Description
There are two RetBleed vulnerabilities. This article applies to CVE-2022-29900. For information about CVE-2022-29901, refer to the following article:
[K83713003: RetBleed CPU vulnerability CVE-2022-29901](<https://support.f5.com/csp/article/K83713003>)
Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. ([CVE-2022-29900](<https://vulners.com/cve/CVE-2022-29900>))
Impact
There is no impact; F5 products are not affected by this vulnerability.
Related
{"id": "F5:K57185580", "vendorId": null, "type": "f5", "bulletinFamily": "software", "title": "RetBleed CPU vulnerability CVE-2022-29900", "description": "There are two RetBleed vulnerabilities. This article applies to CVE-2022-29900. For information about CVE-2022-29901, refer to the following article:\n\n[K83713003: RetBleed CPU vulnerability CVE-2022-29901](<https://support.f5.com/csp/article/K83713003>)\n\nMis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. ([CVE-2022-29900](<https://vulners.com/cve/CVE-2022-29900>))\n\nImpact\n\nThere is no impact; F5 products are not affected by this vulnerability.\n", "published": "2022-08-02T19:10:00", "modified": "2022-08-02T19:10:00", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1}, "severity": "LOW", "exploitabilityScore": 3.9, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 2.0, "impactScore": 4.0}, "href": "https://support.f5.com/csp/article/K57185580", "reporter": "f5", "references": [], "cvelist": ["CVE-2022-29900", "CVE-2022-29901"], "immutableFields": [], "lastseen": "2023-02-08T15:55:44", "viewCount": 162, "enchantments": {"score": {"value": 3.3, "vector": "NONE"}, "dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2022:7110"]}, {"type": "amazon", "idList": ["ALAS2-2022-1838"]}, {"type": "amd", "idList": ["AMD-SB-1037"]}, {"type": "avleonov", "idList": ["AVLEONOV:317FBD7DA93C95993A9FFF38FB04A987"]}, {"type": "citrix", "idList": ["CTX461397"]}, {"type": "cve", "idList": ["CVE-2022-29900", "CVE-2022-29901"]}, {"type": "debian", "idList": ["DEBIAN:DLA-3102-1:8DD52", "DEBIAN:DLA-3245-1:5D45B", "DEBIAN:DSA-5184-1:CABB7", "DEBIAN:DSA-5207-1:0D465"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-29900", "DEBIANCVE:CVE-2022-29901"]}, {"type": "f5", "idList": ["F5:K83713003"]}, {"type": "fedora", "idList": ["FEDORA:3622F307260C", "FEDORA:3E0893021FB2", "FEDORA:79262304C76D", "FEDORA:E6CE83084966"]}, {"type": "intel", "idList": ["INTEL:INTEL-SA-00702"]}, {"type": "mageia", "idList": ["MGASA-2022-0278", "MGASA-2022-0279"]}, {"type": "nessus", "idList": ["AL2022_ALAS2022-2022-125.NASL", "AL2022_ALAS2022-2022-185.NASL", "AL2_ALAS-2022-1838.NASL", "AL2_ALASKERNEL-5_10-2022-019.NASL", "AL2_ALASKERNEL-5_15-2022-006.NASL", "AL2_ALASKERNEL-5_4-2022-037.NASL", "ALMA_LINUX_ALSA-2022-7110.NASL", "ALMA_LINUX_ALSA-2022-7134.NASL", "ALMA_LINUX_ALSA-2022-7933.NASL", "ALMA_LINUX_ALSA-2022-8267.NASL", "DEBIAN_DLA-3102.NASL", "DEBIAN_DLA-3245.NASL", "DEBIAN_DSA-5184.NASL", "DEBIAN_DSA-5207.NASL", "F5_BIGIP_SOL83713003.NASL", "FEDORA_2022-C69EF9C1DD.NASL", "NUTANIX_NXSA-AHV-20220304_10013.NASL", "ORACLELINUX_ELSA-2022-7110.NASL", "ORACLELINUX_ELSA-2022-7337.NASL", "ORACLELINUX_ELSA-2022-8267.NASL", "ORACLELINUX_ELSA-2022-9590.NASL", "ORACLELINUX_ELSA-2022-9591.NASL", "ORACLELINUX_ELSA-2022-9709.NASL", "ORACLELINUX_ELSA-2022-9710.NASL", "REDHAT-RHSA-2022-7110.NASL", "REDHAT-RHSA-2022-7134.NASL", "REDHAT-RHSA-2022-7337.NASL", "REDHAT-RHSA-2022-7338.NASL", "REDHAT-RHSA-2022-7933.NASL", "REDHAT-RHSA-2022-8267.NASL", "REDHAT-RHSA-2022-8973.NASL", "REDHAT-RHSA-2022-8974.NASL", "ROCKY_LINUX_RLSA-2022-7110.NASL", "ROCKY_LINUX_RLSA-2022-7134.NASL", "SLACKWARE_SSA_2022-237-02.NASL", "SL_20221103_KERNEL_ON_SL7_X.NASL", "SUSE_SU-2022-2376-1.NASL", "SUSE_SU-2022-2377-1.NASL", "SUSE_SU-2022-2379-1.NASL", "SUSE_SU-2022-2382-1.NASL", "SUSE_SU-2022-2393-1.NASL", "SUSE_SU-2022-2407-1.NASL", "SUSE_SU-2022-2411-1.NASL", "SUSE_SU-2022-2422-1.NASL", "SUSE_SU-2022-2423-1.NASL", "SUSE_SU-2022-2424-1.NASL", "SUSE_SU-2022-2478-1.NASL", "SUSE_SU-2022-2520-1.NASL", "SUSE_SU-2022-2549-1.NASL", "SUSE_SU-2022-2557-1.NASL", "SUSE_SU-2022-2560-1.NASL", "SUSE_SU-2022-2569-1.NASL", "SUSE_SU-2022-2574-1.NASL", "SUSE_SU-2022-2591-1.NASL", "SUSE_SU-2022-2597-1.NASL", "SUSE_SU-2022-2599-1.NASL", "SUSE_SU-2022-2600-1.NASL", "SUSE_SU-2022-2601-1.NASL", "SUSE_SU-2022-2615-1.NASL", "SUSE_SU-2022-2629-1.NASL", "SUSE_SU-2022-2809-1.NASL", "SUSE_SU-2022-4616-1.NASL", "UBUNTU_USN-5564-1.NASL", "UBUNTU_USN-5565-1.NASL", "UBUNTU_USN-5566-1.NASL", "UBUNTU_USN-5728-1.NASL", "UBUNTU_USN-5728-2.NASL", "UBUNTU_USN-5728-3.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2022-7110", "ELSA-2022-7337", "ELSA-2022-8267", "ELSA-2022-9590", "ELSA-2022-9591", "ELSA-2022-9709", "ELSA-2022-9710"]}, {"type": "osv", "idList": ["OSV:CVE-2022-29900", "OSV:DLA-3102-1", "OSV:DLA-3245-1", "OSV:DSA-5184-1", "OSV:DSA-5207-1"]}, {"type": "photon", "idList": ["PHSA-2022-0248"]}, {"type": "redhat", "idList": ["RHSA-2022:6882", "RHSA-2022:7110", "RHSA-2022:7134", "RHSA-2022:7201", "RHSA-2022:7276", "RHSA-2022:7313", "RHSA-2022:7337", "RHSA-2022:7338", "RHSA-2022:7434", "RHSA-2022:7933", "RHSA-2022:8267", "RHSA-2022:8973", "RHSA-2022:8974"]}, {"type": "redhatcve", "idList": ["RH:CVE-2022-23816", "RH:CVE-2022-23824", "RH:CVE-2022-29900", "RH:CVE-2022-29901"]}, {"type": "rocky", "idList": ["RLSA-2022:7110", "RLSA-2022:7134"]}, {"type": "slackware", "idList": ["SSA-2022-237-02"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:2422-1", "OPENSUSE-SU-2022:2549-1", "SUSE-SU-2022:2376-1", "SUSE-SU-2022:2411-1", "SUSE-SU-2022:2422-1", "SUSE-SU-2022:2424-2", "SUSE-SU-2022:2520-1", "SUSE-SU-2022:2549-1", "SUSE-SU-2022:2597-1", "SUSE-SU-2022:2599-1", "SUSE-SU-2022:2599-2", "SUSE-SU-2022:2615-1"]}, {"type": "thn", "idList": ["THN:83DDF7EA5627F196DA7F3A5DB2F32A06"]}, {"type": "ubuntu", "idList": ["USN-5564-1", "USN-5565-1", "USN-5566-1", "USN-5728-1", "USN-5728-2", "USN-5728-3"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2022-29900", "UB:CVE-2022-29901"]}, {"type": "veracode", "idList": ["VERACODE:36361", "VERACODE:37864"]}, {"type": "vmware", "idList": ["VMSA-2022-0020", "VMSA-2022-0020.1", "VMSA-2022-0020.2"]}, {"type": "xen", "idList": ["XSA-407"]}]}, "affected_software": {"major_version": []}, "epss": [{"cve": "CVE-2022-29900", "epss": "0.000460000", "percentile": "0.127960000", "modified": "2023-03-19"}, {"cve": "CVE-2022-29901", "epss": "0.000870000", "percentile": "0.351460000", "modified": "2023-03-19"}], "vulnersScore": 3.3}, "_state": {"score": 1675872124, "dependencies": 1675871889, "affected_software_major_version": 0, "epss": 1679302705}, "_internal": {"score_hash": "d547f97666ab942389fc15624057d408"}, "affectedSoftware": []}
{"f5": [{"lastseen": "2023-02-08T15:55:43", "description": "There are two RetBleed vulnerabilities. This article applies to CVE-2022-29901. For information about CVE-2022-29900 refer to the following article:\n\n[K57185580: RetBleed CPU vulnerability CVE-2022-29900](<https://support.f5.com/csp/article/K57185580>)\n\nIntel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. ([CVE-2022-29901](<https://vulners.com/cve/CVE-2022-29901>))\n\nImpact\n\nA local authenticated attacker can exploit the Intel vulnerability to allow information disclosure. Only the VELOS BX110 platform is vulnerable.\n\nFor more information refer to [Hardware Knowledge Centers](<https://support.f5.com/csp/knowledge-center/hardware>).\n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2022-08-02T19:09:00", "type": "f5", "title": "RetBleed CPU vulnerability CVE-2022-29901", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29900", "CVE-2022-29901"], "modified": "2022-08-02T19:10:00", "id": "F5:K83713003", "href": "https://support.f5.com/csp/article/K83713003", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "thn": [{"lastseen": "2022-07-14T09:58:31", "description": "[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEj99hURM7p8UjuvAPRUCPZEYm50BKJ3LJ8CUqoqkTVh28vJ-Sbbgu5VZ5sRZdmw3XxjwNRHVeWSjwiQzJuTzu8vHEQQWoyVAhDO0GxtAYTCybsDVFFDnYWGJteRJlmrv2qcHafQX88lBxzIvl28XHy4aRqIDv6CU-w3qxGkWP0joupgmUhpEc1RVHTM/s728-e100/intel-amd.jpg>)\n\nSecurity researchers have uncovered yet another vulnerability affecting numerous older AMD and Intel microprocessors that could bypass current defenses and result in Spectre-based speculative-execution attacks.\n\nDubbed [**Retbleed**](<https://comsec.ethz.ch/research/microarch/retbleed/>) by ETH Zurich researchers Johannes Wikner and Kaveh Razavi, the issue is tracked as CVE-2022-29900 (AMD) and CVE-2022-29901 (Intel), with the chipmakers [releasing](<https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1037>) [software](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00707.html>) [mitigations](<https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00702.html>) as part of a coordinated disclosure process.\n\nRetbleed is also the latest addition to a class of [Spectre attacks](<https://thehackernews.com/2022/03/new-exploit-bypasses-existing-spectre.html>) known as Spectre-BTI (CVE-2017-5715 or Spectre-V2), which exploit the side effects of an optimization technique called [speculative execution](<https://en.wikipedia.org/wiki/Speculative_execution>) by means of a timing side channel to trick a program into accessing arbitrary locations in its memory space and leak private information.\n\nSpeculative execution attempts to fill the instruction pipeline of a program by predicting which instruction will be executed next in order to gain a performance boost, while also undoing the results of the execution should the guess turn out to be wrong.\n\nAttacks like Spectre take advantage of the fact that these erroneously executed instructions \u2014 a result of the misprediction \u2014 are bound to leave traces of the execution in the cache, resulting in a scenario where a rogue program can trick the processor into executing incorrect code paths and infer secret data pertaining to the victim.\n\nPut differently, Spectre is an instance of transient execution attack, which relies on hardware design flaws to \"influence\" which instruction sequences are speculatively executed and leak encryption keys or passwords from within the victim's memory address space.\n\nThis, in turn, is achieved through microarchitectural side channels like [Flush+Reload](<https://thehackernews.com/2021/03/malware-can-exploit-new-flaw-in-intel.html>) that measures the time taken to perform memory reads from the cache that's shared with the victim, but not before flushing some of the shared memory, resulting in either fast or slow reads depending on whether the victim accessed the monitored cache line since it was evicted.\n\nWhile safeguards like [Retpoline](<https://support.google.com/faqs/answer/7625886>) (aka \"return trampoline\") have been devised to prevent branch target injection (BTI), Retbleed is designed to get around this countermeasure and achieve speculative code execution.\n\n[](<https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEjuvPfcMasWqq8m44rpc9wEUeLn8SVWAZLQlb5Z-GgdtlckaC3av10GASed_W6E0GsfDqgG2CvWDkk0uPhRIWVnq2g0SqyH9W5tmQBKNQ2KwbIQtldvVe9pYgIFVaeQmpspUatO0L2vKlpUShxLN-YXUJoqlMGjBIuxJLmYEa-rxa17-8dJnOEWk8Uz/s728-e100/cpu.jpg>)\n\n\"[Retpolines](<https://www.intel.com/content/dam/develop/external/us/en/documents/retpoline-a-branch-target-injection-mitigation.pdf>) work by replacing indirect jumps [branches where the branch target is determined at runtime] and calls with returns,\" the researchers explained.\n\n\"Retbleed aims to hijack a return instruction in the kernel to gain arbitrary speculative code execution in the kernel context. With sufficient control over registers and/or memory at the victim return instruction, the attacker can leak arbitrary kernel data.\"\n\nThe core idea, in a nutshell, is to treat [return instructions](<https://en.wikipedia.org/wiki/Return_statement>) as an attack vector for speculation execution and force the statements to be predicted like indirect branches, effectively undoing protections offered by Retpoline.\n\nAs a new line of defense, AMD has introduced what's referred to as [Jmp2Ret](<https://www.amd.com/system/files/documents/technical-guidance-for-mitigating-branch-type-confusion_v7_20220712.pdf>), while Intel has [recommended](<https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/return-stack-buffer-underflow.html>) using enhanced Indirect Branch Restricted Speculation ([eIBRS](<https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/technical-documentation/indirect-branch-restricted-speculation.html>)) to address the potential vulnerability even if Retpoline mitigations are in place.\n\n\"Windows operating system uses IBRS by default, so no update is required,\" Intel said in an advisory, noting it worked with the Linux community to make available software updates for the shortcoming.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.6, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2022-07-13T14:22:00", "type": "thn", "title": "New 'Retbleed' Speculative Execution Attack Affects AMD and Intel CPUs", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-5715", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2022-07-14T08:42:28", "id": "THN:83DDF7EA5627F196DA7F3A5DB2F32A06", "href": "https://thehackernews.com/2022/07/new-retbleed-speculative-execution.html", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2023-02-12T15:33:55", "description": "It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-125 advisory.\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges. (CVE-2022-36123)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-06T00:00:00", "type": "nessus", "title": "Amazon Linux 2022 : (ALAS2022-2022-125)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29900", "CVE-2022-29901", "CVE-2022-36123"], "modified": "2022-09-06T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:bpftool", "p-cpe:/a:amazon:linux:bpftool-debuginfo", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-livepatch-5.15.57-28.127", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python3-perf", "p-cpe:/a:amazon:linux:python3-perf-debuginfo", "cpe:/o:amazon:linux:2022"], "id": "AL2022_ALAS2022-2022-125.NASL", "href": "https://www.tenable.com/plugins/nessus/164742", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2022 Security Advisory ALAS2022-2022-125.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164742);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/09/06\");\n\n script_cve_id(\"CVE-2022-29900\", \"CVE-2022-29901\", \"CVE-2022-36123\");\n\n script_name(english:\"Amazon Linux 2022 : (ALAS2022-2022-125)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2022 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-125 advisory.\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This\n allows Xen PV guest OS users to cause a denial of service or gain privileges. (CVE-2022-36123)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2022/ALAS-2022-125.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-29900.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-29901.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-36123.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'dnf update kernel --releasever=2022.0.20220810' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29900\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-36123\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-5.15.57-28.127\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2022\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"-2022\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2022\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2022-29900\", \"CVE-2022-29901\", \"CVE-2022-36123\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALAS2022-2022-125\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-debuginfo-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-debuginfo-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-aarch64-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-x86_64-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-5.15.57-28.127.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-livepatch-5.15.57-28.127-1.0-0.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-livepatch-5.15.57-28.127-1.0-0.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-debuginfo-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-debuginfo-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / etc\");\n}", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-12T17:19:43", "description": "The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-c69ef9c1dd advisory.\n\n - AMD microprocessor families 15h to 18h are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\n - AMD: CVE-2022-23825 AMD CPU Branch Type Confusion (CVE-2022-23825)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2022-07-14T00:00:00", "type": "nessus", "title": "Fedora 36 : kernel (2022-c69ef9c1dd)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23816", "CVE-2022-23825", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:36", "p-cpe:/a:fedoraproject:fedora:kernel"], "id": "FEDORA_2022-C69EF9C1DD.NASL", "href": "https://www.tenable.com/plugins/nessus/163090", "sourceData": "##\n# (C) Tenable, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2022-c69ef9c1dd\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163090);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2022-23816\",\n \"CVE-2022-23825\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\"\n );\n script_xref(name:\"FEDORA\", value:\"2022-c69ef9c1dd\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"Fedora 36 : kernel (2022-c69ef9c1dd)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2022-c69ef9c1dd advisory.\n\n - AMD microprocessor families 15h to 18h are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\n - AMD: CVE-2022-23825 AMD CPU Branch Type Confusion (CVE-2022-23825)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2022-c69ef9c1dd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29901\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-29900\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:36\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Fedora' >!< release) audit(AUDIT_OS_NOT, 'Fedora');\nvar os_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^36([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 36', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-23816', 'CVE-2022-23825', 'CVE-2022-29900', 'CVE-2022-29901');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for FEDORA-2022-c69ef9c1dd');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'reference':'kernel-5.18.11-200.fc36', 'release':'FC36', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-25T08:42:32", "description": "The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5565-1 advisory.\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2022-08-10T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-5565-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2585", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-46-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-46-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-46-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-46-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-46-lowlatency-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-64k"], "id": "UBUNTU_USN-5565-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164034", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5565-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164034);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2022-2585\",\n \"CVE-2022-2586\",\n \"CVE-2022-2588\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\"\n );\n script_xref(name:\"USN\", value:\"5565-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-5565-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5565-1 advisory.\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5565-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29900\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-29901\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-46-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-46-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-46-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-46-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-46-lowlatency-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-64k\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.15.0-\\d{2}-(generic|generic-64k|generic-lpae|lowlatency|lowlatency-64k))$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.15.0-\\d{2}-(generic|generic-64k|generic-lpae|lowlatency|lowlatency-64k)\" : \"5.15.0-46\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5565-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-2585', 'CVE-2022-2586', 'CVE-2022-2588', 'CVE-2022-29900', 'CVE-2022-29901');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5565-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-12T20:38:00", "description": "The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K83713003 advisory.\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2022-08-02T00:00:00", "type": "nessus", "title": "F5 Networks BIG-IP : RetBleed CPU vulnerability (K83713003)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-29901"], "modified": "2022-08-02T00:00:00", "cpe": ["cpe:/a:f5:big-ip_access_policy_manager", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_wan_optimization_manager", "cpe:/h:f5:big-ip_protocol_security_manager", "cpe:/h:f5:big-ip"], "id": "F5_BIGIP_SOL83713003.NASL", "href": "https://www.tenable.com/plugins/nessus/163734", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K83713003.\n#\n# @NOAGENT@\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163734);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/08/02\");\n\n script_cve_id(\"CVE-2022-29901\");\n\n script_name(english:\"F5 Networks BIG-IP : RetBleed CPU vulnerability (K83713003)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by\na vulnerability as referenced in the K83713003 advisory.\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.f5.com/csp/article/K83713003\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5 Solution K83713003.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29901\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/02\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_wan_optimization_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip_protocol_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\", \"Settings/ParanoidReport\");\n\n exit(0);\n}\n\n\ninclude('f5_func.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar version = get_kb_item('Host/BIG-IP/version');\nif ( ! version ) audit(AUDIT_OS_NOT, 'F5 Networks BIG-IP');\nif ( isnull(get_kb_item('Host/BIG-IP/hotfix')) ) audit(AUDIT_KB_MISSING, 'Host/BIG-IP/hotfix');\nif ( ! get_kb_item('Host/BIG-IP/modules') ) audit(AUDIT_KB_MISSING, 'Host/BIG-IP/modules');\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\nvar sol = 'K83713003';\nvar vmatrix = {\n 'AFM': {\n 'affected': [\n '15.1.4-15.1.6','14.1.4.1-14.1.5'\n ],\n },\n 'APM': {\n 'affected': [\n '15.1.4-15.1.6','14.1.4.1-14.1.5'\n ],\n },\n 'ASM': {\n 'affected': [\n '15.1.4-15.1.6','14.1.4.1-14.1.5'\n ],\n },\n 'GTM': {\n 'affected': [\n '15.1.4-15.1.6','14.1.4.1-14.1.5'\n ],\n },\n 'LTM': {\n 'affected': [\n '15.1.4-15.1.6','14.1.4.1-14.1.5'\n ],\n },\n 'PEM': {\n 'affected': [\n '15.1.4-15.1.6','14.1.4.1-14.1.5'\n ],\n },\n 'PSM': {\n 'affected': [\n '15.1.4-15.1.6','14.1.4.1-14.1.5'\n ],\n },\n 'WOM': {\n 'affected': [\n '15.1.4-15.1.6','14.1.4.1-14.1.5'\n ],\n }\n};\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n var extra = NULL;\n if (report_verbosity > 0) extra = bigip_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n}\nelse\n{\n var tested = bigip_get_tested_modules();\n var audit_extra = 'For BIG-IP module(s) ' + tested + ',';\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, 'running any of the affected modules');\n}\n", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-06T16:17:03", "description": "The version of kernel installed on the remote host is prior to 5.4.217-126.408. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-037 advisory.\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system, resulting in a denial of service condition (CVE-2022-3303)\n\n - An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur. (CVE-2022-39842)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2022-10-25T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-037)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23816", "CVE-2022-2602", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-3303", "CVE-2022-39842"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:bpftool", "p-cpe:/a:amazon:linux:bpftool-debuginfo", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALASKERNEL-5_4-2022-037.NASL", "href": "https://www.tenable.com/plugins/nessus/166494", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASKERNEL-5.4-2022-037.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166494);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2022-2602\",\n \"CVE-2022-3303\",\n \"CVE-2022-23816\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-39842\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-037)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 5.4.217-126.408. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-037 advisory.\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead\n to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or\n member of the audio group) could use this flaw to crash the system, resulting in a denial of service\n condition (CVE-2022-3303)\n\n - An issue was discovered in the Linux kernel before 5.19. In pxa3xx_gcu_write in\n drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an\n integer overflow and bypassing the size check. After that, because it is used as the third argument to\n copy_from_user(), a heap overflow may occur. (CVE-2022-39842)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2022-037.