reddy) [Orabug: 32242278] \n- scsi: mpt3sas: Fix ioctl timeout (Suganath Prabu S) [Orabug: 32242278] \n- kabi: fix issues with slab memory allocator. (Libo Chen) [Orabug: 32119767] \n- mm: memcg/slab: uncharge during kmem_cache_free_bulk() (Bharata B Rao) [Orabug: 32119767] \n- mm: memcg/slab: fix racy access to page->mem_cgroup in mem_cgroup_from_obj() (Roman Gushchin) [Orabug: 32119767] \n- mm: slab: fix potential double free in ___cache_free (Shakeel Butt) [Orabug: 32119767] \n- mm: memcontrol: restore proper dirty throttling when memory.high changes (Johannes Weiner) [Orabug: 32119767] \n- mm: memcontrol: avoid workload stalls when lowering memory.high (Roman Gushchin) [Orabug: 32119767] \n- mm: kmem: switch to static_branch_likely() in memcg_kmem_enabled() (Roman Gushchin) [Orabug: 32119767] \n- mm: slab: rename (un)charge_slab_page() to (un)account_slab_page() (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: remove unused argument by charge_slab_page() (Roman Gushchin) [Orabug: 32119767] \n- tools/cgroup: add memcg_slabinfo.py tool (Roman Gushchin) [Orabug: 32119767] \n- kselftests: cgroup: add kernel memory accounting tests (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: use a single set of kmem_caches for all allocations (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: remove redundant check in memcg_accumulate_slabinfo() (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: deprecate slab_root_caches (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: remove memcg_kmem_get_cache() (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: simplify memcg cache creation (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: use a single set of kmem_caches for all accounted allocations (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: move memcg_kmem_bypass() to memcontrol.h (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: deprecate memory.kmem.slabinfo (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: charge individual slab objects instead of pages (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: save obj_cgroup for non-root slab objects (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: allocate obj_cgroups for non-root slab pages (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: obj_cgroup API (Roman Gushchin) [Orabug: 32119767] \n- mm: slub: implement SLUB version of obj_to_index() (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg: convert vmstat slab counters to bytes (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg: prepare for byte-sized vmstat items (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg: factor out memcg- and lruvec-level changes out of __mod_lruvec_state() (Roman Gushchin) [Orabug: 32119767] \n- mm: kmem: make memcg_kmem_enabled() irreversible (Roman Gushchin) [Orabug: 32119767] \n- mm, slab/slub: improve error reporting and overhead of cache_from_obj() (Vlastimil Babka) [Orabug: 32119767] \n- mm, slub: introduce kmem_cache_debug_flags() (Vlastimil Babka) [Orabug: 32119767] \n- mm, slab: fix sign conversion problem in memcg_uncharge_slab() (Waiman Long) [Orabug: 32119767] \n- memcg: fix memcg_kmem_bypass() for remote memcg charging (Zefan Li) [Orabug: 32119767] \n- slub: Remove userspace notifier for cache add/remove (Christoph Lameter) [Orabug: 32119767] \n- mm: kmem: rename (__)memcg_kmem_(un)charge_memcg() to __memcg_kmem_(un)charge() (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: cache page number in memcg_(un)charge_slab() (Roman