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-23816.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-2602.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-29900.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-29901.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-3303.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-39842.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29900\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-29901\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2022-2602\", \"CVE-2022-3303\", \"CVE-2022-23816\", \"CVE-2022-29900\", \"CVE-2022-29901\", \"CVE-2022-39842\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALASKERNEL-5.4-2022-037\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-5.4.217-126.408.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-5.4.217-126.408.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-debuginfo-5.4.217-126.408.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-debuginfo-5.4.217-126.408.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-5.4.217-126.408.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-5.4.217-126.408.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-5.4.217-126.408.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-5.4.217-126.408.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-common-aarch64-5.4.217-126.408.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-common-x86_64-5.4.217-126.408.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-devel-5.4.217-126.408.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-devel-5.4.217-126.408.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.217-126.408.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.217-126.408.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.217-126.408.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-5.4.217-126.408.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-5.4.217-126.408.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-debuginfo-5.4.217-126.408.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-debuginfo-5.4.217-126.408.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-devel-5.4.217-126.408.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-devel-5.4.217-126.408.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-5.4.217-126.408.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-5.4.217-126.408.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-debuginfo-5.4.217-126.408.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-debuginfo-5.4.217-126.408.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-5.4.217-126.408.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-5.4.217-126.408.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-debuginfo-5.4.217-126.408.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-debuginfo-5.4.217-126.408.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / etc\");\n}", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-26T00:36:28", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7337 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. (CVE-2022-23825)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2022-11-03T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : kernel (ELSA-2022-7337)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-26373", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2023-01-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2022-7337.NASL", "href": "https://www.tenable.com/plugins/nessus/166937", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-7337.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166937);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\n \"CVE-2022-2588\",\n \"CVE-2022-23816\",\n \"CVE-2022-23825\",\n \"CVE-2022-26373\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2022-7337)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-7337 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially\n leading to information disclosure. (CVE-2022-23825)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-7337.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29900\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-29901\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.10.0-1160.80.1.0.1.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-7337');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.10';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-3.10.0-1160.80.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.80.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-3.10.0'},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.80.1.0.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-3.10.0'},\n {'reference':'kernel-debug-3.10.0-1160.80.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-3.10.0'},\n {'reference':'kernel-debug-devel-3.10.0-1160.80.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-3.10.0'},\n {'reference':'kernel-devel-3.10.0-1160.80.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-3.10.0'},\n {'reference':'kernel-headers-3.10.0-1160.80.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-3.10.0'},\n {'reference':'kernel-tools-3.10.0-1160.80.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-3.10.0'},\n {'reference':'kernel-tools-libs-3.10.0-1160.80.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-3.10.0'},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.80.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-3.10.0'},\n {'reference':'perf-3.10.0-1160.80.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.80.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-26T00:35:48", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7338 advisory.\n\n - CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816)\n\n - hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n - CVE-2022-23816 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29900)\n\n - hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2022-11-03T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-rt (RHSA-2022:7338)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-26373", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm"], "id": "REDHAT-RHSA-2022-7338.NASL", "href": "https://www.tenable.com/plugins/nessus/166878", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:7338. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166878);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2022-2588\",\n \"CVE-2022-23816\",\n \"CVE-2022-23825\",\n \"CVE-2022-26373\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\"\n );\n script_xref(name:\"RHSA\", value:\"2022:7338\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"RHEL 7 : kernel-rt (RHSA-2022:7338)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:7338 advisory.\n\n - CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions\n (CVE-2022-23816)\n\n - hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n - CVE-2022-23816 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions\n (CVE-2022-29900)\n\n - hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26373\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-29901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:7338\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2090226\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2103148\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2103153\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2114849\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115065\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29900\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-29901\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(200, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-2588', 'CVE-2022-23816', 'CVE-2022-23825', 'CVE-2022-26373', 'CVE-2022-29900', 'CVE-2022-29901');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2022:7338');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-3.10.0-1160.80.1.rt56.1225.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-3.10.0-1160.80.1.rt56.1225.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-3.10.0-1160.80.1.rt56.1225.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-3.10.0-1160.80.1.rt56.1225.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-3.10.0-1160.80.1.rt56.1225.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-doc-3.10.0-1160.80.1.rt56.1225.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-3.10.0-1160.80.1.rt56.1225.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-3.10.0-1160.80.1.rt56.1225.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-devel-3.10.0-1160.80.1.rt56.1225.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-kvm-3.10.0-1160.80.1.rt56.1225.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-debug / kernel-rt-debug-devel / etc');\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-25T00:45:32", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7337 advisory.\n\n - CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816)\n\n - hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n - CVE-2022-23816 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29900)\n\n - hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2022-11-03T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2022:7337)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-26373", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2022-7337.NASL", "href": "https://www.tenable.com/plugins/nessus/166885", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:7337. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166885);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2022-2588\",\n \"CVE-2022-23816\",\n \"CVE-2022-23825\",\n \"CVE-2022-26373\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\"\n );\n script_xref(name:\"RHSA\", value:\"2022:7337\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2022:7337)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:7337 advisory.\n\n - CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions\n (CVE-2022-23816)\n\n - hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n - CVE-2022-23816 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions\n (CVE-2022-29900)\n\n - hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26373\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-29901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:7337\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2090226\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2103148\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2103153\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2114849\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115065\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29900\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-29901\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(200, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-2588', 'CVE-2022-23816', 'CVE-2022-23825', 'CVE-2022-26373', 'CVE-2022-29900', 'CVE-2022-29901');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2022:7337');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-3.10.0-1160.80.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.80.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.80.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.80.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.80.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.80.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1160.80.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-3.10.0-1160.80.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-3.10.0-1160.80.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.80.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.80.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-25T17:07:48", "description": "The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:7337-1 advisory.\n\n - a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900) Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n - Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n - Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2022-11-10T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL7.x x86_64 (2022:7337)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-26373", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2023-01-12T00:00:00", "cpe": ["cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:bpftool", "p-cpe:/a:fermilab:scientific_linux:bpftool-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:kernel-tools", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo"], "id": "SL_20221103_KERNEL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/167258", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167258);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\n \"CVE-2022-2588\",\n \"CVE-2022-23825\",\n \"CVE-2022-26373\",\n \"CVE-2022-29901\"\n );\n script_xref(name:\"RHSA\", value:\"RHSA-2022:7337\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL7.x x86_64 (2022:7337)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Scientific Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SLSA-2022:7337-1 advisory.\n\n - a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900)\n Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n - Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n - Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.scientificlinux.org/category/sl-errata/slsa-20227337-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23825\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-29901\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fermilab:scientific_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Scientific Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Scientific Linux');\nvar os_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Scientific Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Scientific Linux 7.x', 'Scientific Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Scientific Linux', cpu);\n\nvar pkgs = [\n {'reference':'bpftool-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-debuginfo-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.80.1.el7', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-debuginfo-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-x86_64-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-debuginfo-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / bpftool-debuginfo / kernel / etc');\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-08T10:49:16", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7134 advisory.\n\n - kernel: information leak in scsi_ioctl() (CVE-2022-0494)\n\n - kernel: kernel info leak issue in pfkey_register (CVE-2022-1353)\n\n - CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816)\n\n - hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - CVE-2022-23816 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29900)\n\n - hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-10-25T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel-rt (RHSA-2022:7134)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0494", "CVE-2022-1353", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2023-02-02T00:00:00", "cpe": ["cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-debug-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-core:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-debug-core:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-debug-kvm:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-debug-modules:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-debug-modules-extra:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-kvm:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-modules:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-rt-modules-extra:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_aus:8.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_e4s:8.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_eus:8.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_tus:8.6:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2022-7134.NASL", "href": "https://www.tenable.com/plugins/nessus/166473", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:7134. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166473);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/02\");\n\n script_cve_id(\n \"CVE-2022-0494\",\n \"CVE-2022-1353\",\n \"CVE-2022-2588\",\n \"CVE-2022-23816\",\n \"CVE-2022-23825\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\"\n );\n script_xref(name:\"RHSA\", value:\"2022:7134\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"RHEL 8 : kernel-rt (RHSA-2022:7134)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:7134 advisory.\n\n - kernel: information leak in scsi_ioctl() (CVE-2022-0494)\n\n - kernel: kernel info leak issue in pfkey_register (CVE-2022-1353)\n\n - CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions\n (CVE-2022-23816)\n\n - hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - CVE-2022-23816 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions\n (CVE-2022-29900)\n\n - hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0494\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-29901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:7134\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2039448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2066819\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2090226\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2103148\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2103153\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2114849\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0494\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1353\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(200, 212, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-0494', 'CVE-2022-1353', 'CVE-2022-2588', 'CVE-2022-23816', 'CVE-2022-23825', 'CVE-2022-29900', 'CVE-2022-29901');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2022:7134');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-4.18.0-372.32.1.rt7.189.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-372.32.1.rt7.189.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-372.32.1.rt7.189.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-372.32.1.rt7.189.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-372.32.1.rt7.189.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-372.32.1.rt7.189.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-372.32.1.rt7.189.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-372.32.1.rt7.189.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-372.32.1.rt7.189.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-372.32.1.rt7.189.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-372.32.1.rt7.189.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-372.32.1.rt7.189.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc');\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-02-08T00:41:29", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7110 advisory.\n\n - kernel: information leak in scsi_ioctl() (CVE-2022-0494)\n\n - kernel: kernel info leak issue in pfkey_register (CVE-2022-1353)\n\n - CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816)\n\n - hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - CVE-2022-23816 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29900)\n\n - hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-10-25T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel (RHSA-2022:7110)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0494", "CVE-2022-1353", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2023-02-02T00:00:00", "cpe": ["cpe:2.3:o:redhat:enterprise_linux:8:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-headers:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools-libs:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-tools-libs-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:bpftool:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-core:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-cross-headers:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug-core:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug-modules:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-debug-modules-extra:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-modules:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-modules-extra:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-zfcpdump:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-zfcpdump-core:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-zfcpdump-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-zfcpdump-modules:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:python3-perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:redhat:enterprise_linux:kernel-abi-stablelists:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_aus:8.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_e4s:8.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_eus:8.6:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:rhel_tus:8.6:*:*:*:*:*:*:*"], "id": "REDHAT-RHSA-2022-7110.NASL", "href": "https://www.tenable.com/plugins/nessus/166478", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:7110. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166478);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/02\");\n\n script_cve_id(\n \"CVE-2022-0494\",\n \"CVE-2022-1353\",\n \"CVE-2022-2588\",\n \"CVE-2022-23816\",\n \"CVE-2022-23825\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\"\n );\n script_xref(name:\"RHSA\", value:\"2022:7110\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"RHEL 8 : kernel (RHSA-2022:7110)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:7110 advisory.\n\n - kernel: information leak in scsi_ioctl() (CVE-2022-0494)\n\n - kernel: kernel info leak issue in pfkey_register (CVE-2022-1353)\n\n - CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions\n (CVE-2022-23816)\n\n - hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - CVE-2022-23816 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions\n (CVE-2022-29900)\n\n - hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0494\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-29901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:7110\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2039448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2066819\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2090226\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2103148\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2103153\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2114849\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0494\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1353\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(200, 212, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-0494', 'CVE-2022-1353', 'CVE-2022-2588', 'CVE-2022-23816', 'CVE-2022-23825', 'CVE-2022-29900', 'CVE-2022-29901');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2022:7110');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-372.32.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-372.32.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-372.32.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-372.32.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-372.32.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-372.32.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-372.32.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-372.32.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-372.32.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-372.32.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-372.32.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-372.32.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-372.32.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-372.32.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-372.32.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.32.1.el8_6', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.32.1.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.32.1.el8_6', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.32.1.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-372.32.1.el8_6', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-372.32.1.el8_6', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-372.32.1.el8_6', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-372.32.1.el8_6', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-372.32.1.el8_6', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-372.32.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-372.32.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-372.32.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-372.32.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-372.32.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-372.32.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-372.32.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-372.32.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-372.32.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-372.32.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-372.32.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-372.32.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-372.32.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-372.32.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-372.32.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-372.32.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-372.32.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-372.32.1.el8_6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-372.32.1.el8_6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-372.32.1.el8_6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-372.32.1.el8_6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-372.32.1.el8_6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-372.32.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-372.32.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / kernel-core / etc');\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-01-25T10:36:47", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7110 advisory.\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. (CVE-2022-1353)\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. (CVE-2022-23825)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-10-28T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : kernel (ALSA-2022:7110)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0494", "CVE-2022-1353", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:alma:linux:bpftool", "p-cpe:/a:alma:linux:kernel", "p-cpe:/a:alma:linux:kernel-abi-stablelists", "p-cpe:/a:alma:linux:kernel-core", "p-cpe:/a:alma:linux:kernel-cross-headers", "p-cpe:/a:alma:linux:kernel-debug", "p-cpe:/a:alma:linux:kernel-debug-core", "p-cpe:/a:alma:linux:kernel-debug-devel", "p-cpe:/a:alma:linux:kernel-debug-modules", "p-cpe:/a:alma:linux:kernel-debug-modules-extra", "p-cpe:/a:alma:linux:kernel-devel", "p-cpe:/a:alma:linux:kernel-headers", "p-cpe:/a:alma:linux:kernel-modules", "p-cpe:/a:alma:linux:kernel-modules-extra", "p-cpe:/a:alma:linux:kernel-tools", "p-cpe:/a:alma:linux:kernel-tools-libs", "p-cpe:/a:alma:linux:kernel-tools-libs-devel", "p-cpe:/a:alma:linux:kernel-zfcpdump", "p-cpe:/a:alma:linux:kernel-zfcpdump-core", "p-cpe:/a:alma:linux:kernel-zfcpdump-devel", "p-cpe:/a:alma:linux:kernel-zfcpdump-modules", "p-cpe:/a:alma:linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:alma:linux:perf", "p-cpe:/a:alma:linux:python3-perf", "cpe:/o:alma:linux:8", "cpe:/o:alma:linux:8::baseos", "cpe:/o:alma:linux:8::powertools"], "id": "ALMA_LINUX_ALSA-2022-7110.NASL", "href": "https://www.tenable.com/plugins/nessus/166675", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:7110.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166675);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\n \"CVE-2022-0494\",\n \"CVE-2022-1353\",\n \"CVE-2022-2588\",\n \"CVE-2022-23816\",\n \"CVE-2022-23825\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\"\n );\n script_xref(name:\"ALSA\", value:\"2022:7110\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"AlmaLinux 8 : kernel (ALSA-2022:7110)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2022:7110 advisory.\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in\n the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or\n CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This\n flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a\n leak of internal kernel information. (CVE-2022-1353)\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially\n leading to information disclosure. (CVE-2022-23825)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2022-7110.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0494\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1353\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(200, 212, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8::baseos\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8::powertools\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-0494', 'CVE-2022-1353', 'CVE-2022-2588', 'CVE-2022-23816', 'CVE-2022-23825', 'CVE-2022-29900', 'CVE-2022-29901');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ALSA-2022:7110');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-372.32.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / kernel-core / etc');\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-01-25T06:54:44", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7110 advisory.\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. (CVE-2022-1353)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. (CVE-2022-23825)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-10-26T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : kernel (ELSA-2022-7110)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0494", "CVE-2022-1353", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2023-01-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-stablelists", "p-cpe:/a:oracle:linux:kernel-core", "p-cpe:/a:oracle:linux:kernel-cross-headers", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-core", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-debug-modules", "p-cpe:/a:oracle:linux:kernel-debug-modules-extra", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-modules", "p-cpe:/a:oracle:linux:kernel-modules-extra", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python3-perf"], "id": "ORACLELINUX_ELSA-2022-7110.NASL", "href": "https://www.tenable.com/plugins/nessus/166553", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-7110.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166553);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\n \"CVE-2022-0494\",\n \"CVE-2022-1353\",\n \"CVE-2022-2588\",\n \"CVE-2022-23816\",\n \"CVE-2022-23825\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"Oracle Linux 8 : kernel (ELSA-2022-7110)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-7110 advisory.\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This\n flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a\n leak of internal kernel information. (CVE-2022-1353)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in\n the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or\n CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially\n leading to information disclosure. (CVE-2022-23825)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-7110.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0494\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1353\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.18.0-372.32.1.0.1.el8_6'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-7110');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.18';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-4.18.0-372.32.1.0.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-372.32.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-372.32.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-4.18.0'},\n {'reference':'kernel-abi-stablelists-4.18.0-372.32.1.0.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-stablelists-4.18.0'},\n {'reference':'kernel-core-4.18.0-372.32.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-core-4.18.0'},\n {'reference':'kernel-cross-headers-4.18.0-372.32.1.0.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-cross-headers-4.18.0'},\n {'reference':'kernel-cross-headers-4.18.0-372.32.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-cross-headers-4.18.0'},\n {'reference':'kernel-debug-4.18.0-372.32.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-4.18.0'},\n {'reference':'kernel-debug-core-4.18.0-372.32.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-core-4.18.0'},\n {'reference':'kernel-debug-devel-4.18.0-372.32.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-4.18.0'},\n {'reference':'kernel-debug-modules-4.18.0-372.32.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-4.18.0'},\n {'reference':'kernel-debug-modules-extra-4.18.0-372.32.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-extra-4.18.0'},\n {'reference':'kernel-devel-4.18.0-372.32.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-4.18.0'},\n {'reference':'kernel-headers-4.18.0-372.32.1.0.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-4.18.0'},\n {'reference':'kernel-headers-4.18.0-372.32.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-4.18.0'},\n {'reference':'kernel-modules-4.18.0-372.32.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-4.18.0'},\n {'reference':'kernel-modules-extra-4.18.0-372.32.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-extra-4.18.0'},\n {'reference':'kernel-tools-4.18.0-372.32.1.0.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-4.18.0'},\n {'reference':'kernel-tools-4.18.0-372.32.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-4.18.0'},\n {'reference':'kernel-tools-libs-4.18.0-372.32.1.0.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-4.18.0'},\n {'reference':'kernel-tools-libs-4.18.0-372.32.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-4.18.0'},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.32.1.0.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-4.18.0'},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.32.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-4.18.0'},\n {'reference':'perf-4.18.0-372.32.1.0.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-372.32.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-372.32.1.0.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-372.32.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / etc');\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-01-25T08:46:44", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7134 advisory.\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. (CVE-2022-1353)\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. (CVE-2022-23825)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-10-26T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : kernel-rt (ALSA-2022:7134)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0494", "CVE-2022-1353", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:alma:linux:kernel-rt", "p-cpe:/a:alma:linux:kernel-rt-core", "p-cpe:/a:alma:linux:kernel-rt-debug", "p-cpe:/a:alma:linux:kernel-rt-debug-core", "p-cpe:/a:alma:linux:kernel-rt-debug-devel", "p-cpe:/a:alma:linux:kernel-rt-debug-kvm", "p-cpe:/a:alma:linux:kernel-rt-debug-modules", "p-cpe:/a:alma:linux:kernel-rt-debug-modules-extra", "p-cpe:/a:alma:linux:kernel-rt-devel", "p-cpe:/a:alma:linux:kernel-rt-kvm", "p-cpe:/a:alma:linux:kernel-rt-modules", "p-cpe:/a:alma:linux:kernel-rt-modules-extra", "cpe:/o:alma:linux:8", "cpe:/o:alma:linux:8::nfv", "cpe:/o:alma:linux:8::realtime"], "id": "ALMA_LINUX_ALSA-2022-7134.NASL", "href": "https://www.tenable.com/plugins/nessus/166523", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:7134.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166523);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\n \"CVE-2022-0494\",\n \"CVE-2022-1353\",\n \"CVE-2022-2588\",\n \"CVE-2022-23816\",\n \"CVE-2022-23825\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\"\n );\n script_xref(name:\"ALSA\", value:\"2022:7134\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"AlmaLinux 8 : kernel-rt (ALSA-2022:7134)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2022:7134 advisory.\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in\n the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or\n CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This\n flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a\n leak of internal kernel information. (CVE-2022-1353)\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially\n leading to information disclosure. (CVE-2022-23825)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2022-7134.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0494\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1353\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(200, 212, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8::nfv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8::realtime\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-0494', 'CVE-2022-1353', 'CVE-2022-2588', 'CVE-2022-23816', 'CVE-2022-23825', 'CVE-2022-29900', 'CVE-2022-29901');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ALSA-2022:7134');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'kernel-rt-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc');\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-03-21T22:36:52", "description": "The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7134 advisory.\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. (CVE-2022-1353)\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. (CVE-2022-23825)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-11-17T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : kernel-rt (RLSA-2022:7134)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0494", "CVE-2022-1353", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2023-03-21T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:kernel-rt", "p-cpe:/a:rocky:linux:kernel-rt-core", "p-cpe:/a:rocky:linux:kernel-rt-debug", "p-cpe:/a:rocky:linux:kernel-rt-debug-core", "p-cpe:/a:rocky:linux:kernel-rt-debug-debuginfo", "p-cpe:/a:rocky:linux:kernel-rt-debug-devel", "p-cpe:/a:rocky:linux:kernel-rt-debug-kvm", "p-cpe:/a:rocky:linux:kernel-rt-debug-modules", "p-cpe:/a:rocky:linux:kernel-rt-debug-modules-extra", "p-cpe:/a:rocky:linux:kernel-rt-debuginfo", "p-cpe:/a:rocky:linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:rocky:linux:kernel-rt-devel", "p-cpe:/a:rocky:linux:kernel-rt-kvm", "p-cpe:/a:rocky:linux:kernel-rt-modules", "p-cpe:/a:rocky:linux:kernel-rt-modules-extra", "cpe:/o:rocky:linux:8"], "id": "ROCKY_LINUX_RLSA-2022-7134.NASL", "href": "https://www.tenable.com/plugins/nessus/167807", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2022:7134.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167807);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\n \"CVE-2022-0494\",\n \"CVE-2022-1353\",\n \"CVE-2022-2588\",\n \"CVE-2022-23816\",\n \"CVE-2022-23825\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\"\n );\n script_xref(name:\"RLSA\", value:\"2022:7134\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"Rocky Linux 8 : kernel-rt (RLSA-2022:7134)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nRLSA-2022:7134 advisory.\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in\n the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or\n CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This\n flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a\n leak of internal kernel information. (CVE-2022-1353)\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially\n leading to information disclosure. (CVE-2022-23825)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2022:7134\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RockyLinux/release');\nif (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-0494', 'CVE-2022-1353', 'CVE-2022-2588', 'CVE-2022-23816', 'CVE-2022-23825', 'CVE-2022-29900', 'CVE-2022-29901');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RLSA-2022:7134');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'reference':'kernel-rt-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-debuginfo-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debuginfo-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debuginfo-common-x86_64-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc');\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-03-21T22:35:59", "description": "The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7110 advisory.\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. (CVE-2022-1353)\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. (CVE-2022-23825)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-11-17T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : kernel (RLSA-2022:7110)", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0494", "CVE-2022-1353", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2023-03-21T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:bpftool", "p-cpe:/a:rocky:linux:bpftool-debuginfo", "p-cpe:/a:rocky:linux:kernel", "p-cpe:/a:rocky:linux:kernel-abi-stablelists", "p-cpe:/a:rocky:linux:kernel-core", "p-cpe:/a:rocky:linux:kernel-cross-headers", "p-cpe:/a:rocky:linux:kernel-debug", "p-cpe:/a:rocky:linux:kernel-debug-core", "p-cpe:/a:rocky:linux:kernel-debug-debuginfo", "p-cpe:/a:rocky:linux:kernel-debug-devel", "p-cpe:/a:rocky:linux:kernel-debug-modules", "p-cpe:/a:rocky:linux:kernel-debug-modules-extra", "p-cpe:/a:rocky:linux:kernel-debuginfo", "p-cpe:/a:rocky:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:rocky:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:rocky:linux:kernel-devel", "p-cpe:/a:rocky:linux:kernel-headers", "p-cpe:/a:rocky:linux:kernel-modules", "p-cpe:/a:rocky:linux:kernel-modules-extra", "p-cpe:/a:rocky:linux:kernel-tools", "p-cpe:/a:rocky:linux:kernel-tools-debuginfo", "p-cpe:/a:rocky:linux:kernel-tools-libs", "p-cpe:/a:rocky:linux:kernel-tools-libs-devel", "p-cpe:/a:rocky:linux:perf", "p-cpe:/a:rocky:linux:perf-debuginfo", "p-cpe:/a:rocky:linux:python3-perf", "p-cpe:/a:rocky:linux:python3-perf-debuginfo", "cpe:/o:rocky:linux:8"], "id": "ROCKY_LINUX_RLSA-2022-7110.NASL", "href": "https://www.tenable.com/plugins/nessus/167817", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2022:7110.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167817);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\n \"CVE-2022-0494\",\n \"CVE-2022-1353\",\n \"CVE-2022-2588\",\n \"CVE-2022-23816\",\n \"CVE-2022-23825\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\"\n );\n script_xref(name:\"RLSA\", value:\"2022:7110\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"Rocky Linux 8 : kernel (RLSA-2022:7110)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nRLSA-2022:7110 advisory.\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in\n the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or\n CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This\n flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a\n leak of internal kernel information. (CVE-2022-1353)\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially\n leading to information disclosure. (CVE-2022-23825)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2022:7110\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:python3-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RockyLinux/release');\nif (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-0494', 'CVE-2022-1353', 'CVE-2022-2588', 'CVE-2022-23816', 'CVE-2022-23825', 'CVE-2022-29900', 'CVE-2022-29901');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RLSA-2022:7110');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'reference':'bpftool-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-debuginfo-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-debuginfo-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-372.32.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-debuginfo-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-debuginfo-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-aarch64-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-x86_64-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-debuginfo-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-debuginfo-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / bpftool-debuginfo / kernel / kernel-abi-stablelists / etc');\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-01-26T04:17:33", "description": "The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3102 advisory.\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-12T00:00:00", "type": "nessus", "title": "Debian DLA-3102-1 : linux-5.10 - LTS security update", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2585", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-26373", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-36879", "CVE-2022-36946"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:linux-config-5.10", "p-cpe:/a:debian:debian_linux:linux-doc-5.10", "p-cpe:/a:debian:debian_linux:linux-headers-5.10-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-5.10-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-5.10-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.17-686", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.17-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.17-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.17-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.17-armmp", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.17-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.17-cloud-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.17-cloud-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.17-common", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.17-common-rt", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.17-rt-686-pae", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.17-rt-amd64", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.17-rt-arm64", "p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.17-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-image-5.10-686-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10-amd64-signed-template", "p-cpe:/a:debian:debian_linux:linux-image-5.10-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10-arm64-signed-template", "p-cpe:/a:debian:debian_linux:linux-image-5.10-armmp", "p-cpe:/a:debian:debian_linux:linux-image-5.10-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-5.10-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10-cloud-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10-cloud-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10-i386-signed-template", "p-cpe:/a:debian:debian_linux:linux-image-5.10-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10-rt-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-image-5.10-rt-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-686-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-686-pae-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-686-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-amd64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-arm64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-armmp", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-armmp-lpae", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-armmp-lpae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-cloud-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-cloud-amd64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-cloud-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-cloud-arm64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-rt-686-pae-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-rt-686-pae-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-rt-amd64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-rt-amd64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-rt-arm64-dbg", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-rt-arm64-unsigned", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-rt-armmp", "p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-rt-armmp-dbg", "p-cpe:/a:debian:debian_linux:linux-kbuild-5.10", "p-cpe:/a:debian:debian_linux:linux-perf-5.10", "p-cpe:/a:debian:debian_linux:linux-source-5.10", "p-cpe:/a:debian:debian_linux:linux-support-5.10.0-0.deb10.17", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DLA-3102.NASL", "href": "https://www.tenable.com/plugins/nessus/164947", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dla-3102. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164947);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\n \"CVE-2022-2585\",\n \"CVE-2022-2586\",\n \"CVE-2022-2588\",\n \"CVE-2022-26373\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-36879\",\n \"CVE-2022-36946\"\n );\n\n script_name(english:\"Debian DLA-3102-1 : linux-5.10 - LTS security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndla-3102 advisory.\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in\n net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/linux-5.10\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/lts/security/2022/dla-3102\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2585\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-26373\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-29901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-36879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-36946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/buster/linux-5.10\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the linux-5.10 packages.\n\nFor Debian 10 buster, these problems have been fixed in version 5.10.136-1~deb10u3.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29900\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-29901\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-config-5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.17-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.17-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.17-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.17-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.17-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.17-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.17-cloud-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.17-cloud-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.17-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.17-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.17-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.17-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.17-rt-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-0.deb10.17-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10-amd64-signed-template\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10-arm64-signed-template\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10-cloud-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10-cloud-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10-i386-signed-template\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10-rt-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10-rt-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-686-pae-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-686-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-amd64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-arm64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-cloud-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-cloud-amd64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-cloud-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-cloud-arm64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-rt-686-pae-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-rt-amd64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-rt-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-rt-arm64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-0.deb10.17-rt-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-5.10.0-0.deb10.17\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(10)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 10.