Gushchin) [Orabug: 32119767] \n- mm: kmem: switch to nr_pages in (__)memcg_kmem_charge_memcg() (Roman Gushchin) [Orabug: 32119767] \n- mm: kmem: rename memcg_kmem_(un)charge() into memcg_kmem_(un)charge_page() (Roman Gushchin) [Orabug: 32119767] \n- mm: kmem: cleanup memcg_kmem_uncharge_memcg() arguments (Roman Gushchin) [Orabug: 32119767] \n- mm: kmem: cleanup (__)memcg_kmem_charge_memcg() arguments (Roman Gushchin) [Orabug: 32119767] \n- mm: memcg/slab: use mem_cgroup_from_obj() (Roman Gushchin) [Orabug: 32119767] \n- mm/slub.c: avoid slub allocation while holding list_lock (Yu Zhao) [Orabug: 32119767] \n- mm: clean up and clarify lruvec lookup procedure (Johannes Weiner) [Orabug: 32119767] \n- mm: memcontrol: try harder to set a new memory.high (Johannes Weiner) [Orabug: 32119767] \n- mm/slub.c: clean up validate_slab() (Yu Zhao) [Orabug: 32119767] \n- Linux 5.4.83 (Greg Kroah-Hartman) \n- Revert geneve: pull IP header before ECN decapsulation (Jakub Kicinski) \n- x86/insn-eval: Use new for_each_insn_prefix() macro to loop over prefixes bytes (Masami Hiramatsu) \n- netfilter: nftables_offload: set address type in control dissector (Pablo Neira Ayuso) \n- netfilter: nf_tables: avoid false-postive lockdep splat (Florian Westphal) \n- Input: i8042 - fix error return code in i8042_setup_aux() (Luo Meng) \n- dm writecache: remove BUG() and fail gracefully instead (Mike Snitzer) \n- i2c: qup: Fix error return code in qup_i2c_bam_schedule_desc() (Zhihao Cheng) \n- rtw88: debug: Fix uninitialized memory in debugfs code (Dan Carpenter) \n- ASoC: wm_adsp: fix error return code in wm_adsp_load() (Luo Meng) \n- tipc: fix a deadlock when flushing scheduled work (Hoang Huu Le) \n- netfilter: ipset: prevent uninit-value in hash_ip6_add (Eric Dumazet) \n- gfs2: check for empty rgrp tree in gfs2_ri_update (Bob Peterson) \n- can: af_can: can_rx_unregister(): remove WARN() statement from list operation sanity check (Oliver Hartkopp) \n- lib/syscall: fix syscall registers retrieval on 32-bit platforms (Willy Tarreau) {CVE-2020-28588}\n- tracing: Fix userstacktrace option for instances (Steven Rostedt (VMware)) \n- iommu/amd: Set DTE[IntTabLen] to represent 512 IRTEs (Suravee Suthikulpanit) \n- spi: bcm2835: Release the DMA channel if probe fails after dma_init (Peter Ujfalusi) \n- i2c: imx: Check for I2SR_IAL after every byte (Christian Eggers) \n- i2c: imx: Fix reset of I2SR_IAL flag (Christian Eggers) \n- speakup: Reject setting the speakup line discipline outside of speakup (Samuel Thibault) \n- mm/swapfile: do not sleep with a spin lock held (Qian Cai) \n- mm: list_lru: set shrinker map bit when child nr_items is not zero (Yang Shi) \n- coredump: fix core_pattern parse error (Menglong Dong) \n- x86/uprobes: Do not use prefixes.nbytes when looping over prefixes.bytes (Masami Hiramatsu) \n- dm: remove invalid sparse __acquires and __releases annotations (Mike Snitzer) \n- dm: fix bug with RCU locking in dm_blk_report_zones (Sergei Shtepa) \n- powerpc/pseries: Pass MSI affinity to irq_create_mapping() (Laurent Vivier) \n- genirq/irqdomain: Add an irq_create_mapping_affinity() function (Laurent Vivier) \n- powerpc/64s/powernv: Fix memory corruption when saving SLB entries on MCE (Nicholas Piggin) \n- dm writecache: fix the maximum number of arguments (Mikulas Patocka) \n- scsi: mpt3sas: Fix ioctl timeout (Suganath Prabu S) \n- drm/i915/gt: Program mocs:63 for cache eviction on gen9 (Chris Wilson) \n- thunderbolt: Fix use-after-free in remove_unplugged_switch() (Mika