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '10.0', 'prefix': 'linux-config-5.10', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-doc-5.10', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-headers-5.10-armmp', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-headers-5.10-armmp-lpae', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-headers-5.10-rt-armmp', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.17-686', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.17-686-pae', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.17-amd64', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.17-arm64', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.17-armmp', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.17-armmp-lpae', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.17-cloud-amd64', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.17-cloud-arm64', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.17-common', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.17-common-rt', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.17-rt-686-pae', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.17-rt-amd64', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.17-rt-arm64', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-headers-5.10.0-0.deb10.17-rt-armmp', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10-686-dbg', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10-686-pae-dbg', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10-amd64-dbg', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10-amd64-signed-template', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10-arm64-dbg', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10-arm64-signed-template', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10-armmp', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10-armmp-dbg', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10-armmp-lpae', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10-armmp-lpae-dbg', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10-cloud-amd64-dbg', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10-cloud-arm64-dbg', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10-i386-signed-template', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10-rt-686-pae-dbg', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10-rt-amd64-dbg', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10-rt-arm64-dbg', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10-rt-armmp', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10-rt-armmp-dbg', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.17-686-dbg', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.17-686-pae-dbg', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.17-686-pae-unsigned', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.17-686-unsigned', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.17-amd64-dbg', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.17-amd64-unsigned', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.17-arm64-dbg', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.17-arm64-unsigned', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.17-armmp', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.17-armmp-dbg', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.17-armmp-lpae', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.17-armmp-lpae-dbg', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.17-cloud-amd64-dbg', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.17-cloud-amd64-unsigned', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.17-cloud-arm64-dbg', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.17-cloud-arm64-unsigned', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.17-rt-686-pae-dbg', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.17-rt-686-pae-unsigned', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.17-rt-amd64-dbg', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.17-rt-amd64-unsigned', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.17-rt-arm64-dbg', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.17-rt-arm64-unsigned', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.17-rt-armmp', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-image-5.10.0-0.deb10.17-rt-armmp-dbg', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-kbuild-5.10', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-perf-5.10', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-source-5.10', 'reference': '5.10.136-1~deb10u3'},\n {'release': '10.0', 'prefix': 'linux-support-5.10.0-0.deb10.17', 'reference': '5.10.136-1~deb10u3'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'linux-config-5.10 / linux-doc-5.10 / linux-headers-5.10-armmp / etc');\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-25T16:30:25", "description": "The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5207 advisory.\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-16T00:00:00", "type": "nessus", "title": "Debian DSA-5207-1 : linux - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2585", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-26373", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-36879", "CVE-2022-36946"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-libc-dev:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usbip:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:hyperv-daemons:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libcpupower-dev:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:libcpupower1:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-cpupower:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-amd64-signed-template:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-arm64-signed-template:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-i386-signed-template:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:bpftool:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-compiler-gcc-10-arm:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-compiler-gcc-10-s390:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-compiler-gcc-10-x86:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-config-5.10:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-doc:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-doc-5.10:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-headers-4kc-malta:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-headers-5kc-malta:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-headers-armmp:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-headers-armmp-lpae:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-headers-loongson-3:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-headers-marvell:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-headers-octeon:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-headers-powerpc64le:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-headers-rpi:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-headers-rt-armmp:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-headers-s390x:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-4kc-malta:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-4kc-malta-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5kc-malta:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5kc-malta-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-686-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-686-pae-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-amd64-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-arm64-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-armmp:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-armmp-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-armmp-lpae:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-armmp-lpae-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-cloud-amd64-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-cloud-arm64-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-loongson-3:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-loongson-3-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-marvell:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-marvell-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-octeon:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-octeon-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-powerpc64le:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-powerpc64le-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-rpi:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-rpi-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-rt-686-pae-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-rt-amd64-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-rt-arm64-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-rt-armmp:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-rt-armmp-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-s390x:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-s390x-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-kbuild-5.10:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-perf:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-perf-5.10:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-source:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-source-5.10:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:affs-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:affs-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:affs-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:affs-modules-5.10.0-13-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ata-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ata-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ata-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ata-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ata-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:btrfs-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:btrfs-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:btrfs-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:btrfs-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:btrfs-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:btrfs-modules-5.10.0-13-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:btrfs-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:btrfs-modules-5.10.0-13-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:cdrom-core-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:cdrom-core-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:cdrom-core-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:cdrom-core-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:cdrom-core-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:cdrom-core-modules-5.10.0-13-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:cdrom-core-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:cdrom-core-modules-5.10.0-13-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crc-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crc-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crc-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crc-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crc-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crc-modules-5.10.0-13-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crc-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crc-modules-5.10.0-13-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crypto-dm-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crypto-dm-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crypto-dm-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crypto-dm-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crypto-dm-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crypto-dm-modules-5.10.0-13-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crypto-dm-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crypto-dm-modules-5.10.0-13-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crypto-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crypto-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crypto-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crypto-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crypto-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crypto-modules-5.10.0-13-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crypto-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crypto-modules-5.10.0-13-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:dasd-extra-modules-5.10.0-13-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:dasd-modules-5.10.0-13-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:efi-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:event-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:event-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:event-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:event-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:event-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:event-modules-5.10.0-13-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:event-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ext4-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ext4-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ext4-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ext4-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ext4-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ext4-modules-5.10.0-13-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ext4-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ext4-modules-5.10.0-13-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:f2fs-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:f2fs-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:f2fs-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:f2fs-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:f2fs-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:f2fs-modules-5.10.0-13-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:f2fs-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:f2fs-modules-5.10.0-13-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fancontrol-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fat-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fat-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fat-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fat-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fat-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fat-modules-5.10.0-13-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fat-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fat-modules-5.10.0-13-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fb-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fb-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fb-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fb-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fb-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fb-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:firewire-core-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:firewire-core-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fuse-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fuse-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fuse-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fuse-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fuse-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fuse-modules-5.10.0-13-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fuse-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fuse-modules-5.10.0-13-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:hypervisor-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:i2c-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:i2c-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:i2c-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:i2c-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:input-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:input-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:input-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:input-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:input-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:input-modules-5.10.0-13-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:input-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ipv6-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:isofs-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:isofs-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:isofs-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:isofs-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:isofs-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:isofs-modules-5.10.0-13-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:isofs-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:isofs-modules-5.10.0-13-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:jffs2-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:jfs-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:jfs-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:jfs-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:jfs-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:jfs-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:jfs-modules-5.10.0-13-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:jfs-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:kernel-image-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:kernel-image-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:kernel-image-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:kernel-image-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:kernel-image-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:kernel-image-5.10.0-13-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:kernel-image-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:kernel-image-5.10.0-13-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:leds-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:leds-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:loop-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:loop-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:loop-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:loop-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:loop-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:loop-modules-5.10.0-13-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:loop-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:loop-modules-5.10.0-13-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:md-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:md-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:md-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:md-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:md-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:md-modules-5.10.0-13-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:md-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:md-modules-5.10.0-13-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:minix-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:minix-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:minix-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:minix-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:minix-modules-5.10.0-13-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:mmc-core-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:mmc-core-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:mmc-core-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:mmc-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:mmc-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:mmc-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:mmc-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:mouse-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:mouse-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:mouse-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:mouse-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:mtd-core-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:mtd-core-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:mtd-core-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:mtd-core-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:mtd-core-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:mtd-core-modules-5.10.0-13-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:mtd-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:mtd-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:multipath-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:multipath-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:multipath-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:multipath-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:multipath-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:multipath-modules-5.10.0-13-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:multipath-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:multipath-modules-5.10.0-13-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nbd-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nbd-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nbd-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nbd-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nbd-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nbd-modules-5.10.0-13-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nbd-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nbd-modules-5.10.0-13-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nfs-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-modules-5.10.0-13-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-modules-5.10.0-13-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-shared-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-shared-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-shared-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-shared-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-shared-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-shared-modules-5.10.0-13-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-shared-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-usb-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-usb-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-usb-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-usb-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-usb-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-usb-modules-5.10.0-13-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-usb-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-wireless-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-wireless-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-wireless-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-wireless-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-wireless-modules-5.10.0-13-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-wireless-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:pata-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:pata-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:pata-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:pata-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:pata-modules-5.10.0-13-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ppp-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ppp-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ppp-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ppp-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ppp-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ppp-modules-5.10.0-13-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ppp-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:rtc-modules-5.10.0-13-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:sata-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:sata-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:sata-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:sata-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:sata-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:sata-modules-5.10.0-13-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:sata-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-core-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-core-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-core-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-core-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-core-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-core-modules-5.10.0-13-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-core-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-core-modules-5.10.0-13-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-modules-5.10.0-13-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-modules-5.10.0-13-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-nic-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-nic-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-nic-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-nic-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-nic-modules-5.10.0-13-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-nic-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:serial-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:sound-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:sound-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:sound-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:sound-modules-5.10.0-13-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:speakup-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:squashfs-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:squashfs-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:squashfs-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:squashfs-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:squashfs-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:squashfs-modules-5.10.0-13-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:squashfs-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:udf-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:udf-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:udf-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:udf-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:udf-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:udf-modules-5.10.0-13-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:udf-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:udf-modules-5.10.0-13-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:uinput-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:uinput-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:uinput-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-modules-5.10.0-13-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-serial-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-serial-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-serial-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-serial-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-serial-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-serial-modules-5.10.0-13-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-serial-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-storage-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-storage-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-storage-modules-5.10.0-13-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-storage-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-storage-modules-5.10.0-13-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-storage-modules-5.10.0-13-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-storage-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:xfs-modules-5.10.0-13-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:xfs-modules-5.10.0-13-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:xfs-modules-5.10.0-13-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:xfs-modules-5.10.0-13-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:xfs-modules-5.10.0-13-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:xfs-modules-5.10.0-13-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:affs-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:affs-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:affs-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:affs-modules-5.10.0-16-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ata-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ata-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ata-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ata-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ata-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:btrfs-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:btrfs-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:btrfs-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:btrfs-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:btrfs-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:btrfs-modules-5.10.0-16-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:btrfs-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:btrfs-modules-5.10.0-16-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:cdrom-core-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:cdrom-core-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:cdrom-core-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:cdrom-core-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:cdrom-core-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:cdrom-core-modules-5.10.0-16-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:cdrom-core-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:cdrom-core-modules-5.10.0-16-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crc-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crc-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crc-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crc-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crc-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crc-modules-5.10.0-16-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crc-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crc-modules-5.10.0-16-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crypto-dm-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crypto-dm-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crypto-dm-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crypto-dm-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crypto-dm-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crypto-dm-modules-5.10.0-16-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crypto-dm-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crypto-dm-modules-5.10.0-16-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crypto-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crypto-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crypto-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crypto-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crypto-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crypto-modules-5.10.0-16-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crypto-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:crypto-modules-5.10.0-16-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:dasd-extra-modules-5.10.0-16-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:dasd-modules-5.10.0-16-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:efi-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:event-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:event-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:event-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:event-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:event-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:event-modules-5.10.0-16-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:event-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ext4-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ext4-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ext4-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ext4-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ext4-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ext4-modules-5.10.0-16-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ext4-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ext4-modules-5.10.0-16-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:f2fs-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:f2fs-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:f2fs-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:f2fs-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:f2fs-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:f2fs-modules-5.10.0-16-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:f2fs-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:f2fs-modules-5.10.0-16-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fancontrol-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fat-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fat-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fat-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fat-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fat-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fat-modules-5.10.0-16-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fat-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fat-modules-5.10.0-16-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fb-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fb-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fb-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fb-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fb-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fb-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:firewire-core-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:firewire-core-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fuse-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fuse-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fuse-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fuse-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fuse-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fuse-modules-5.10.0-16-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fuse-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:fuse-modules-5.10.0-16-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:hypervisor-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:i2c-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:i2c-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:i2c-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:i2c-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:input-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:input-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:input-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:input-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:input-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:input-modules-5.10.0-16-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:input-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ipv6-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:isofs-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:isofs-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:isofs-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:isofs-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:isofs-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:isofs-modules-5.10.0-16-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:isofs-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:isofs-modules-5.10.0-16-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:jffs2-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:jfs-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:jfs-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:jfs-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:jfs-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:jfs-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:jfs-modules-5.10.0-16-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:jfs-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:kernel-image-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:kernel-image-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:kernel-image-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:kernel-image-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:kernel-image-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:kernel-image-5.10.0-16-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:kernel-image-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:kernel-image-5.10.0-16-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:leds-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:leds-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-headers-5.10.0-13-4kc-malta:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-headers-5.10.0-13-5kc-malta:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-headers-5.10.0-13-686:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-headers-5.10.0-13-686-pae:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-headers-5.10.0-13-amd64:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-headers-5.10.0-13-arm64:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-headers-5.10.0-13-armmp:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-headers-5.10.0-13-armmp-lpae:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-headers-5.10.0-13-cloud-amd64:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-headers-5.10.0-13-cloud-arm64:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-headers-5.10.0-13-common:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-headers-5.10.0-13-common-rt:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-headers-5.10.0-13-loongson-3:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-headers-5.10.0-13-marvell:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-headers-5.10.0-13-octeon:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-headers-5.10.0-13-powerpc64le:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-headers-5.10.0-13-rpi:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-headers-5.10.0-13-rt-686-pae:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-headers-5.10.0-13-rt-amd64:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-headers-5.10.0-13-rt-arm64:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-headers-5.10.0-13-rt-armmp:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-headers-5.10.0-13-s390x:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-4kc-malta:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-4kc-malta-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-5kc-malta:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-5kc-malta-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-686-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-686-pae-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-686-pae-unsigned:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-686-unsigned:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-amd64-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-amd64-unsigned:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-arm64-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-arm64-unsigned:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-armmp:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-armmp-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-armmp-lpae:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-armmp-lpae-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-cloud-amd64-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-cloud-amd64-unsigned:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-cloud-arm64-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-cloud-arm64-unsigned:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-loongson-3:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-loongson-3-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-marvell:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-marvell-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-octeon:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-octeon-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-powerpc64le:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-powerpc64le-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-rpi:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-rpi-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-rt-686-pae-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-rt-686-pae-unsigned:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-rt-amd64-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-rt-amd64-unsigned:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-rt-arm64-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-rt-arm64-unsigned:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-rt-armmp:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-rt-armmp-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-s390x:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-image-5.10.0-13-s390x-dbg:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:linux-support-5.10.0-13:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:loop-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:loop-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:loop-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:loop-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:loop-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:loop-modules-5.10.0-16-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:loop-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:loop-modules-5.10.0-16-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:md-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:md-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:md-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:md-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:md-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:md-modules-5.10.0-16-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:md-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:md-modules-5.10.0-16-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:minix-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:minix-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:minix-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:minix-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:minix-modules-5.10.0-16-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:mmc-core-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:mmc-core-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:mmc-core-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:mmc-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:mmc-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:mmc-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:mmc-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:mouse-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:mouse-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:mouse-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:mouse-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:mtd-core-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:mtd-core-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:mtd-core-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:mtd-core-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:mtd-core-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:mtd-core-modules-5.10.0-16-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:mtd-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:mtd-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:multipath-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:multipath-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:multipath-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:multipath-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:multipath-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:multipath-modules-5.10.0-16-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:multipath-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:multipath-modules-5.10.0-16-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nbd-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nbd-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nbd-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nbd-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nbd-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nbd-modules-5.10.0-16-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nbd-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nbd-modules-5.10.0-16-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nfs-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-modules-5.10.0-16-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-modules-5.10.0-16-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-shared-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-shared-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-shared-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-shared-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-shared-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-shared-modules-5.10.0-16-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-shared-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-usb-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-usb-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-usb-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-usb-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-usb-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-usb-modules-5.10.0-16-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-usb-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-wireless-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-wireless-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-wireless-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-wireless-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-wireless-modules-5.10.0-16-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:nic-wireless-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:pata-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:pata-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:pata-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:pata-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:pata-modules-5.10.0-16-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ppp-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ppp-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ppp-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ppp-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ppp-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ppp-modules-5.10.0-16-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ppp-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:rtc-modules-5.10.0-16-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:sata-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:sata-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:sata-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:sata-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:sata-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:sata-modules-5.10.0-16-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:sata-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-core-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-core-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-core-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-core-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-core-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-core-modules-5.10.0-16-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-core-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-core-modules-5.10.0-16-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-modules-5.10.0-16-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-modules-5.10.0-16-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-nic-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-nic-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-nic-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-nic-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-nic-modules-5.10.0-16-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:scsi-nic-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:serial-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:sound-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:sound-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:sound-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:sound-modules-5.10.0-16-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:speakup-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:squashfs-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:squashfs-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:squashfs-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:squashfs-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:squashfs-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:squashfs-modules-5.10.0-16-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:squashfs-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:udf-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:udf-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:udf-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:udf-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:udf-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:udf-modules-5.10.0-16-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:udf-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:udf-modules-5.10.0-16-s390x-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:uinput-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:uinput-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:uinput-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-modules-5.10.0-16-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-serial-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-serial-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-serial-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-serial-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-serial-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-serial-modules-5.10.0-16-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-serial-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-storage-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-storage-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-storage-modules-5.10.0-16-armmp-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-storage-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-storage-modules-5.10.0-16-marvell-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-storage-modules-5.10.0-16-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:usb-storage-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:xfs-modules-5.10.0-16-4kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:xfs-modules-5.10.0-16-5kc-malta-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:xfs-modules-5.10.0-16-loongson-3-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:xfs-modules-5.10.0-16-octeon-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:xfs-modules-5.10.0-16-powerpc64le-di:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:xfs-modules-5.10.0-16-s390x-di:*:*:*:*:*:*:*"], "id": "DEBIAN_DSA-5207.NASL", "href": "https://www.tenable.com/plugins/nessus/164150", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5207. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164150);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\n \"CVE-2022-2585\",\n \"CVE-2022-2586\",\n \"CVE-2022-2588\",\n \"CVE-2022-26373\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-36879\",\n \"CVE-2022-36946\"\n );\n\n script_name(english:\"Debian DSA-5207-1 : linux - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5207 advisory.\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in\n net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/linux\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5207\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2585\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-26373\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-29901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-36879\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-36946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/linux\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the linux packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 5.10.136-1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29900\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-29901\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:affs-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ata-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:btrfs-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cdrom-core-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crc-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-dm-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:crypto-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:dasd-extra-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:dasd-extra-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:dasd-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:dasd-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:efi-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:efi-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:event-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ext4-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:f2fs-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fancontrol-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fancontrol-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fat-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fb-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firewire-core-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firewire-core-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firewire-core-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:firewire-core-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fuse-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:hyperv-daemons\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:hypervisor-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:hypervisor-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:i2c-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:input-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ipv6-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ipv6-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:isofs-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jffs2-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jffs2-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:jfs-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:kernel-image-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:leds-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:leds-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:leds-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:leds-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libcpupower1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-10-arm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-10-s390\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-compiler-gcc-10-x86\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-config-5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-cpupower\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-doc-5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-cloud-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-cloud-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-common-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-rt-686-pae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-rt-amd64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-rt-arm64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5.10.0-13-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-headers-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-4kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-4kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-4kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-5kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-686-pae-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-686-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-amd64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-arm64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-cloud-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-cloud-amd64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-cloud-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-cloud-arm64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-loongson-3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-octeon-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-powerpc64le-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rpi-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-686-pae-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-amd64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-arm64-unsigned\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-rt-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5.10.0-13-s390x-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5kc-malta\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-5kc-malta-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-686-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-amd64-signed-template\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-arm64-signed-template\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-armmp-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-armmp-lpae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-cloud-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-cloud-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-i386-signed-template\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-loongson-3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-loongson-3-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-marvell\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-marvell-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-octeon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-octeon-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-powerpc64le\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-powerpc64le-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-rpi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-rpi-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-rt-686-pae-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-rt-amd64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-rt-arm64-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-rt-armmp\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-rt-armmp-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-image-s390x-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-kbuild-5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-libc-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-perf-5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-source-5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:linux-support-5.10.0-13\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:loop-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:md-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:minix-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-core-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mmc-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mouse-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-core-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mtd-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:multipath-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nbd-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nfs-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nfs-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-shared-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-usb-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:nic-wireless-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:pata-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ppp-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:rtc-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:rtc-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sata-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-core-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:scsi-nic-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:serial-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:serial-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sound-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:speakup-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:speakup-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:squashfs-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:udf-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:uinput-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-serial-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-13-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-13-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-16-armmp-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-16-marvell-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usb-storage-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:usbip\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-13-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-13-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-13-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-13-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-13-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-13-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-16-4kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-16-5kc-malta-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-16-loongson-3-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-16-octeon-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-16-powerpc64le-di\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:xfs-modules-5.10.0-16-s390x-di\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'affs-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'affs-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'affs-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'affs-modules-5.10.0-13-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'affs-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'affs-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'affs-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'affs-modules-5.10.0-16-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ata-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'bpftool', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-13-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-13-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-16-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'btrfs-modules-5.10.0-16-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-13-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-13-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-16-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'cdrom-core-modules-5.10.0-16-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-13-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-13-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-16-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crc-modules-5.10.0-16-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-13-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-13-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-16-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crypto-dm-modules-5.10.0-16-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-13-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-13-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-16-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'crypto-modules-5.10.0-16-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'dasd-extra-modules-5.10.0-13-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'dasd-extra-modules-5.10.0-16-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'dasd-modules-5.10.0-13-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'dasd-modules-5.10.0-16-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'efi-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'efi-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-13-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-16-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'event-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-13-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-13-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-16-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ext4-modules-5.10.0-16-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-13-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-13-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-16-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'f2fs-modules-5.10.0-16-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fancontrol-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fancontrol-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-13-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-13-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-16-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fat-modules-5.10.0-16-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fb-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'firewire-core-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'firewire-core-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'firewire-core-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'firewire-core-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-13-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-13-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-16-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'fuse-modules-5.10.0-16-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'hyperv-daemons', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'hypervisor-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'hypervisor-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'i2c-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'i2c-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'i2c-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'i2c-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'i2c-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'i2c-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'i2c-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'i2c-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-13-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-16-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'input-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ipv6-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ipv6-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-13-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-13-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-16-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'isofs-modules-5.10.0-16-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'jffs2-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'jffs2-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-13-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-16-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'jfs-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-13-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-13-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-16-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'kernel-image-5.10.0-16-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'leds-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'leds-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'leds-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'leds-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'libcpupower-dev', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'libcpupower1', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-compiler-gcc-10-arm', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-compiler-gcc-10-s390', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-compiler-gcc-10-x86', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-config-5.10', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-cpupower', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-doc', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-doc-5.10', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-headers-4kc-malta', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-4kc-malta', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-5kc-malta', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-686', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-686-pae', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-amd64', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-arm64', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-armmp', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-armmp-lpae', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-cloud-amd64', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-cloud-arm64', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-common', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-common-rt', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-loongson-3', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-marvell', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-octeon', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-powerpc64le', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-rpi', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-rt-686-pae', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-rt-amd64', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-rt-arm64', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-rt-armmp', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5.10.0-13-s390x', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-headers-5kc-malta', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-headers-armmp', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-headers-armmp-lpae', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-headers-loongson-3', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-headers-marvell', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-headers-octeon', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-headers-powerpc64le', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-headers-rpi', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-headers-rt-armmp', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-headers-s390x', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-4kc-malta', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-4kc-malta-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-4kc-malta', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-4kc-malta-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-5kc-malta', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-5kc-malta-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-686-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-686-pae-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-686-pae-unsigned', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-686-unsigned', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-amd64-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-amd64-unsigned', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-arm64-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-arm64-unsigned', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-armmp', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-armmp-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-armmp-lpae', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-armmp-lpae-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-cloud-amd64-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-cloud-amd64-unsigned', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-cloud-arm64-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-cloud-arm64-unsigned', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-loongson-3', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-loongson-3-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-marvell', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-marvell-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-octeon', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-octeon-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-powerpc64le', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-powerpc64le-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-rpi', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-rpi-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-rt-686-pae-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-rt-686-pae-unsigned', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-rt-amd64-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-rt-amd64-unsigned', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-rt-arm64-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-rt-arm64-unsigned', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-rt-armmp', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-rt-armmp-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-s390x', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5.10.0-13-s390x-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5kc-malta', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-5kc-malta-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-686-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-686-pae-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-amd64-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-amd64-signed-template', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-arm64-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-arm64-signed-template', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-armmp', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-armmp-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-armmp-lpae', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-armmp-lpae-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-cloud-amd64-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-cloud-arm64-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-i386-signed-template', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-loongson-3', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-loongson-3-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-marvell', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-marvell-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-octeon', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-octeon-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-powerpc64le', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-powerpc64le-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-rpi', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-rpi-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-rt-686-pae-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-rt-amd64-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-rt-arm64-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-rt-armmp', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-rt-armmp-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-s390x', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-image-s390x-dbg', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-kbuild-5.10', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