Westerberg) \n- i2c: imx: Dont generate STOP condition if arbitration has been lost (Christian Eggers) \n- cifs: fix potential use-after-free in cifs_echo_request() (Paulo Alcantara) \n- cifs: allow syscalls to be restarted in __smb_send_rqst() (Paulo Alcantara) \n- ftrace: Fix updating FTRACE_FL_TRAMP (Naveen N. Rao) \n- ALSA: hda/generic: Add option to enforce preferred_dacs pairs (Takashi Iwai) \n- ALSA: hda/realtek - Add new codec supported for ALC897 (Kailang Yang) \n- ALSA: hda/realtek: Enable headset of ASUS UX482EG & B9400CEA with ALC294 (Jian-Hong Pan) \n- ALSA: hda/realtek: Add mute LED quirk to yet another HP x360 model (Takashi Iwai) \n- ALSA: hda/realtek: Fix bass speaker DAC assignment on Asus Zephyrus G14 (Takashi Iwai) \n- tty: Fix ->session locking (Jann Horn) \n- tty: Fix ->pgrp locking in tiocspgrp() (Jann Horn) \n- USB: serial: option: fix Quectel BG96 matching (Bjorn Mork) \n- USB: serial: option: add support for Thales Cinterion EXS82 (Giacinto Cifelli) \n- USB: serial: option: add Fibocom NL668 variants (Vincent Palatin) \n- USB: serial: ch341: sort device-id entries (Johan Hovold) \n- USB: serial: ch341: add new Product ID for CH341A (Jan-Niklas Burfeind) \n- USB: serial: kl5kusb105: fix memleak on open (Johan Hovold) \n- usb: gadget: f_fs: Use local copy of descriptors for userspace copy (Vamsi Krishna Samavedam) \n- Partially revert bpf: Zero-fill re-used per-cpu map element (Sasha Levin) \n- pinctrl: baytrail: Fix pin being driven low for a while on gpiod_get(..., GPIOD_OUT_HIGH) (Hans de Goede) \n- pinctrl: baytrail: Replace WARN with dev_info_once when setting direct-irq pin to output (Hans de Goede) \n- Linux 5.4.82 (Greg Kroah-Hartman) \n- RDMA/i40iw: Address an mmap handler exploit in i40iw (Shiraz Saleem) \n- tracing: Remove WARN_ON in start_thread() (Vasily Averin) \n- Input: i8042 - add ByteSpeed touchpad to noloop table (Po-Hsu Lin) \n- Input: xpad - support Ardwiino Controllers (Sanjay Govind) \n- ALSA: usb-audio: US16x08: fix value count for level meters (Hector Martin) \n- net/mlx5: Fix wrong address reclaim when command interface is down (Eran Ben Elisha) \n- net/mlx5: DR, Proper handling of unsupported Connect-X6DX SW steering (Yevgeny Kliteynik) \n- net/sched: act_mpls: ensure LSE is pullable before reading it (Davide Caratti) \n- net: openvswitch: ensure LSE is pullable before reading it (Davide Caratti) \n- net: skbuff: ensure LSE is pullable before decrementing the MPLS ttl (Davide Caratti) \n- net: mvpp2: Fix error return code in mvpp2_open() (Wang Hai) \n- chelsio/chtls: fix a double free in chtls_setkey() (Dan Carpenter) \n- vxlan: fix error return code in __vxlan_dev_create() (Zhang Changzhong) \n- net: pasemi: fix error return code in pasemi_mac_open() (Zhang Changzhong) \n- cxgb3: fix error return code in t3_sge_alloc_qset() (Zhang Changzhong) \n- net/x25: prevent a couple of overflows (Dan Carpenter) \n- net: ip6_gre: set dev->hard_header_len when using header_ops (Antoine Tenart) \n- geneve: pull IP header before ECN decapsulation (Eric Dumazet) \n- inet_ecn: Fix endianness of checksum update when setting ECT(1) (Toke Hoiland-Jorgensen) \n- ibmvnic: Fix TX completion error handling (Thomas Falcon) \n- ibmvnic: Ensure that SCRQ entry reads are correctly ordered (Thomas Falcon) \n- chelsio/chtls: fix panic during unload reload chtls (Vinay Kumar Yadav) \n- dt-bindings: net: correct interrupt flags in examples (Krzysztof Kozlowski) \n- ipv4: Fix tos mask in inet_rtm_getroute() (Guillaume Nault) \n- netfilter: bridge: reset skb->pkt_type after NF_INET_POST_ROUTING traversal (Antoine Tenart) \n- sched/fair: Fix unthrottle_cfs_rq() for leaf_cfs_rq list (Vincent Guittot) \n- ima: extend boot_aggregate with kernel measurements (Maurizio Drocco) \n- staging/octeon: fix up merge error (Randy Dunlap) \n- bonding: wait for sysfs kobject destruction before freeing struct slave (Jamie Iles) \n- usbnet: ipheth: fix connectivity with iOS 14 (Yves-Alexis Perez) \n- tun: honor IOCB_NOWAIT flag (Jens Axboe) \n- tcp: Set INET_ECN_xmit configuration in tcp_reinit_congestion_control (Alexander Duyck) \n- sock: set sk_err to ee_errno on dequeue from errq (Willem de Bruijn) \n- rose: Fix Null pointer dereference in rose_send_frame() (Anmol Karn) \n- net/tls: Protect from calling tls_dev_del for TLS RX twice (Maxim Mikityanskiy) \n- net/tls: missing received data after fast remote close (Vadim Fedorenko) \n- net/af_iucv: set correct sk_protocol for child sockets (Julian Wiedmann) \n- ipv6: addrlabel: fix possible memory leak in ip6addrlbl_net_init (Wang Hai) \n- devlink: Hold rtnl lock while reading netdev attributes (Parav Pandit)", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2021-03-31T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14381", "CVE-2020-25639", "CVE-2020-27170", "CVE-2020-27171", "CVE-2020-28374", "CVE-2020-28588", "CVE-2020-29568", "CVE-2020-29569", "CVE-2020-36158", "CVE-2021-20177", "CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932", "CVE-2021-27363", "CVE-2021-27364", "CVE-2021-27365", "CVE-2021-3347", "CVE-2021-3348", "CVE-2021-3444"], "modified": "2021-03-31T00:00:00", "id": "ELSA-2021-9140", "href": "http://linux.oracle.com/errata/ELSA-2021-9140.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "fedora": [{"lastseen": "2021-07-28T14:46:52", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-02-26T23:55:43", "type": "fedora", "title": "[SECURITY] Fedora 33 Update: kernel-5.10.18-200.fc33", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932"], "modified": "2021-02-26T23:55:43", "id": "FEDORA:38CB530B1D04", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GWQWPWYZRXVFJI5M3VCM72X27IB7CKOB/", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:46:52", "description": "The kernel meta package ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-02-26T23:36:07", "type": "fedora", "title": "[SECURITY] Fedora 32 Update: kernel-5.10.18-100.fc32", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26930", "CVE-2021-26931", "CVE-2021-26932"], "modified": "2021-02-26T23:36:07", "id": "FEDORA:14B79306C927", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2XQR52ICKRK3GC4HDWLMWF2U55YGAR63/", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "citrix": [{"lastseen": "2022-06-13T14:30:24", "description": "<section class=\"article-content\" data-swapid=\"ArticleContent\">\n<div class=\"content-block\" data-swapid=\"ContentBlock\"><h2>Description of Problem</h2>\n<p>Several security issues have been identified that, collectively, may allow privileged code running in a guest VM to cause the host to crash or to become unresponsive.<br/><br/>These issues have the following CVE identifiers:</p>\n<table>\n<tbody>\n<tr>\n<td colspan=\"1\" rowspan=\"1\">CVE ID</td>\n<td colspan=\"1\" rowspan=\"1\">Description</td>\n<td colspan=\"1\" rowspan=\"1\">Vulnerability Type</td>\n<td colspan=\"1\" rowspan=\"1\">Pre-conditions</td>\n</tr>\n<tr>\n<td colspan=\"1\" rowspan=\"1\"> <p>CVE-2021-26930</p> </td>\n<td colspan=\"1\" ro
CVE-2021-26932