-libc-dev', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-perf', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-perf-5.10', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-source', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-source-5.10', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'linux-support-5.10.0-13', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-13-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-13-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-16-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'loop-modules-5.10.0-16-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-13-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-13-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-16-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'md-modules-5.10.0-16-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-13-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'minix-modules-5.10.0-16-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'mmc-core-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'mmc-core-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'mmc-core-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'mmc-core-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'mmc-core-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'mmc-core-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'mmc-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'mmc-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'mmc-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'mmc-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'mmc-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'mmc-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'mmc-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'mmc-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'mouse-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'mouse-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'mouse-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'mouse-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'mouse-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'mouse-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'mouse-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'mouse-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-13-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'mtd-core-modules-5.10.0-16-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'mtd-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'mtd-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'mtd-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'mtd-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-13-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-13-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-16-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'multipath-modules-5.10.0-16-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-13-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-13-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-16-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nbd-modules-5.10.0-16-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nfs-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nfs-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-13-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-13-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-16-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-modules-5.10.0-16-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-13-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-16-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-shared-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-13-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-16-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-usb-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-13-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-16-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'nic-wireless-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-13-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'pata-modules-5.10.0-16-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-13-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-16-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'ppp-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'rtc-modules-5.10.0-13-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'rtc-modules-5.10.0-16-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-13-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-16-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'sata-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-13-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-13-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-16-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-core-modules-5.10.0-16-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-13-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-13-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-16-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-modules-5.10.0-16-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-13-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-16-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'scsi-nic-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'serial-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'serial-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'sound-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'sound-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'sound-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'sound-modules-5.10.0-13-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'sound-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'sound-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'sound-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'sound-modules-5.10.0-16-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'speakup-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'speakup-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-13-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-16-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'squashfs-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-13-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-13-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-16-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'udf-modules-5.10.0-16-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'uinput-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'uinput-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'uinput-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'uinput-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'uinput-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'uinput-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-13-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-16-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-13-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-16-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-serial-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-13-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-13-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-13-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-16-armmp-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-16-marvell-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-16-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usb-storage-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'usbip', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'xfs-modules-5.10.0-13-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'xfs-modules-5.10.0-13-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'xfs-modules-5.10.0-13-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'xfs-modules-5.10.0-13-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'xfs-modules-5.10.0-13-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'xfs-modules-5.10.0-13-s390x-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'xfs-modules-5.10.0-16-4kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'xfs-modules-5.10.0-16-5kc-malta-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'xfs-modules-5.10.0-16-loongson-3-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'xfs-modules-5.10.0-16-octeon-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'xfs-modules-5.10.0-16-powerpc64le-di', 'reference': '5.10.136-1'},\n {'release': '11.0', 'prefix': 'xfs-modules-5.10.0-16-s390x-di', 'reference': '5.10.136-1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'affs-modules-5.10.0-13-4kc-malta-di / etc');\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-12T19:03:17", "description": "The version of kernel installed on the remote host is prior to 5.15.57-29.131. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2022-006 advisory.\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. (CVE-2022-23825)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\n - A bug in the IMA subsystem was discovered which would incorrectly allow kexec to be used when kernel lockdown was enabled (CVE-2022-21505) (CVE-2022-28693)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-23T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALASKERNEL-5.15-2022-006)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21505", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-26373", "CVE-2022-28693", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-36123"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:bpftool", "p-cpe:/a:amazon:linux:bpftool-debuginfo", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-livepatch-5.15.57-29.131", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALASKERNEL-5_15-2022-006.NASL", "href": "https://www.tenable.com/plugins/nessus/164362", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASKERNEL-5.15-2022-006.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164362);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2022-23816\",\n \"CVE-2022-23825\",\n \"CVE-2022-26373\",\n \"CVE-2022-28693\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-36123\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"Amazon Linux 2 : kernel (ALASKERNEL-5.15-2022-006)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 5.15.57-29.131. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2KERNEL-5.15-2022-006 advisory.\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially\n leading to information disclosure. (CVE-2022-23825)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\n - A bug in the IMA subsystem was discovered which would incorrectly allow kexec to be used when kernel\n lockdown was enabled (CVE-2022-21505) (CVE-2022-28693)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASKERNEL-5.15-2022-006.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-23816.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-23825.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-26373.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-28693.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-29900.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-29901.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29900\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-36123\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-5.15.57-29.131\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2022-23816\", \"CVE-2022-23825\", \"CVE-2022-26373\", \"CVE-2022-28693\", \"CVE-2022-29900\", \"CVE-2022-29901\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALASKERNEL-5.15-2022-006\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-5.15.57-29.131.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'bpftool-5.15.57-29.131.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'bpftool-debuginfo-5.15.57-29.131.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'bpftool-debuginfo-5.15.57-29.131.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-5.15.57-29.131.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-5.15.57-29.131.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-debuginfo-5.15.57-29.131.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-debuginfo-5.15.57-29.131.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-debuginfo-common-aarch64-5.15.57-29.131.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-debuginfo-common-x86_64-5.15.57-29.131.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-devel-5.15.57-29.131.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-devel-5.15.57-29.131.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-headers-5.15.57-29.131.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-headers-5.15.57-29.131.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-headers-5.15.57-29.131.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-livepatch-5.15.57-29.131-1.0-0.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-livepatch-5.15.57-29.131-1.0-0.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-5.15.57-29.131.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-5.15.57-29.131.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-debuginfo-5.15.57-29.131.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-debuginfo-5.15.57-29.131.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-devel-5.15.57-29.131.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-devel-5.15.57-29.131.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'perf-5.15.57-29.131.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'perf-5.15.57-29.131.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'perf-debuginfo-5.15.57-29.131.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'perf-debuginfo-5.15.57-29.131.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'python-perf-5.15.57-29.131.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'python-perf-5.15.57-29.131.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'python-perf-debuginfo-5.15.57-29.131.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'python-perf-debuginfo-5.15.57-29.131.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / etc\");\n}", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-03-16T04:27:13", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2379-1 advisory.\n\n - The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup.\n (CVE-2017-16525)\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.0, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-14T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2379-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.4, "vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16525", "CVE-2021-26341", "CVE-2021-4157", "CVE-2022-1679", "CVE-2022-20132", "CVE-2022-20141", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-33981"], "modified": "2023-03-10T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:12:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-source:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-syms:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-base:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-macros:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-2379-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163091", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2379-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163091);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2017-16525\",\n \"CVE-2021-4157\",\n \"CVE-2021-26341\",\n \"CVE-2022-1679\",\n \"CVE-2022-20132\",\n \"CVE-2022-20141\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-33981\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2379-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2379-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2379-1 advisory.\n\n - The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before\n 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have\n unspecified other impact via a crafted USB device, related to disconnection and failed setup.\n (CVE-2017-16525)\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result\n in data leakage. (CVE-2021-26341)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in\n the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could\n potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds\n read due to improper input validation. This could lead to local information disclosure if a malicious USB\n HID device were plugged in, with no additional execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream\n kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead\n to local escalation of privilege when opening and closing inet sockets with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of\n a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1066618\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1146519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201080\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-July/011540.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4d1744ad\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-16525\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26341\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20132\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33981\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4157\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-default-4.4.121-92.178.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'kernel-default-base-4.4.121-92.178.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'kernel-default-devel-4.4.121-92.178.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'kernel-devel-4.4.121-92.178.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'kernel-macros-4.4.121-92.178.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'kernel-source-4.4.121-92.178.1', 'sp':'2', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']},\n {'reference':'kernel-syms-4.4.121-92.178.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-default / kernel-default-base / kernel-default-devel / etc');\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-09T12:29:58", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2423-1 advisory.\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel (CVE-2022-20154)\n\n - AMD microprocessor families 15h to 18h are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.0, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-22T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : kernel (SUSE-SU-2022:2423-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.4, "vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26341", "CVE-2021-4157", "CVE-2022-1679", "CVE-2022-20132", "CVE-2022-20141", "CVE-2022-20154", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-33981"], "modified": "2022-07-22T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:cluster-md-kmp-default", "p-cpe:/a:novell:suse_linux:dlm-kmp-default", "p-cpe:/a:novell:suse_linux:gfs2-kmp-default", "p-cpe:/a:novell:suse_linux:kernel-default", "p-cpe:/a:novell:suse_linux:kernel-default-base", "p-cpe:/a:novell:suse_linux:kernel-default-devel", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch", "p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel", "p-cpe:/a:novell:suse_linux:kernel-devel", "p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_120-default", "p-cpe:/a:novell:suse_linux:kernel-macros", "p-cpe:/a:novell:suse_linux:kernel-obs-build", "p-cpe:/a:novell:suse_linux:kernel-preempt", "p-cpe:/a:novell:suse_linux:kernel-preempt-devel", "p-cpe:/a:novell:suse_linux:kernel-source", "p-cpe:/a:novell:suse_linux:kernel-syms", "p-cpe:/a:novell:suse_linux:ocfs2-kmp-default", "p-cpe:/a:novell:suse_linux:reiserfs-kmp-default", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2423-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163377", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2423-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163377);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/22\");\n\n script_cve_id(\n \"CVE-2021-4157\",\n \"CVE-2021-26341\",\n \"CVE-2022-1679\",\n \"CVE-2022-20132\",\n \"CVE-2022-20141\",\n \"CVE-2022-20154\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-33981\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2423-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : kernel (SUSE-SU-2022:2423-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2423-1 advisory.\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result\n in data leakage. (CVE-2021-26341)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in\n the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could\n potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds\n read due to improper input validation. This could lead to local information disclosure if a malicious USB\n HID device were plugged in, with no additional execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream\n kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead\n to local escalation of privilege when opening and closing inet sockets with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead\n to local escalation of privilege with System execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream\n kernel (CVE-2022-20154)\n\n - AMD microprocessor families 15h to 18h are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of\n a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200263\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201080\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-July/011576.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?06228e15\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26341\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20132\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33981\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4157\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cluster-md-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:dlm-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-livepatch-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_120-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-obs-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-preempt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:ocfs2-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:reiserfs-kmp-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE ' + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE ' + os_ver, cpu);\n\nvar sp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\n\nvar pkgs = [\n {'reference':'cluster-md-kmp-default-5.3.18-150200.24.120.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2', 'SLE_HPC-release-15.2', 'sle-ha-release-15.2', 'sles-release-15.2']},\n {'reference':'dlm-kmp-default-5.3.18-150200.24.120.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2', 'SLE_HPC-release-15.2', 'sle-ha-release-15.2', 'sles-release-15.2']},\n {'reference':'gfs2-kmp-default-5.3.18-150200.24.120.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2', 'SLE_HPC-release-15.2', 'sle-ha-release-15.2', 'sles-release-15.2']},\n {'reference':'kernel-default-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'kernel-default-devel-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'kernel-default-livepatch-5.3.18-150200.24.120.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2', 'SLE_HPC-release-15.2', 'sle-module-live-patching-release-15.2', 'sles-release-15.2']},\n {'reference':'kernel-default-livepatch-devel-5.3.18-150200.24.120.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2', 'SLE_HPC-release-15.2', 'sle-module-live-patching-release-15.2', 'sles-release-15.2']},\n {'reference':'kernel-devel-5.3.18-150200.24.120.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'kernel-livepatch-5_3_18-150200_24_120-default-1-150200.5.5.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2', 'SLE_HPC-release-15.2', 'sle-module-live-patching-release-15.2', 'sles-release-15.2']},\n {'reference':'kernel-macros-5.3.18-150200.24.120.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'kernel-obs-build-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'kernel-preempt-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'kernel-preempt-devel-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'kernel-source-5.3.18-150200.24.120.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'kernel-syms-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2', 'SLE_HPC-ESPOS-release-2', 'sles-release-15.2']},\n {'reference':'ocfs2-kmp-default-5.3.18-150200.24.120.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2', 'SLE_HPC-release-15.2', 'sle-ha-release-15.2', 'sles-release-15.2']},\n {'reference':'reiserfs-kmp-default-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'kernel-default-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-default-devel-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-obs-build-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-preempt-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-preempt-devel-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-syms-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'kernel-default-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-default-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-default-devel-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-default-devel-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-devel-5.3.18-150200.24.120.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-macros-5.3.18-150200.24.120.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-obs-build-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-obs-build-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-preempt-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-preempt-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-preempt-devel-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-preempt-devel-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-source-5.3.18-150200.24.120.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2', 'sles-ltss-release-15.2']},\n {'reference':'kernel-syms-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-syms-5.3.18-150200.24.120.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'kernel-default-5.3.18-150200.24.120.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'kernel-default-base-5.3.18-150200.24.120.1.150200.9.56.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'kernel-default-devel-5.3.18-150200.24.120.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'kernel-obs-build-5.3.18-150200.24.120.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'kernel-syms-5.3.18-150200.24.120.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'reiserfs-kmp-default-5.3.18-150200.24.120.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-default / dlm-kmp-default / gfs2-kmp-default / etc');\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-15T22:36:13", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2478-1 advisory.\n\n - The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup.\n (CVE-2017-16525)\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.0, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-22T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2478-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.4, "vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-16525", "CVE-2021-26341", "CVE-2021-4157", "CVE-2022-1679", "CVE-2022-20132", "CVE-2022-20141", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-33981"], "modified": "2023-03-10T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:12:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-source:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-syms:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-base:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-default-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-macros:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-2478-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163391", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2478-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163391);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/10\");\n\n script_cve_id(\n \"CVE-2017-16525\",\n \"CVE-2021-4157\",\n \"CVE-2021-26341\",\n \"CVE-2022-1679\",\n \"CVE-2022-20132\",\n \"CVE-2022-20141\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-33981\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2478-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2478-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:2478-1 advisory.\n\n - The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel before\n 4.13.8 allows local users to cause a denial of service (use-after-free and system crash) or possibly have\n unspecified other impact via a crafted USB device, related to disconnection and failed setup.\n (CVE-2017-16525)\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result\n in data leakage. (CVE-2021-26341)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in\n the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could\n potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds\n read due to improper input validation. This could lead to local information disclosure if a malicious USB\n HID device were plugged in, with no additional execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream\n kernel (CVE-2022-20132)\n\n - In ip_check_mc_rcu of igmp.c, there is a possible use after free due to improper locking. This could lead\n to local escalation of privilege when opening and closing inet sockets with no additional execution\n privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android\n kernelAndroid ID: A-112551163References: Upstream kernel (CVE-2022-20141)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of\n a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1066618\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1146519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201080\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-July/011611.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7d3bd7c9\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2017-16525\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26341\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20132\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33981\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4157\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/10/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-default-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-default-4.4.180-94.167.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'kernel-default-base-4.4.180-94.167.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'kernel-default-devel-4.4.180-94.167.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'kernel-devel-4.4.180-94.167.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'kernel-macros-4.4.180-94.167.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'kernel-source-4.4.180-94.167.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']},\n {'reference':'kernel-syms-4.4.180-94.167.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-bcl-release-12.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-default / kernel-default-base / kernel-default-devel / etc');\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-03-25T10:45:34", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9591 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9591)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1652", "CVE-2022-23816", "CVE-2022-29901"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:2.3:o:oracle:linux:8:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:kernel-uek-container:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:kernel-uek-container-debug:*:*:*:*:*:*:*"], "id": "ORACLELINUX_ELSA-2022-9591.NASL", "href": "https://www.tenable.com/plugins/nessus/163037", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9591.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163037);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2022-1652\", \"CVE-2022-23816\", \"CVE-2022-29901\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9591)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-9591 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency\n use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker\n could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the\n system. (CVE-2022-1652)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9591.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container and / or kernel-uek-container-debug packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1652\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container-debug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.15.0-0.30.20.el8'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9591');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.15';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-5.15.0-0.30.20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.15.0'},\n {'reference':'kernel-uek-container-debug-5.15.0-0.30.20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.15.0'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container / kernel-uek-container-debug');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-25T04:44:04", "description": "The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9590 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2022-9590)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1652", "CVE-2022-23816", "CVE-2022-29901"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:2.3:o:oracle:linux:8:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:kernel-uek:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:kernel-uek-debug:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:kernel-uek-debug-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:kernel-uek-devel:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:kernel-uek-doc:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:bpftool:*:*:*:*:*:*:*", "cpe:2.3:o:oracle:linux:9:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:kernel-uek-core:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:kernel-uek-debug-core:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:kernel-uek-debug-modules:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:kernel-uek-debug-modules-extra:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:kernel-uek-modules:*:*:*:*:*:*:*", "p-cpe:2.3:a:oracle:linux:kernel-uek-modules-extra:*:*:*:*:*:*:*"], "id": "ORACLELINUX_ELSA-2022-9590.NASL", "href": "https://www.tenable.com/plugins/nessus/163036", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9590.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163036);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2022-1652\", \"CVE-2022-23816\", \"CVE-2022-29901\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2022-9590)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2022-9590 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency\n use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker\n could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the\n system. (CVE-2022-1652)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9590.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1652\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-modules-extra\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(8|9)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8 / 9', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.15.0-0.30.20.el8uek', '5.15.0-0.30.20.el9uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9590');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.15';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-5.15.0-0.30.20.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-5.15.0-0.30.20.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-5.15.0-0.30.20.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-5.15.0-0.30.20.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-0.30.20.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-0.30.20.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-0.30.20.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-0.30.20.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-0.30.20.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-0.30.20.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-0.30.20.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-0.30.20.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-0.30.20.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-0.30.20.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-0.30.20.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-0.30.20.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-0.30.20.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-0.30.20.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-doc-5.15.0-0.30.20.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-0.30.20.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-0.30.20.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-0.30.20.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-0.30.20.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'},\n {'reference':'bpftool-5.15.0-0.30.20.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-5.15.0-0.30.20.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-5.15.0-0.30.20.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-5.15.0-0.30.20.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-0.30.20.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-0.30.20.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-0.30.20.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-0.30.20.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-0.30.20.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-0.30.20.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-0.30.20.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-0.30.20.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-0.30.20.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-0.30.20.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-0.30.20.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-0.30.20.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-0.30.20.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-0.30.20.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-doc-5.15.0-0.30.20.el9uek', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-0.30.20.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-0.30.20.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-0.30.20.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-0.30.20.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel-uek / kernel-uek-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-02T12:46:41", "description": "The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2376-1 advisory.\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. (CVE-2021-26341)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure if a malicious USB HID device were plugged in, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream kernel (CVE-2022-20132)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel (CVE-2022-20154)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 2.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.0, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-13T00:00:00", "type": "nessus", "title": "SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:2376-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 4.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.4, "vectorString": "AV:A/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-26341", "CVE-2021-4157", "CVE-2022-1679", "CVE-2022-20132", "CVE-2022-20154", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-32250", "CVE-2022-33981", "CVE-2022-34918"], "modified": "2023-02-08T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:kernel-azure", "p-cpe:/a:novell:suse_linux:kernel-azure-devel", "p-cpe:/a:novell:suse_linux:kernel-devel-azure", "p-cpe:/a:novell:suse_linux:kernel-source-azure", "p-cpe:/a:novell:suse_linux:kernel-syms-azure", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-2376-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163068", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2376-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163068);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/08\");\n\n script_cve_id(\n \"CVE-2021-4157\",\n \"CVE-2021-26341\",\n \"CVE-2022-1679\",\n \"CVE-2022-20132\",\n \"CVE-2022-20154\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-33981\",\n \"CVE-2022-34918\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2376-1\");\n\n script_name(english:\"SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2022:2376-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:2376-1 advisory.\n\n - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result\n in data leakage. (CVE-2021-26341)\n\n - An out of memory bounds write flaw (1 or 2 bytes of memory) in the Linux kernel NFS subsystem was found in\n the way users use mirroring (replication of files with NFS). A user, having access to the NFS mount, could\n potentially use this flaw to crash the system or escalate privileges on the system. (CVE-2021-4157)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - In lg_probe and related functions of hid-lg.c and other USB HID files, there is a possible out of bounds\n read due to improper input validation. This could lead to local information disclosure if a malicious USB\n HID device were plugged in, with no additional execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-188677105References: Upstream\n kernel (CVE-2022-20132)\n\n - In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead\n to local escalation of privilege with System execution privileges needed. User interaction is not needed\n for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream\n kernel (CVE-2022-20154)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - drivers/block/floppy.c in the Linux kernel before 5.17.6 is vulnerable to a denial of service, because of\n a concurrency use-after-free flaw after deallocating raw_cmd in the raw_cmd_ioctl function.\n (CVE-2022-33981)\n\n - An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init\n (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different\n vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an\n unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data\n in net/netfilter/nf_tables_api.c. (CVE-2022-34918)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1065729\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1179195\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1180814\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185762\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192761\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195504\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1195775\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1196901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1197754\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1198020\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199487\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199489\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1199657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200217\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200263\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200442\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200571\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200599\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200692\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200806\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200807\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200809\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200810\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200813\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200820\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200821\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200822\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200828\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200829\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200925\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201050\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201080\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201147\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201149\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201171\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201177\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201193\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201222\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-July/011519.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d25d800b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-26341\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-4157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-1679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20132\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-20154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33981\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-34918\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:A/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-4157\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Netfilter nft_set_elem_init Heap Overflow Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-azure-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-devel-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-source-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-syms-azure\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES|SUSE)\") audit(AUDIT_OS_NOT, \"SUSE / openSUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+|SUSE([\\d.]+))\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SUSE15\\.3)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'kernel-azure-5.3.18-150300.38.69.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-azure-devel-5.3.18-150300.38.69.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-devel-azure-5.3.18-150300.38.69.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-source-azure-5.3.18-150300.38.69.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']},\n {'reference':'kernel-syms-azure-5.3.18-150300.38.69.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3', 'SLE_HPC-release-15.3', 'sle-module-public-cloud-release-15.3', 'sles-release-15.3']},\n {'reference':'cluster-md-kmp-azure-5.3.18-150300.38.69.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'dlm-kmp-azure-5.3.18-150300.38.69.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'gfs2-kmp-azure-5.3.18-150300.38.69.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-azure-5.3.18-150300.38.69.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-azure-devel-5.3.18-150300.38.69.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-azure-extra-5.3.18-150300.38.69.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-azure-livepatch-devel-5.3.18-150300.38.69.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-azure-optional-5.3.18-150300.38.69.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-devel-azure-5.3.18-150300.38.69.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-source-azure-5.3.18-150300.38.69.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kernel-syms-azure-5.3.18-150300.38.69.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'kselftests-kmp-azure-5.3.18-150300.38.69.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'ocfs2-kmp-azure-5.3.18-150300.38.69.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']},\n {'reference':'reiserfs-kmp-azure-5.3.18-150300.38.69.1', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cluster-md-kmp-azure / dlm-kmp-azure / gfs2-kmp-azure / kernel-azure / etc');\n}\n", "cvss": {"score": 7.4, "vector": "AV:A/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-01-10T19:27:53", "description": "The version of kernel installed on the remote host is prior to 5.10.135-122.509. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-019 advisory.\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. (CVE-2022-23825)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges. (CVE-2022-36123)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - A bug in the IMA subsystem was discovered which would incorrectly allow kexec to be used when kernel lockdown was enabled (CVE-2022-21505) (CVE-2022-21505, CVE-2022-28693)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-23T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-019)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21505", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-26373", "CVE-2022-28693", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-36123", "CVE-2022-36879", "CVE-2022-36946"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:bpftool", "p-cpe:/a:amazon:linux:bpftool-debuginfo", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-livepatch-5.10.135-122.509", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALASKERNEL-5_10-2022-019.NASL", "href": "https://www.tenable.com/plugins/nessus/164359", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASKERNEL-5.10-2022-019.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164359);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2022-21505\",\n \"CVE-2022-23816\",\n \"CVE-2022-23825\",\n \"CVE-2022-26373\",\n \"CVE-2022-28693\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-36123\",\n \"CVE-2022-36879\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"Amazon Linux 2 : kernel (ALASKERNEL-5.10-2022-019)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 5.10.135-122.509. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2KERNEL-5.10-2022-019 advisory.\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially\n leading to information disclosure. (CVE-2022-23825)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This\n allows Xen PV guest OS users to cause a denial of service or gain privileges. (CVE-2022-36123)\n\n - An issue was discovered in the Linux kernel through 5.18.14. xfrm_expand_policies in\n net/xfrm/xfrm_policy.c can cause a refcount to be dropped twice. (CVE-2022-36879)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - A bug in the IMA subsystem was discovered which would incorrectly allow kexec to be used when kernel\n lockdown was enabled (CVE-2022-21505) (CVE-2022-21505, CVE-2022-28693)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASKERNEL-5.10-2022-019.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-21505.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-23816.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-23825.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-26373.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-28693.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-29900.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-29901.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-36123.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-36879.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-36946.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29900\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-36123\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-5.10.135-122.509\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a
RetBleed CPU vulnerability CVE-2022-29900
